Re: [TLS] Last look at TLS 1.2

[<Pasi.Eronen@xxxxxxxxx>]

Three nits from my personal review:

Section 4.7: the example at the end of section isn't any more 
fully correct with the changed definition of digitally-signed 
(since the "digitally-signed" construct now includes the hashing 
step). Suggested rephrasing:

   In the following example

      stream-ciphered struct {
          uint8 field1;
          uint8 field2;
          digitally-signed struct { 
             opaque field3<0..255>;
             uint16 field4;
          };
      } UserType;

   the contents of the inner struct (field3 and field4) are used 
   as input for the signature/hash algorithm, and then the entire
   structure is encrypted with a stream cipher. [...]


7.4.3/A.4.2, ServerKeyExchange definition: the second "case dhe_dss"
should be "case dh_dss".

7.4.3 and A.4.2, KeyExchangeAlgorithm lists dh_anon twice

Also couple of typos (could be fixed later, too):

7.4.3/A.4.2: extra blank lines in definition of ServerKeyExchange.
A.4.2: should delete descriptions of dh_p/dh_g/dh_Ys, since
  the appendix is supposed to contain only the struct definitions
7.4.7/A.4.3, weird indentation (and extra blank lines) in definition
  of ClientKeyExchange.
4.6.1, the example struct has weird indentation around the 
  orange/banana cases.
4.7, "pplus" -> "plus"
7.4.7.1, "premaster_secert" -> "premaster_secret"
References: [IDEA] is not cited anywhere, can be removed 

Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
http://www.ietf.org/mailman/listinfo/tls