Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
RFC 8143

Note: This ballot was opened for revision 04 and is now closed.

(Ben Campbell) Yes

Comment (2017-02-01 for -04)
No email
send info
I'm balloting YES, but I have a few comments:

Substantive:

-2, 4th bullet: The normative requirement to support SNI is stated 3 times, with a inconsistent requirements. The first sentence says all implementations must support SNI. The next says all clients and servers that can have multiple names must support it.  Section 3.3 says that all new clients and any server with multiple names must support it.

-3.4: The section says all implementations are encouraged to follow the recommendations in section 3.2 of 7525. But section 3 said all implementations are REQUIRED to follow the recommendations in 7525 (which I assume to include section 3.2).

- 3.6: Do people expect end users to be able to do anything useful with information like TLS version,certificate details, and  cyphersuite choices?

- 6.2: RFCs 4433, 4643, 5536, and 5537 should probably be normative references, since they are referred to using 2119 keywords.

Editorial:

- Q1: I believe the preference is to use the BCP number.

-2, 2nd bullet: The last sentence is convoluted--can it be broken into simpler sentences?

-2, third bullet: Missing article ("the") before RC4. Also, I suspect the REQUIRED should not be capitalized. It seems like a statement of fact.

-2, 4th bullet: "only a SHOULD": "SHOULD" should be in quotes.

-3.1: Please expand "CRIME"

-4, 2nd paragraph, first sentence: Missing world around "need ensure"

(Spencer Dawkins) Yes

(Stephen Farrell) Yes

Comment (2017-01-31 for -04)
No email
send info
- write up: did "[[confirm]]" happen? Just curious.

- 3.5, 2nd last para: A reference to RFC7435 might 
be useful here.  Not needed, just useful.

Alexey Melnikov Yes

(Kathleen Moriarty) Yes

(Jari Arkko) No Objection

(Alia Atlas) No Objection

Deborah Brungard No Objection

Alissa Cooper No Objection

(Joel Jaeggli) No Objection

Comment (2017-02-02 for -04)
No email
send info
the changes between 03 and 04 I think adequately explain the changes that are happening to  4642 thanks for that.

Suresh Krishnan No Objection

Mirja Kühlewind No Objection

Comment (2017-01-31 for -04)
No email
send info
- Should section 3.6. maybe also talk about displaying to the user if content was encrypted but not authenticated?

- Nit: in section 4. (Security Considerations):

OLD:

„Beyond the security considerations already described in [RFC4642],
   [RFC6125] and [RFC7525], the author wishes to add the following
   caveat when not using implicit TLS.

   NNTP servers need ensure that […]“
NEW:
„Beyond the security considerations already described in [RFC4642],
   [RFC6125] and [RFC7525], NNTP servers need to ensure that […]“

(Terry Manderson) No Objection

Alvaro Retana No Objection