Last Call Review of draft-ietf-tram-auth-problems-02
review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26-00

Request Review of draft-ietf-tram-auth-problems
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-08-08
Requested 2014-07-24
Authors Tirumaleswar Reddy.K, Ram R, Muthu Perumal, Alper Yegin
Draft last updated 2014-07-26
Completed reviews Genart Last Call review of -02 by Brian Carpenter (diff)
Genart Telechat review of -04 by Brian Carpenter (diff)
Secdir Last Call review of -05 by Shaun Cooley
Opsdir Last Call review of -04 by Tina Tsou (diff)
Assignment Reviewer Brian Carpenter
State Completed
Review review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26
Reviewed rev. 02 (document currently at 05)
Review result Almost Ready
Review completed: 2014-07-26

Review
review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-tram-auth-problems-02.txt
Reviewer: Brian Carpenter
Review Date: 2014-07-26
IETF LC End Date: 2014-08-08
IESG Telechat date:

Summary:  Almost ready
--------

Minor issues:
-------------

In Problem 2, would it be useful to reference RFC 6151, which indicates why
MD5 is problematic?

Problem 6 (Hosting multiple realms on a single IP address is challenging...)
doesn't really seem to be a problem with authentication as such, so while
it's clearly a problem, is it in scope? It isn't quite clear to me that
there's a security threat there.