Skip to main content

Last Call Review of draft-eastlake-additional-xmlsec-uris-07

Request Review of draft-eastlake-additional-xmlsec-uris
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2013-02-26
Requested 2013-01-31
Authors Donald E. Eastlake 3rd
I-D last updated 2013-02-24
Completed reviews Genart Last Call review of -07 by Suresh Krishnan (diff)
Genart Last Call review of -09 by Suresh Krishnan (diff)
Assignment Reviewer Suresh Krishnan
State Completed
Request Last Call review on draft-eastlake-additional-xmlsec-uris by General Area Review Team (Gen-ART) Assigned
Reviewed revision 07 (document currently at 10)
Result Almost ready
Completed 2013-02-24
I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see


Please wait for direction from your document shepherd or AD before
posting a new version of the draft.

Document: draft-eastlake-additional-xmlsec-uris-09.txt
Reviewer: Suresh Krishnan
Review Date: 2013/02/23
IESG Telechat date: 2013/02/28
IETF Last call end date: 2013/02/28

Summary: This document is almost ready for publication as a Proposed
Standard but I have some comments you may wish to address.


* Section 2.1.1.

The following text is a bit misleading as it looks like this document is
taking a stance on the use of MD5.

"Use of MD5 is NOT RECOMMENDED [RFC6151]."

Suggest rewording to something like

"Please note that the use of MD5 is no longer recommended for digital
signatures [RFC6151]."

* Section 2.3.1.

Same comment as for Section 2.1.1.

* Security Considerations

Again, this paragraph looks like it is making recommendations that
duplicate the recommendations from RFC6151. Is this paragraph really

"Due to computer speed and cryptographic advances, the use of MD5 as a
DigestMethod or in the RSA-MD5 SignatureMethod is NOT RECOMMENDED.
The cryptographic advances concerned do not affect the security of
HMAC-MD5; however, there is little reason not to go for one of the
SHA series of algorithms."


There are 9 downrefs that have not been called out. 5 of them are listed
in the downref registry. The other 4 downrefs are listed below