Last Call Review of draft-ietf-curdle-cms-ecdh-new-curves-07
review-ietf-curdle-cms-ecdh-new-curves-07-secdir-lc-kaufman-2017-06-02-00

Request Review of draft-ietf-curdle-cms-ecdh-new-curves
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-05-28
Requested 2017-05-14
Other Reviews Genart Last Call review of -07 by Roni Even (diff)
Opsdir Last Call review of -07 by Stefan Winter (diff)
Genart Telechat review of -09 by Roni Even (diff)
Review State Completed
Reviewer Charlie Kaufman
Review review-ietf-curdle-cms-ecdh-new-curves-07-secdir-lc-kaufman-2017-06-02
Posted at https://mailarchive.ietf.org/arch/msg/secdir/5OOdui_mlqyf3wY0lgVCftsZzN4
Reviewed rev. 07 (document currently at 10)
Review result Ready
Last updated 2017-06-02

Review
review-ietf-curdle-cms-ecdh-new-curves-07-secdir-lc-kaufman-2017-06-02

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments.


This document specifies the syntactic details for encrypting and signing CMS documents using two additional cryptographic algorithms. This syntax appears consistent with the patterns set in RFC 5652, and I could find no errors (even nits).


Unless other more critical eyes than mine can find issues, I believe this document is ready to be advanced.


My only complaint - and it is probably not with this document - is that it should not take 16 pages to specify a handful of IANA registrations. I'm not sure why it was necessary, but my guess is that RFC 5652 was not forward looking enough to allow the use of future algorithms to be specified with just a few table entries, so subsequent documents have to include lots of information duplicating one another. But that is not a criticism of the technical content.