Telechat Review of draft-hansen-scram-sha256-04

Request Review of draft-hansen-scram-sha256
Requested rev. no specific revision (document currently at 04)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2015-09-01
Requested 2015-08-27
Authors Tony Hansen
Draft last updated 2015-09-03
Completed reviews Genart Last Call review of -02 by Robert Sparks (diff)
Genart Last Call review of -03 by Robert Sparks (diff)
Genart Telechat review of -04 by Robert Sparks
Secdir Last Call review of -02 by Vincent Roca (diff)
Secdir Telechat review of -04 by Vincent Roca
Opsdir Last Call review of -02 by Mehmet Ersue (diff)
Assignment Reviewer Vincent Roca 
State Completed Snapshot
Review review-hansen-scram-sha256-04-secdir-telechat-roca-2015-09-03
Reviewed rev. 04
Review result Ready
Review completed: 2015-09-03



I have reviewed this document as part of the security directorate’s ongoing

effort to review all IETF documents being processed by the IESG. These

comments were written primarily for the benefit of the security area

directors.  Document editors and WG chairs should treat these comments just

like any other last call comments.

IMHO, the document is 


Just a minor comment: it is said in the Security Considerations section that:


«an iteration count of 4096 takes around 0.5 seconds on current mobile handsets.»

It may be useful to give an idea of the features of a representative «current mobile handset».

It can simplify comparisons in a few years from now as things are evolving quite rapidly in this







 Message signed with OpenPGP using GPGMail