Last Call Review of draft-ietf-lamps-rfc5750-bis-05
review-ietf-lamps-rfc5750-bis-05-genart-lc-robles-2018-04-27-00

Request Review of draft-ietf-lamps-rfc5750-bis
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2018-04-27
Requested 2018-04-13
Other Reviews Opsdir Last Call review of -06 by √Čric Vyncke (diff)
Secdir Last Call review of -05 by Matthew Miller (diff)
Genart Telechat review of -06 by Ines Robles (diff)
Review State Completed
Reviewer Ines Robles
Review review-ietf-lamps-rfc5750-bis-05-genart-lc-robles-2018-04-27
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/WCfajkHelgD-W2oRewbowDeGAt0
Reviewed rev. 05 (document currently at 07)
Review result Ready with Issues
Draft last updated 2018-04-27
Review completed: 2018-04-27

Review
review-ietf-lamps-rfc5750-bis-05-genart-lc-robles-2018-04-27

Hello,

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-lamps-rfc5750-bis-05
Reviewer: Ines Robles
Review Date: 27-04-2018
IETF LC End Date:  27-04-2018
IESG Telechat date: ---

Summary:

I believe the draft is technically good. This document is well written and clear to understand.
Some minor concerns are mentioned that should be resolved before publication.


Major issues: No major issues found.

Minor issues:

Section 1.6:

    It would be nice to start the section with some text like "This document obsoletes 5750 due to the addition of the following information...."

Section 2.3:

    "but SHOULD use some other mechanism to determine ...." => It would be nice to mention some examples of the other mechanism

    "...but SHOULD use some other mechanism (such as ....) to determine..."

Section 4:

    Related to this:
    "Another method under consideration by the IETF is to provide certificate retrieval services as part of the existing Domain Name System (DNS)"

    - This text seems to be out of the date (since belongs as well to RFC5750 (2010)), maybe it would be nice to re-write it (e.g. method under consideration => method approved) and add a reference of the proposed methods. Would it be RFC 8162 [1] a good reference for this topic?

[1] https://tools.ietf.org/html/rfc8162:  Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Nits/editorial comments:

Section 2.3: CertificateSet --> Certificate Set

Section 4.4.1: basicConstraints --> basic Constraints


Thanks for this document!

Ines.