[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-scram-02

To: Tom Yu <tlyu@xxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-scram-02
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 28 Jul 2009 10:08:12 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <87prblutda.fsf@xxxxxxxxxxxxxxxxxxx> (Simon Josefsson's message of "Tue, 28 Jul 2009 10:03:29 +0200")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <87prblutda.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux)

Simon Josefsson <simon@xxxxxxxxxxxxx> writes:

> I'll get to reviewing the technical part of the document, promise! :)
>
> Running idnits on the document, it says
>
>   == The document seems to lack a disclaimer for pre-RFC5378 work, but was
>      first submitted before 10 November 2008.  Should you add the disclaimer?
>      (See the Legal Provisions document at
>      http://trustee.ietf.org/license-info for more information.). 
>
> The document has a long history, is the current legal boilerplate ok?

This was fixed in -02, sorry I ran an older document through idnits.

> However there are several documents added as references but not
> mentioned in the document itself:
>
>   == Unused Reference: 'I-D.ietf-sasl-rfc2831bis' is defined on line 1050,
>      but no explicit reference was found in the text
>
>   == Unused Reference: 'RFC2195' is defined on line 1055, but no explicit
>      reference was found in the text
>
>   == Unused Reference: 'RFC2202' is defined on line 1059, but no explicit
>      reference was found in the text

This comment still holds.  -02 also contain a dangling reference to
PKIX:

  == Unused Reference: 'RFC5280' is defined on line 1042, but no explicit
     reference was found in the text

>   == Unused Reference: 'RFC4086' is defined on line 1065, but no explicit
>      reference was found in the text
>
> The first three should probably be just removed (?).  But the last one
> seems useful to reference normatively.  How about adding the following
> to Security Considerations?
>
>   See [RFC4086] for more information about generating randomness.

This comment also still holds.

/Simon

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Alexey Melnikov

References:
- WG Last Call: draft-ietf-sasl-scram-02
  - From: Tom Yu
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Simon Josefsson

Prev by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Previous by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Index(es):
- Date
- Thread