Last Call Review of draft-ietf-httpauth-scram-auth-14
review-ietf-httpauth-scram-auth-14-genart-lc-droms-2016-01-05-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-httpauth-scram-auth-14
Reviewer: Ralph Droms
Review Date: 2015-13-9
IETF LC End Date: 2015-12-16
IESG Telechat date: (if known)

Summary: This draft is ready for publication as an Experimental RFC.

Major issues: None.

Minor issues: None.

Nits/editorial comments:

Nicely written, very clear document.

idnits reports some lines too long and an unused reference.

In the third paragraph of the Introduction, I suggest removing the parentheses
and editing the second sentence for clarity; specifically, what is "SCRAM data"?

You could probably omit the parentheses in the second paragraph of Setion 3, as
well, I'm likely just arguing style.

The last sentence of the last paragraph of sectino 3 was unclear to me: which
messages are referred to?

I think, in the phrase "fail the authentication" in the fifth paragraph of
section 8, you are using "fail" as a transitive verb, as in "the client
considers the authentication of the message to have failed".  If I have that
write, I suggest rewriting the containing sentence to improve the clarity.

Attachment:

signature.asc

Description:

 Message signed with OpenPGP using GPGMail