Last Call Review of draft-ietf-tram-auth-problems-02
review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26-00

Request Review of draft-ietf-tram-auth-problems
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-08-08
Requested 2014-07-24
Other Reviews Genart Telechat review of -04 by Brian Carpenter (diff)
Secdir Last Call review of -05 by Shaun Cooley
Opsdir Last Call review of -04 by Tina Tsou (diff)
Review State Completed
Reviewer Brian Carpenter
Review review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg10396.html
Reviewed rev. 02 (document currently at 05)
Review result Almost Ready
Draft last updated 2014-07-26
Review completed: 2014-07-26

Review
review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-tram-auth-problems-02.txt
Reviewer: Brian Carpenter
Review Date: 2014-07-26
IETF LC End Date: 2014-08-08
IESG Telechat date:

Summary:  Almost ready
--------

Minor issues:
-------------

In Problem 2, would it be useful to reference RFC 6151, which indicates why
MD5 is problematic?

Problem 6 (Hosting multiple realms on a single IP address is challenging...)
doesn't really seem to be a problem with authentication as such, so while
it's clearly a problem, is it in scope? It isn't quite clear to me that
there's a security threat there.