Last Call Review of draft-eastlake-additional-xmlsec-uris-07
review-eastlake-additional-xmlsec-uris-07-genart-lc-krishnan-2013-02-24-00

Request Review of draft-eastlake-additional-xmlsec-uris
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2013-02-26
Requested 2013-01-31
Other Reviews Genart Last Call review of -09 by Suresh Krishnan (diff)
Review State Completed
Reviewer Suresh Krishnan
Review review-eastlake-additional-xmlsec-uris-07-genart-lc-krishnan-2013-02-24
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg08244.html
Reviewed rev. 07 (document currently at 10)
Review result Almost Ready
Draft last updated 2013-02-24
Review completed: 2013-02-24

Review
review-eastlake-additional-xmlsec-uris-07-genart-lc-krishnan-2013-02-24

I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see


http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html

).

Please wait for direction from your document shepherd or AD before
posting a new version of the draft.

Document: draft-eastlake-additional-xmlsec-uris-09.txt
Reviewer: Suresh Krishnan
Review Date: 2013/02/23
IESG Telechat date: 2013/02/28
IETF Last call end date: 2013/02/28

Summary: This document is almost ready for publication as a Proposed
Standard but I have some comments you may wish to address.

Minor
=====

* Section 2.1.1.

The following text is a bit misleading as it looks like this document is
taking a stance on the use of MD5.

"Use of MD5 is NOT RECOMMENDED [RFC6151]."

Suggest rewording to something like

"Please note that the use of MD5 is no longer recommended for digital
signatures [RFC6151]."

* Section 2.3.1.

Same comment as for Section 2.1.1.

* Security Considerations

Again, this paragraph looks like it is making recommendations that
duplicate the recommendations from RFC6151. Is this paragraph really
necessary?

"Due to computer speed and cryptographic advances, the use of MD5 as a
DigestMethod or in the RSA-MD5 SignatureMethod is NOT RECOMMENDED.
The cryptographic advances concerned do not affect the security of
HMAC-MD5; however, there is little reason not to go for one of the
SHA series of algorithms."

Downrefs
========

There are 9 downrefs that have not been called out. 5 of them are listed
in the downref registry. The other 4 downrefs are listed below

RFC2315
RFC4050
RFC4269
RFC6234

Thanks
Suresh