jeff-card
commented
5 years ago Thank you for your comment! A peer review was held on August 9th and we have the following feedback:
We hope we’ve answered most of your feedback through the guidelines and these answers. With respect to TLS 1.3, this is preferred, but since there are still some limitations around use of TLS 1.3, the guideline’s wording will focus on using TLS 1.2 or newer versions.
The Bulk Dataset via API indicates three (3) guidelines/considerations. One of which is “small datasets”. A lot of data requests call for larger segments of data, so I’d like to see a section reference larger datasets via API’s.
API Security section – Secure Data in Transit references enabling TLS version 1.2. I know last year(?) we had to upgrade due to TLS vulnerabilities and I think(?) we moved to TLS 1.2 however there’s a transcript collision (SLOTH) in 1.2. Should we be forward-looking and recommend the build of API’s that leverage TLS 1.3?
Other than that I think this is a very well written guide.