Last Call Review of draft-ietf-lamps-crmf-update-algs-04

Request Review of draft-ietf-lamps-crmf-update-algs
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-03-26
Requested 2021-03-05
Authors Russ Housley
Draft last updated 2021-03-26
Completed reviews Genart Last Call review of -04 by Ines Robles (diff)
Assignment Reviewer Ines Robles 
State Completed
Review review-ietf-lamps-crmf-update-algs-04-genart-lc-robles-2021-03-26
Posted at
Reviewed rev. 04 (document currently at 07)
Review result Ready with Nits
Review completed: 2021-03-26


I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-lamps-crmf-update-algs-04
Reviewer: Ines Robles
Review Date: 2021-03-26
IETF LC End Date: 2021-03-26
IESG Telechat date: Not scheduled for a telechat


The document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF).

The document is well written, I have minor comments/questions to the authors.

Major Issues: None

Minor Issues: None


1- Introduction: "however, these algorithms are no longer
   considered the best choices. " => It would be nice to add 1 or more sentences explaining why they are no longer the best choices
2- Page 3: "id-PasswordBasedMAC as presented in Section 4.4 of this document" It should be perhaps be "id-PasswordBasedMAC as presented in Section 4.4 of [RFC4211]" ?

3- If this document does not present privacy considerations, should it be explicitly mentioned in Section 6?

4- Since the new updates include the use of PBMAC1, HMAC-SHA256, AES-GMAC AES. Should Section 6 include considerations about them or point to place where to find them? e.g. For information on security considerations for PBMAC1 see [rfc8018#section-8]. 

Thank you for this document,