Hello,

I have reviewed this document as part of the security directorate’s ongoing

effort to review all IETF documents being processed by the IESG. These

comments were written primarily for the benefit of the security area

directors.  Document editors and WG chairs should treat these comments just

like any other last call comments.

IMHO, the document is 

almost ready. 

However I have a question plus a

non-security related comment.

That’s perhaps a naive question, but let me ask it. Shouldn’t a receiver check

that the actual length of the extension_data field is in line with the value of the

extension_data length field. Since those zero bytes are actually carried over

the net and present in the reception buffer, there could be several ways to

calculate this length… (I really don’t know if it’s the case or not)

Additionally, section 3 says:

   The client MUST fill the padding extension completely with zero
   bytes, although the padding extension may be empty.

I think that you mean « padding extension_data field » and not « padding extension »:

   The client MUST fill the padding extension_data field completely with zero
   bytes, although the padding extension_data field may be empty.


And finally, in the example (figure), instead of:

16-bit, extension_data length

I’d rather add a « _ » as in:

16-bit, extension_data_length

Cheers,

  Vincent

Attachment:


signature.asc




Description:

 Message signed with OpenPGP using GPGMail