I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-eastlake-additional-xmlsec-uris-09.txt Reviewer: Suresh Krishnan Review Date: 2013/02/23 IESG Telechat date: 2013/02/28 IETF Last call end date: 2013/02/28 Summary: This document is almost ready for publication as a Proposed Standard but I have some comments you may wish to address. Minor ===== * Section 2.1.1. The following text is a bit misleading as it looks like this document is taking a stance on the use of MD5. "Use of MD5 is NOT RECOMMENDED [RFC6151]." Suggest rewording to something like "Please note that the use of MD5 is no longer recommended for digital signatures [RFC6151]." * Section 2.3.1. Same comment as for Section 2.1.1. * Security Considerations Again, this paragraph looks like it is making recommendations that duplicate the recommendations from RFC6151. Is this paragraph really necessary? "Due to computer speed and cryptographic advances, the use of MD5 as a DigestMethod or in the RSA-MD5 SignatureMethod is NOT RECOMMENDED. The cryptographic advances concerned do not affect the security of HMAC-MD5; however, there is little reason not to go for one of the SHA series of algorithms." Downrefs ======== There are 9 downrefs that have not been called out. 5 of them are listed in the downref registry. The other 4 downrefs are listed below RFC2315 RFC4050 RFC4269 RFC6234 Thanks Suresh _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
