Last Call Review of draft-ietf-httpauth-digest-15

Request Review of draft-ietf-httpauth-digest
Requested rev. no specific revision (document currently at 19)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-04-02
Requested 2015-03-19
Authors Rifaat Shekh-Yusef, David Ahrens, Sophie Bremer
Draft last updated 2015-04-06
Completed reviews Genart Last Call review of -15 by Francis Dupont (diff)
Genart Telechat review of -18 by Francis Dupont (diff)
Secdir Last Call review of -15 by Hilarie Orman (diff)
Opsdir Last Call review of -15 by Scott Bradner (diff)
Assignment Reviewer Francis Dupont
State Completed
Review review-ietf-httpauth-digest-15-genart-lc-dupont-2015-04-06
Reviewed rev. 15 (document currently at 19)
Review result Ready
Review completed: 2015-04-06


I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at


Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-httpauth-digest-15.txt
Reviewer: Francis Dupont
Review Date: 20150402
IETF LC End Date: 20150402
IESG Telechat date: unknown

Summary: Ready

Major issues: None

Minor issues: None

Nits/editorial comments:
 I reviewed the 15 version but I can see the 16 one is already available
so I'll try to update my comments.

 - first I was a bit surprised nobody just asked to jump to HTTPS (or
  HSTS) but reading the document it seems there are still good use
  of the digest authentication scheme...

 -  3.3 page 5: IMHO the "opaque" field is clearly a nonce
  (i.e., more a nonce than the "nonce" field) but I understand this
  was inherited from RFC 2617...

 - 3.3 page 7 (algorithm, twice) and some other places:
  e.g. -> e.g.,

 - 3.3 page 7 (algorithm): I noted the algo protocol is still
  a keyed one vs. HMAC (cf. AH which switched from keyed to HMAC
  between RFC 1826 and RFC 2402) but I believed you have a good
  reason to do this (and the secdir will say if it is OK anyway).

 - 3.4.2 page 11: e.g. -> e.g., (again but this one is at the end of a line)

 - 3.4.2 page 11: cnounce -> cnonce

 - 3.4.2 page 11: the presentation of this definition is very

         A1       = H( unq(username) ":" unq(realm)
                        ":" passwd )
                        ":" unq(nonce-prime) ":" unq(cnonce-prime)

  I strongly suggest something like:

         A1       = H( unq(username) ":" unq(realm) ":" passwd )
                        ":" unq(nonce-prime) ":" unq(cnonce-prime)

 - 3.4.2 page 11: the server need only use
                                 ^ needs

 - 3.5 page 14: affects -> effects

 - 5.2 page 21: this information need not be decrypted
                                     ^ needs

 - 6.1 page 27: can you instantiate the RFC XXX:
  MD5: RFC 1321
  SHA-256: FIPS 180-2
  SHA-512/256: FIPS 180-4?

 - A page 30: negotitation -> negotiation


Francis.Dupont at