huitema
commented
5 years ago Barry Leiba commented: Actually, "DoS" (with the small "o") is in the RFC Editor's list of abbreviations that do not need to be expanded. That, of course, doesn't mean that it shouldn't be expanded. But it should be spelled with the small "o", in any case.
COMMENT:
Thank you for the work put into this document. It is well-written and easy to follow. Please find below a couple of comments and nits.
Reading " In practice, it may well be that no solution can meet every requirement, and that practical solutions will have to make some compromises." in the abstract brought a smile on my face Same for "employees of the UK National Cyber Security Centre" at the end
Regards,
-éric
== COMMENTS ==
-- Section 2.1 -- C.1) I would suggest to use the words "network operators" rather than ISP as enterprise or parents for home networks are also relying on clear-text SNI to enforce some policies.
-- Section 2.2 -- C.2) The word "abuses" seems a little strong in the first paragraph, I prefer the wording used in 2.1 "unanticipated usage". But, this is only one comment.
-- Section 3.6 -- C.3) It is rather a question for my own curiosity... "The fronting service could be pressured by adversaries. " is an obvious attack but even if SNI is protected, the fronting service can still apply any policy to a protected service as it has the knowledge of protected services by design. Hence, I wonder why this case is mentioned here.
-- Security section -- Like Warren, I find the content of this section unusual.
== NITS ==
-- Section 2.1 -- Probably worth expanding "MITM" at first use.
--Section 3.3 -- Probably worth expanding "DOS" at first use.