Skip to main content

Last Call Review of draft-ietf-lamps-rfc5750-bis-05

Request Review of draft-ietf-lamps-rfc5750-bis
Requested revision No specific revision (document currently at 08)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2018-04-27
Requested 2018-04-13
Authors Jim Schaad, Blake C. Ramsdell , Sean Turner
Draft last updated 2018-04-27
Completed reviews Opsdir Last Call review of -06 by Éric Vyncke (diff)
Genart Last Call review of -05 by Ines Robles (diff)
Secdir Last Call review of -05 by Matthew A. Miller (diff)
Genart Telechat review of -06 by Ines Robles (diff)
Assignment Reviewer Ines Robles
State Completed
Review review-ietf-lamps-rfc5750-bis-05-genart-lc-robles-2018-04-27
Reviewed revision 05 (document currently at 08)
Result Ready with Issues
Completed 2018-04-27

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-lamps-rfc5750-bis-05
Reviewer: Ines Robles
Review Date: 27-04-2018
IETF LC End Date:  27-04-2018
IESG Telechat date: ---


I believe the draft is technically good. This document is well written and
clear to understand. Some minor concerns are mentioned that should be resolved
before publication.

Major issues: No major issues found.

Minor issues:

Section 1.6:

    It would be nice to start the section with some text like "This document
    obsoletes 5750 due to the addition of the following information...."

Section 2.3:

    "but SHOULD use some other mechanism to determine ...." => It would be nice
    to mention some examples of the other mechanism

    "...but SHOULD use some other mechanism (such as ....) to determine..."

Section 4:

    Related to this:
    "Another method under consideration by the IETF is to provide certificate
    retrieval services as part of the existing Domain Name System (DNS)"

    - This text seems to be out of the date (since belongs as well to RFC5750
    (2010)), maybe it would be nice to re-write it (e.g. method under
    consideration => method approved) and add a reference of the proposed
    methods. Would it be RFC 8162 [1] a good reference for this topic?

[1]  Using Secure DNS to Associate
Certificates with Domain Names for S/MIME

Nits/editorial comments:

Section 2.3: CertificateSet --> Certificate Set

Section 4.4.1: basicConstraints --> basic Constraints

Thanks for this document!