Hi Suresh, Thanks for the review.
On Sat, Feb 23, 2013 at 11:58 PM, Suresh Krishnan <[email protected]> wrote: > I have been selected as the General Area Review Team (Gen-ART) reviewer > for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please wait for direction from your document shepherd or AD before > posting a new version of the draft. > > Document: draft-eastlake-additional-xmlsec-uris-09.txt > Reviewer: Suresh Krishnan > Review Date: 2013/02/23 > IESG Telechat date: 2013/02/28 > IETF Last call end date: 2013/02/28 > > Summary: This document is almost ready for publication as a Proposed > Standard but I have some comments you may wish to address. > > Minor > ===== > > * Section 2.1.1. > > The following text is a bit misleading as it looks like this document is > taking a stance on the use of MD5. > > "Use of MD5 is NOT RECOMMENDED [RFC6151]." > > Suggest rewording to something like > > "Please note that the use of MD5 is no longer recommended for digital > signatures [RFC6151]." OK. > * Section 2.3.1. > > Same comment as for Section 2.1.1. OK. > * Security Considerations > > Again, this paragraph looks like it is making recommendations that > duplicate the recommendations from RFC6151. Is this paragraph really > necessary? > > "Due to computer speed and cryptographic advances, the use of MD5 as a > DigestMethod or in the RSA-MD5 SignatureMethod is NOT RECOMMENDED. > The cryptographic advances concerned do not affect the security of > HMAC-MD5; however, there is little reason not to go for one of the > SHA series of algorithms." The inclusion of something about the inadvisability of MD5 was suggested to me by an AD. I'm perfectly happy to re-word things so that it does not "take a stance" but merely provides informative pointers as a convenience to the reader. > Downrefs > ======== > > There are 9 downrefs that have not been called out. 5 of them are listed > in the downref registry. The other 4 downrefs are listed below > > RFC2315 > RFC4050 > RFC4269 > RFC6234 > > Thanks > Suresh Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
