Context Token Encapsulate/Decapsulate and OID Comparison Functions for the Generic Security Service Application Program Interface (GSS-API)
draft-josefsson-gss-capsulate-05

[Ballot discuss]
The introduction to this document says:

  The intention is that text from this specification should be possible
  to use for implementation documentation, and for this reason this
  entire document should be considered a code component.

  Claiming that the whole document is a code component is inappropriate.
  However, I have no objection to claiming that Sections 3, 4, and 5 are
  code components.

[Ballot discuss]
The introduction to this document says:

  The intention is that text from this specification should be possible
  to use for implementation documentation, and for this reason this
  entire document should be considered a code component.

  Claiming that the whole document is a code component is inappropriate.
  However, I have no objection to claiming that Sections 3, 4, and 5 are
  code components.

[Ballot comment]
The writeup says that there are 3 implementations. Are they independent? Is there any sense in which the interoperate? The "interoperate" question is the really important one to me: I'm trying to figure out why a PS is being used for an API. Is there some way in which having the same API will make things interoperate better?

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Subject: Last Call:  (Context Token Encapsulate/Decapsulate and OID Comparison Functions for the Generic Security Service Application Program Interface (GSS-API)) to Proposed Standard


The IESG has received a request from an individual submitter to consider
the following document:
- 'Context Token Encapsulate/Decapsulate and OID Comparison Functions for
  the Generic Security Service Application Program Interface (GSS-
  API)'
  as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-05-04. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-josefsson-gss-capsulate/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-josefsson-gss-capsulate/

3 minor questions and some nits:

1. Should this update 2743 and 2744?

2. The purpose of this isn't totally clear from the text, even
after a quick look at 2743. Would changing the following
sentence be better:

OLD:

  For initial context tokens a mechanism-independent token format may
  be used, see section 3.1 of [RFC2743].  Some protocols, e.g., SASL
  GS2 [RFC5801], needs the ability to add and remove the token header
  from context tokens.

NEW:

  For initial context tokens a mechanism-independent token format may
  be used, see section 3.1 of [RFC2743].  Some protocols, e.g., SASL
  GS2 [RFC5801], need the ability to add and remove this token header
  which contains some ASN.1 tags, a length and the mechanism OID
  to and from context tokens.

3. Security considerations. Should this say that this encapsulation
  doesn't offer any additional security?

Some nits:

Abstract: s/specify/specifies/
Intro:
- add "The" to the start of 1st para
- s/needs the ability/need the ability/
- s/an negotiated/a negotiated/

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Alexey Melnikov

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

This is not a WG document, but it had sufficient number of reviews from
the Kitten WG participants.
No concerns about the depth of the reviews.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

No.


(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

No.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

This is not a WG document.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See the Internet-Drafts
Checklist and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

Yes. idnits 2.12.09 was used to check the document. No additonal reviews
needed.


(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

References are properly split. There are no DownRefs.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

Yes. No action from IANA is needed.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The document has no BNF, MIB, etc.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

This document describes three abstract Generic Security Service
Application Program Interface (GSS-API) interfaces used to
encapsulate/decapsulate context tokens and compare OIDs. The
document also specify C bindings for the abstract interfaces.


Working Group Summary

This document is not a product of any WG.

Document Quality

The document was reviewed by multiple Kitten WG participants.
There are at least 3 implementations of the document.