Opened 12 years ago

Last modified 12 years ago

#103 new editorial

Last Call Comments

Reported by: jsalowey@… Owned by:
Priority: minor Milestone:
Component: draft-ietf-tls-rfc4347-bis Version: 03
Severity: In WG Last Call Keywords:

Description (last modified by jsalowey@…)

Michael D'Errico

In section 3. Overview of DTLS, it says:

  1. TLS's traffic encryption layer does not allow independent decryption of individual records. If record N is not received, then record N+1 cannot be decrypted.

I don't believe this is always true -- if a block cipher is used, then since there is an explicit IV given, you can decrypt the record. The MAC, however, will not calculate correctly due to the wrong sequence number, so the missing record will be detected. Stream (and AEAD?) ciphers would fail to decrypt as stated.

[Joe] Leave as is or add to the end of the sentence "because MAC verification will fail"

Near the top of page 9, the abbreviation CSS is used. I think that should have been CCS, but I would suggest spelling out ChangeCipher? Spec rather than abbreviating.

[Joe] Expand to ChangeCipherSpec?

At the very end of section 4.2.1 (top of page 17) it mentions a HelloVerify? message (not HelloVerifyRequest?). Should that be a ClientHello? message (with cookie)?

[Joe] SHould be ClientHello?


  • last line of page 3: "they typically requires" strike the s.
  • section 4.1.1 second line, "that clients" remove "that"
  • top of page 14 - "forget" should be "forgery"

ID Nits

In section replace "SHOULD not" with "SHOULD NOT"

Add reference in text to RFC 1981

Change History (2)

comment:1 Changed 12 years ago by jsalowey@…

  • Description modified (diff)

comment:2 Changed 12 years ago by jsalowey@…

  • Description modified (diff)
Note: See TracTickets for help on using tickets.