[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call: draft-ietf-sasl-scram-02

To: Tom Yu <tlyu@xxxxxxx>
Subject: Re: WG Last Call: draft-ietf-sasl-scram-02
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 28 Jul 2009 10:03:29 +0200
Cc: ietf-sasl@xxxxxxx
In-reply-to: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> (Tom Yu's message of "Mon, 13 Jul 2009 22:17:08 -0400")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <ldvbpnouhy3.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux)

I'll get to reviewing the technical part of the document, promise! :)

Running idnits on the document, it says

  == The document seems to lack a disclaimer for pre-RFC5378 work, but was
     first submitted before 10 November 2008.  Should you add the disclaimer?
     (See the Legal Provisions document at
     http://trustee.ietf.org/license-info for more information.). 

The document has a long history, is the current legal boilerplate ok?

Idnits also complains about these references, but these complaints seems
bogus:

  == Missing Reference: 'I-D.ietf-sasl-gs2' is mentioned on line 1014, but
     not defined

  == Missing Reference: 'RFC2743' is mentioned on line 1019, but not defined

  == Missing Reference: 'RFC4121' is mentioned on line 1025, but not defined

  == Missing Reference: 'RFC3962' is mentioned on line 1022, but not defined

  == Missing Reference: 'RFC4401' is mentioned on line 1030, but not defined

  == Missing Reference: 'RFC4402' is mentioned on line 1034, but not defined

  == Missing Reference: 'RFCXXXX' is mentioned on line 807, but not defined

However there are several documents added as references but not
mentioned in the document itself:

  == Unused Reference: 'I-D.ietf-sasl-rfc2831bis' is defined on line 1050,
     but no explicit reference was found in the text

  == Unused Reference: 'RFC2195' is defined on line 1055, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC2202' is defined on line 1059, but no explicit
     reference was found in the text

  == Unused Reference: 'RFC4086' is defined on line 1065, but no explicit
     reference was found in the text

The first three should probably be just removed (?).  But the last one
seems useful to reference normatively.  How about adding the following
to Security Considerations?

  See [RFC4086] for more information about generating randomness.

/Simon

Follow-Ups:
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Alexey Melnikov
- Re: WG Last Call: draft-ietf-sasl-scram-02
  - From: Simon Josefsson

References:
- WG Last Call: draft-ietf-sasl-scram-02
  - From: Tom Yu

Prev by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by Date: Re: WG Last Call: draft-ietf-sasl-scram-02
Previous by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Next by thread: Re: WG Last Call: draft-ietf-sasl-scram-02
Index(es):
- Date
- Thread