Major Some errors in Section 1.3
- It lists RFC 1700 (Assigned numbers) but this RFC is now obsolete, and so should be deleted. Also there was no real need to reference it, as it was only being used as a justification for putting 16 bit integers in MSB:LSB order.
- The TLS protocol reference is incorrect. It should be [RFC 5246] and the URL should be http://tools.ietf.org/html/rfc5246 (not 6455). Also you could describe it as a Proposed Standard
- The WebSocket reference is incorrect. It should be [RFC 6455]. Also it should say "Proposed Standard" rather than "Proposed Standard STD2".
There are also several places in section 5 which need to point to a normative or non-normative reference in 1.3 or 1.4... I think they are mostly for 1.4
1. Server implementations that offer TLS SHOULD use TCP port 8883 [IANA service name: secure-mqtt].
2,3,4. In addition to technical security issues there may also be geographic (e.g., European SafeHarbour), industry specific (e.g., PCI DSS) and regulatory considerations (e.g., Sarbannes-Oxley).
5,6. Advanced Encryption Standard (AES) and Data Encryption Standard (DES)
7. ISO 29192
8,9 LDAP or Oauth tokens
10. Server Name Indication extension to TLS (nb the URL given in the text for this is obsolete)
11. Online Certificate Status Protocol (OSCP)
12.IEEE 802.1AR
13, SOCKSv5
14. SSH
15. NIST Cyber Security Framework
16. NISTIR 7628 Guidelines for Smart Grid Cyber Security
17. Federal Information Processing Standards (FIPS-140-2)
18. PCI-DSS
19. NSA Suite B