Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
draft-elie-nntp-tls-recommendations-05
Yes
(Alexey Melnikov)
(Kathleen Moriarty)
(Spencer Dawkins)
No Objection
(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Jari Arkko)
(Suresh Krishnan)
(Terry Manderson)
Note: This ballot was opened for revision 04 and is now closed.
Alexey Melnikov Former IESG member
Yes
Yes
(for -04)
Unknown
Ben Campbell Former IESG member
Yes
Yes
(2017-02-01 for -04)
Unknown
I'm balloting YES, but I have a few comments:
Substantive:
-2, 4th bullet: The normative requirement to support SNI is stated 3 times, with a inconsistent requirements. The first sentence says all implementations must support SNI. The next says all clients and servers that can have multiple names must support it. Section 3.3 says that all new clients and any server with multiple names must support it.
-3.4: The section says all implementations are encouraged to follow the recommendations in section 3.2 of 7525. But section 3 said all implementations are REQUIRED to follow the recommendations in 7525 (which I assume to include section 3.2).
- 3.6: Do people expect end users to be able to do anything useful with information like TLS version,certificate details, and cyphersuite choices?
- 6.2: RFCs 4433, 4643, 5536, and 5537 should probably be normative references, since they are referred to using 2119 keywords.
Editorial:
- Q1: I believe the preference is to use the BCP number.
-2, 2nd bullet: The last sentence is convoluted--can it be broken into simpler sentences?
-2, third bullet: Missing article ("the") before RC4. Also, I suspect the REQUIRED should not be capitalized. It seems like a statement of fact.
-2, 4th bullet: "only a SHOULD": "SHOULD" should be in quotes.
-3.1: Please expand "CRIME"
-4, 2nd paragraph, first sentence: Missing world around "need ensure"
Kathleen Moriarty Former IESG member
Yes
Yes
(for -04)
Unknown
Spencer Dawkins Former IESG member
Yes
Yes
(for -04)
Unknown
Stephen Farrell Former IESG member
Yes
Yes
(2017-01-31 for -04)
Unknown
- write up: did "[[confirm]]" happen? Just curious. - 3.5, 2nd last para: A reference to RFC7435 might be useful here. Not needed, just useful.
Alia Atlas Former IESG member
No Objection
No Objection
(for -04)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -04)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -04)
Unknown
Deborah Brungard Former IESG member
No Objection
No Objection
(for -04)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -04)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(2017-02-02 for -04)
Unknown
the changes between 03 and 04 I think adequately explain the changes that are happening to 4642 thanks for that.
Mirja Kühlewind Former IESG member
No Objection
No Objection
(2017-01-31 for -04)
Unknown
- Should section 3.6. maybe also talk about displaying to the user if content was encrypted but not authenticated? - Nit: in section 4. (Security Considerations): OLD: „Beyond the security considerations already described in [RFC4642], [RFC6125] and [RFC7525], the author wishes to add the following caveat when not using implicit TLS. NNTP servers need ensure that […]“ NEW: „Beyond the security considerations already described in [RFC4642], [RFC6125] and [RFC7525], NNTP servers need to ensure that […]“
Suresh Krishnan Former IESG member
No Objection
No Objection
(for -04)
Unknown
Terry Manderson Former IESG member
No Objection
No Objection
(for -04)
Unknown