[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

review/comments of/on draft-ietf-netconf-tls-00.txt

To: "Netconf" <netconf@ops.ietf.org>
Subject: review/comments of/on draft-ietf-netconf-tls-00.txt
From: "Bert Wijnen" <bertietf@bwijnen.net>
Date: Mon, 28 Jan 2008 14:50:00 +0100

Here are my initial comments. Mainly editorial/administrative
for now, except for the last comment/question.

- ID-NITS tells us:
   == Missing Reference: 'RFC4279' is mentioned on line 246, but not defined

   -- Duplicate reference: RFC4346, mentioned in 'TLSEXT', was also
mentioned
      in 'TLS'.


     Summary: 0 errors (**), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information
about
     the items above.

  see:
http://tools.ietf.org/wg/netconf/draft-ietf-netconf-tls/draft-ietf-netconf-t
ls-00.nits.txt

- expand acronyms.
  You have as title:  NETCONF over TLS
  I suggest to change it to

     NETCONF over Transport Layer Security (TLS)

  that would also bee more conistent with the titles of
  RFC4742, 4743 and 4744

  I would also expand the TLS acronym in the abstract and in
  section 1.1

- general
  Personally I like ciatations of the form [RFC4346] better than
  [TLS}. The reason is that I can immediately see which RFC
  to check. I know it is subjective. So if you feel strong about
  your form of citation, then I will respect that.

- Section 1.1
  I wonder if it would not be better to be more consistent with the
  other NETCONF documents and use the terms "client"and "server"
  instead of "manager" and "agent"
  In fact throughout the document, you sometimes do use the
  terms client and server and other times manager and agent.

- section 3.2

   of the password is stored is used to generate the PSK. It is
   ----------------^^--------^^

   for the seconf "is" maybe change it to "and is" ??

- In section 3.2 I read:

    The psk_identity_hint is initially defined in section 5.1 of RFC4279
    The psk_identity_hint can do double duty and also provide a form of
    server authentication in the case where the user has the same
    password on a number of NETCONF agents.

  and wonder: would that not be risky in that if an intruder discovers
              the password of one agent, that he then has access to
              all/several other agents as well?


Bert Wijnen


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: review/comments of/on draft-ietf-netconf-tls-00.txt
  - From: Eliot Lear <lear@cisco.com>
- Re: review/comments of/on draft-ietf-netconf-tls-00.txt
  - From: Mohamad Badra <badra@isima.fr>

Prev by Date: DO we really need a session at IETF71?
Next by Date: [Netconf] #19: error-type terminology confusion
Previous by thread: DO we really need a session at IETF71?
Next by thread: Re: review/comments of/on draft-ietf-netconf-tls-00.txt
Index(es):
- Date
- Thread