review of draft-ietf-netconf-tls-01

[Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>]

My comments on draft-ietf-netconf-tls-01:

- General: Reasonable document, but I am not sure the password
  authentication fits the RADIUS requirements

- I read:

     When the NETCONF peer processes a closure request of the
     NETCONF connection, it MUST send a TLS close_notify alert before
     closing the connection.

  The phrase "processes a closure request of the NETCONF connection"
  sounds fuzzy to me. Perhaps you mean this:

     When the NETCONF peer closes the NETCONF connection, it MUST send
     a TLS close_notify alert before closing the TCP connection.

  I note that there might be cases where this is not possible, e.g.
  the peer is dying before if gets to say good bye.

- I read:

     Unless some other fatal alert has been transmitted, ...

  Who is transmitting a fatal alert to whom and how? Perhaps you mean:

     Unless a fatal error has occured, ...

- What is the 'write side' of a connection?

- Second sentence in section 3. seems to be garbled.

- Can the password based authentication scheme be hooked into RADIUS?

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>