I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at


http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq

.





 




Please resolve these comments along with any other Last Call comments you may receive.




 




Document: draft-ietf-uta-tls-attacks-04




Reviewer: Meral Shirazipour




Review Date: 2014-10-10




IETF LC End Date:  2014-10-13




IESG Telechat date: 2014-10-16




 




 




Summary:




This draft is ready to be published as Informational RFC, but I have some editorial comments .




 




 




Nits/editorial comments:




Nits:




-Abstract, please spell out Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), perhaps in Title too.




-Same comment for other acronyms, please spell out at first use: UTA work group, SSL, NSA, Cipher Block Chaining (CBC),Message Authentication Code (MAC), Cross-Site Request Forgery (CSRF),etc.




 




-[Page 5], Section 2.6 




The below sentence was not clear-it would be good to add something about the recommendation related to this statement.




"




For example, implementations of HTTP that use CSRF tokens




   will need to randomize them even when the recommendations of




   [I-D.ietf-uta-tls-bcp] are adopted.




 




"




-[Page 5], Section 2.10, please do not forget to add reference for TRIPLE-HS.




 




-[Page 6], Section 2.11, suggestion:




"other than originally intended"---->"other than the one originally intended"




 




-[Page 7], Section 3, suggestion




"adaptation of TLS for UDP datagrams."--->"adaptation of TLS for UDP"




 




Best Regards,




Meral




---




Meral Shirazipour




Ericsson




Research




www.ericsson.com