| |
Comment: |
Authors/editors:
The Science council solicited some input on this document, and received the feedback below. Would you please consider the feedback, and if needed
produce changes to the document? I believe that since the changes are fairly minor (though there are many), this will not need further review.
Once you are satisfied, email me and/or set the tracker back to me, and we'll put this into mailing list "final call" with the GFSG, prior to
publication. Please let me know if you have questions or suggestions.
The feedback:
> - "SHA-1" is occasionally written as "SHA1" (e.g., footnote 2).
> - References to concrete implementations (e.g., to mention
> defects) should typically be in footnotes. Sometimes this is
> not the case, e.g.:
> - "Mozilla-NSS based browers" in section 2
> - "Some grid middleware, in particular any version of the Globus Toolkit"
> in section 3
> - "In any software based on the OpenSSL code.." in section 3
> - The tables summarizing the certificate component recommendations
> in sections 2 and 3 all have an entry of "Harmless", which compared
> to the terms "Required", "Advised to use" and "Not to be used" sounds
> a bit vague. Maybe "Optional" is a better term?
> - footnote 4 should really be in the text, as it mentions a SHOULD?
> - footnote 5: "There is [a] another reason"
> - footnote 9: also important enough to be put (maybe partially)
> in main text?
> - Note: neither my MS Word at home nor OpenOffice at work gave
> section numbering that seemed to make sense. E.g., several footnotes
> referring to explicit section numbers (e.g., 30, 33, 34), pointed
> to non-existing ones.
> Maybe PDF is advisable distribution format for public comments?
> - section 2.1.9 (but probably a different section, see previous point)
> also mentions nsPolicyURL, nsRevocationURL which are not in the table
> at the head of the section, unlike the other ones.
> - footnote 10: "openssl" -> "OpenSSL".
> The whole footnote sounds a bit vague with phrases like "probably
> not tested", "can't really be tested", which makes its point less
> obvious. Maybe it can be reformulated/shortened.
> - footnote 11: "Explorer [version] up to and including [version] 6"
> - footnote 14: The reference to it mentions "http URI", the footnote
> itself says "The URL should..", and later on again "URI".
> - start of section 3: "SHA1 is currently the only recommended [value]".
> Before that, it talks about apropriate hash functions, not "values".
> - Abreviation "RDN" is used a few times in section 3 a few times
> before the full term is mentioned.
> - footnote 19 refers to use of slashes and equal signs, not quotes
> (from which it is referred to in the text).
> Also, the last subsentence "and the equal sign.." should be moved
> before "a proper parser.." I think.
> - the table in section 3 mentions "userID, uniqueIdentifier",
> the text later on: "userID or uid"
> - section on "commonName": "must not" is that a "MUST NOT"?
> - next subsection "[withon] the characters 0-9.."
> - footnote 27 "OpenSSL [versions] 0.9.7c or older [version] [encodes]"
> - footnote 28: "Note the UK is an (in)famous exception..", then
> mentions both "GB" and "UK", but does not explicitly say that
> either is equally acceptable
> - In section "Extension in end-entity certificates":
> "For use of an end-entity [certificate certificate]"
> - First it is RECOMMENDED that the extension keyUsage is included,
> but then in the table it is "Required" and a subsection later
> also mentions "MUST".
> - The text mentions "subjectAltName extension", the table
> "subjectAlternativeName*"
> - In the subsection "keyUsage", missing words:
> "The dataEncipherment value [is] RECOMMENDED [to] be set.."
> - In subsection "extendedKeyUsage":
> "clienthAuth [should be] asserted": -> "[SHOULD BE"]?
> - subsection "Application interplay.."
> There is some overlap in the section and corresponding footnote
> 41 contents (e.g., "MUST" in section, same but "must" in footnote).
> The section contents specifically devoted to on OpenSSL
> implementation details should really be in the footnote I guess.
> The footnote also has phrases like "seem less picky" and "will survive"
> which seem a bit too colloquial for this type of document
> - subsection "authorityKeyIdentifier":
> "of [isser] certificates" -> "..[issuer].."
> - footnote 47: "As of Aug 11, 2006: ..apply only to VOMS and VOMS-Admin"
> Only for specific version up to a certain date, or does it hold
> for VOMS in general?
> - Section 4:
> "The [current] most secure hash" -> "..[currently].."
> "[As] the time of writing" -> "[At].."
> - Section 5: The introduction to that section (e.g.,
> "The meaning of several common attributes [..] is not always clear",
> "..that are a common source of confusion") does not clearly relate
> to the few simple examples that then follow.
|
