Last Call Review of draft-eastlake-additional-xmlsec-uris-07
I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see
Please wait for direction from your document shepherd or AD before
posting a new version of the draft.
Reviewer: Suresh Krishnan
Review Date: 2013/02/23
IESG Telechat date: 2013/02/28
IETF Last call end date: 2013/02/28
Summary: This document is almost ready for publication as a Proposed
Standard but I have some comments you may wish to address.
* Section 2.1.1.
The following text is a bit misleading as it looks like this document is
taking a stance on the use of MD5.
"Use of MD5 is NOT RECOMMENDED [RFC6151]."
Suggest rewording to something like
"Please note that the use of MD5 is no longer recommended for digital
* Section 2.3.1.
Same comment as for Section 2.1.1.
* Security Considerations
Again, this paragraph looks like it is making recommendations that
duplicate the recommendations from RFC6151. Is this paragraph really
"Due to computer speed and cryptographic advances, the use of MD5 as a
DigestMethod or in the RSA-MD5 SignatureMethod is NOT RECOMMENDED.
The cryptographic advances concerned do not affect the security of
HMAC-MD5; however, there is little reason not to go for one of the
SHA series of algorithms."
There are 9 downrefs that have not been called out. 5 of them are listed
in the downref registry. The other 4 downrefs are listed below