[ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00

["Hollenbeck, Scott" <shollenbeck@verisign.com>]

Some feedback from Alexey on the new TLS Usage Profile text in 4934bis.
I now need implementer feedback.

>>  A client MUST close the associated TLS connection if the connection
>>  is not expected to deliver any EPP messages later.  It MUST send a
>>  TLS close_notify alert before closing the connection.
>>
> As an implementor I remain skeptical that existing implementations do 
> that. At least I doubt many IMAP or SMTP servers do that. So maybe you

> should check how existing EPP implementations handle connection
closure.

What are you implementers doing?

> I think the text about how to extract and verify domain information
from 
> X.509 certificates is still missing from your draft. I think that what

> Chris wanted you to do and I am in agreement with him on this.
> I see some text on this in Section 8, but I think it is a bit too
short. 
> Check section 2.2.1 of draft-ietf-sieve-managesieve-09.txt. It
probably 
> contains 80% of what EPP should use.

Comments, please.  I've sent a note to Alexey pushing back on this
because (in my opinion) this puts mandates on client and server
certificate validation behavior that don't affect EPP interoperability.
If I'm wrong, I'd prefer to cite an existing mature reference instead of
cloning text from an unapproved I-D.  Does anybody know of one?

-Scott-