Last Call Review of draft-hansen-scram-sha256-02

Request Review of draft-hansen-scram-sha256
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-04-24
Requested 2015-03-28
Authors Tony Hansen
Draft last updated 2015-05-04
Completed reviews Genart Last Call review of -02 by Robert Sparks (diff)
Genart Last Call review of -03 by Robert Sparks (diff)
Genart Telechat review of -04 by Robert Sparks
Secdir Last Call review of -02 by Vincent Roca (diff)
Secdir Telechat review of -04 by Vincent Roca
Opsdir Last Call review of -02 by Mehmet Ersue (diff)
Assignment Reviewer Mehmet Ersue 
State Completed Snapshot
Review review-hansen-scram-sha256-02-opsdir-lc-ersue-2015-05-04
Reviewed rev. 02 (document currently at 04)
Review result Has Nits
Review completed: 2015-05-04


I reviewed the document "SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms" (draft-hansen-scram-sha256-02.txt) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the operational area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.


Intended status: Informational

Updates: 5802 (if approved)

Current IESG state: Waiting for Writeup

IANA Review State: IANA - Not OK (see for IANA comments at:


IANA Action State: None 


Summary: The document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS. It updates RFC 5802. The registration form for the SCRAM family of algorithms is also updated, which adds two new fields: Minimum iteration-count
and Associated OID. 


I don't see any issues from the operations and management pov.

However, I would like to suggest to delete the string "in minor ways" in the abstract.


There is a major nit for the use of RFC 2119 keywords in an Informational document (see"">


  ** The document seems to lack a both a reference to RFC 2119 and the

     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119



     RFC 2119 keyword, line 85: '...   SHOULD announce a hash iteration-co...'

     RFC 2119 keyword, line 121: '...      SHOULD announce...'

     RFC 2119 keyword, line 122: '...ciated OID: IANA SHOULD assign a GSS-A...'

     RFC 2119 keyword, line 132: '...s of this family MUST be explicitly re...'

     RFC 2119 keyword, line 133: '...      the "IETF Review" [RFC5226] registration procedure.  Reviews MUST...'

     (1 more instance...)