Document: draft-ietf-tls-renegotiation-01.txt Reviewer: Vijay K. Gurbani Review Date: Dec. 18, 2009 IETF LC End Date: Dec. 17, 2009 IESG Telechat date: Unknown Summary: This draft is ready for publication as a Proposed Standard. The draft has 0 major issues, 0 minor issues, and 3 nits. Nits: 1) S1: The second sentence may read better if s/no cryptographic connection between/no cryptographic relationship between/ "Connection" is an overused term in the context of TLS anyway. 2) S1: Last paragraph: s/same as, the date used/same as, the data used/ 3) In reference [Ray09], no specific publication of record is provided. I do not know whether or not this discovery has been officially published as part of any security-related conference proceedings, but if not, then maybe a link to the website of interest (http://extendedsubset.com/) may of appropriate? More technical details are available at a resource from that website using the URL http://extendedsubset.com/wp-uploads/2009/11/renegotiating_tls_20091104_pub.zip. I realize that personal websites are not authoritative references, but assuming that the above website remains stable for some duration after this draft becomes an RFC, the above link may help people familiarize themselves with the attack in more detail than the draft goes into (and in any case, [Ray09] is an informative reference, not a normative one.) Alternatively, in the zip file above is a PDF document called "Renegotiating TLS.pdf". Maybe that document, or maybe the entire zip file (uuencoded) could be provided as an appendix to this draft? Just a thought.