Last Call Review of draft-hansen-scram-sha256-02
review-hansen-scram-sha256-02-opsdir-lc-ersue-2015-05-04-00

I reviewed the document "SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms"
(draft-hansen-scram-sha256-02.txt) as part of the Operational directorate's
ongoing effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the operational area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.



Intended status: Informational

Updates: 5802 (if approved)

Current IESG state: Waiting for Writeup

IANA Review State: IANA - Not OK (see for IANA comments at:

https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/history/

)

IANA Action State: None



Summary: The document registers the SASL mechanisms SCRAM-SHA-256 and
SCRAM-SHA-256-PLUS. It updates RFC 5802. The registration form for the SCRAM
family of algorithms is also updated, which adds two new fields: Minimum
iteration-count and Associated OID.



I don't see any issues from the operations and management pov.

However, I would like to suggest to delete the string "in minor ways" in the
abstract.



There is a major nit for the use of RFC 2119 keywords in an Informational
document (see

https://tools.ietf.org/idnits?url="">



  ** The document seems to lack a both a reference to RFC 2119 and the

     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119

     keywords.



     RFC 2119 keyword, line 85: '...   SHOULD announce a hash iteration-co...'

     RFC 2119 keyword, line 121: '...      SHOULD announce...'

     RFC 2119 keyword, line 122: '...ciated OID: IANA SHOULD assign a GSS-A...'

     RFC 2119 keyword, line 132: '...s of this family MUST be explicitly re...'

     RFC 2119 keyword, line 133: '...      the "IETF Review" [RFC5226]
     registration procedure.  Reviews MUST...'

     (1 more instance...)



Cheers,

Mehmet