Last Call Review of draft-ietf-oauth-urn-sub-ns-
review-ietf-oauth-urn-sub-ns-secdir-lc-kivinen-2012-07-13-00
| Request | Review of | draft-ietf-oauth-urn-sub-ns |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2012-07-17 | |
| Requested | 2012-06-28 | |
| Authors | Brian Campbell , Hannes Tschofenig | |
| I-D last updated | 2015-10-14 (Latest revision 2012-07-16) | |
| Completed reviews |
Genart IETF Last Call review of -05
by Ben Campbell
(diff)
Secdir IETF Last Call review of -?? by Tero Kivinen |
|
| Assignment | Reviewer | Tero Kivinen |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-oauth-urn-sub-ns by Security Area Directorate Assigned | |
| Result | Ready | |
| Completed | 2012-07-13 |
review-ietf-oauth-urn-sub-ns-secdir-lc-kivinen-2012-07-13-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document creates a new URN subregistry for oauth use. The security considerations section points out that there is no new security considerations in this document that are not already inherernt to using URNs and points to RFC2141 for more information. On the other hand RFC2141 is very generic and says that there are security considerations that are outside the scope of that document, and they should be included in the document registering the namespace identifiers. As this again only generates subregistry and not any actual registry values, it might be better to just add similar note than what is in RFC2141, adding pointer to another document which says "there is nothing here", isn't that helpful. -- kivinen at iki.fi