rdroms
commented
7 years ago -
Section 1, Introduction, paragraph 2, sentence 2 - Change (PFS) to (FS)
Changed PFS, "Perfect Forward Secrecy" to "Forward Secrecy" everywhere.
-
Section 3, Security bullet, - add the word "and" before "layer 7 DDoS protection"
Done.
-
In section 3 we should probably be consistent between bullets and letters for sub-points. Is there a standard RFC way to do this?
I used symbols throughout because we don't specifically refer to any list items.
-
Section 3, sub-point d.
Remove this sentence:
"This means that there will be billions of ephemeral keys to manage."
Done.
- Also change this sentence:
"If we use the average time to breach detection as our guide for packet and key retention, the number of ephemeral keys to manage escalates."
To this:
"If we use the average time to breach detection as our guide for packet and key retention, the number of days increases."
Done.
-
Section 6, 1st paragraph, 1st sentence - makes it sound like we have to use a centrally managed key solution. Is this the intent? If centrally managed keys are only one option, then we need a preamble like, "If Diffie Hellman keys will be centrally managed,"
Fixed with new sentence:
The TLS Static DH Key (TSK) Protocol is used in cases where the Diffie-Hellman keys are centrally managed.
-
Section 6, 2nd indented paragraph, last sentence - Does table 1 refer to figure 1 below? If so, the nomenclature should match.
Fixed.
-
Section 5, paragraph 2, sentence 1 makes it sound like only the DH private key is written to the TLS server. Paragraph 3 makes it sound like the TLS server then generates the DH public key from the DH private key that was written to it. Section 6 makes it sound like both the DH private and public keys are written out to the TLS server. To me, this does not add up. Can someone clarify which section is correct or if I am misreading something?
Fixed.
Also:
- changed "static (EC) Diffie- Hellman" to ECDHE throughout.
- listed distributed and central key management as equal alternatives
-
Section 7.1 - Is there a purpose for the ">" at the end of paragraph 1?
It was a typo; fixed.
-
Section 8 - Since we've just been reading about static key transport, we need to give the reader more context in the title of section 8, so it doesn't sound like we're talking about alternative key transport solutions. We need a title like, "Alternative Solutions for Enterprise Monitoring and Troubleshooting."
Done.
-
Section 8 - We've used bullets, letters, and numbers above for sub-points. We should clean this up and be consistent. In this case the numbers are used to match up the alternative solutions with the described weaknesses below them. Perhaps we should have titles or headings for each of the weaknesses sections, so it's obvious which weakness goes with which alternative solution.
I've converted the list to all symbols. I added some labels to the second list; ok now?
-
Section 9, sub-point 1, sentence 2 - Change "getting" to "transporting"
Done.
-
Section 10, sub-point a, sentence 1 - Change "Perfect Forward Secrecy (PFS)" to "Forward Secrecy (FS)"
Done.
-
Section 10, last paragraph, second sentence - Change PFS to FS
Done.
Section 1, Introduction, paragraph 2, sentence 2 - Change (PFS) to (FS)
Section 3, Security bullet, - add the word "and" before "layer 7 DDoS protection"
In section 3 we should probably be consistent between bullets and letters for sub-points. Is there a standard RFC way to do this?
Section 3, sub-point d.
Remove this sentence:
"This means that there will be billions of ephemeral keys to manage."
Also change this sentence:
"If we use the average time to breach detection as our guide for packet and key retention, the number of ephemeral keys to manage escalates."
To this:
"If we use the average time to breach detection as our guide for packet and key retention, the number of days increases."
Section 6, 1st paragraph, 1st sentence - makes it sound like we have to use a centrally managed key solution. Is this the intent? If centrally managed keys are only one option, then we need a preamble like, "If Diffie Hellman keys will be centrally managed,"
Section 6, 2nd indented paragraph, last sentence - Does table 1 refer to figure 1 below? If so, the nomenclature should match.
Section 5, paragraph 2, sentence 1 makes it sound like only the DH private key is written to the TLS server. Paragraph 3 makes it sound like the TLS server then generates the DH public key from the DH private key that was written to it. Section 6 makes it sound like both the DH private and public keys are written out to the TLS server. To me, this does not add up. Can someone clarify which section is correct or if I am misreading something?
Section 7.1 - Is there a purpose for the ">" at the end of paragraph 1?
Section 8 - Since we've just been reading about static key transport, we need to give the reader more context in the title of section 8, so it doesn't sound like we're talking about alternative key transport solutions. We need a title like, "Alternative Solutions for Enterprise Monitoring and Troubleshooting."
Section 8 - We've used bullets, letters, and numbers above for sub-points. We should clean this up and be consistent. In this case the numbers are used to match up the alternative solutions with the described weaknesses below them. Perhaps we should have titles or headings for each of the weaknesses sections, so it's obvious which weakness goes with which alternative solution.
Section 9, sub-point 1, sentence 2 - Change "getting" to "transporting"
Section 10, sub-point a, sentence 1 - Change "Perfect Forward Secrecy (PFS)" to "Forward Secrecy (FS)"
Section 10, last paragraph, second sentence - Change PFS to FS