Last Call Review of draft-ietf-tram-auth-problems-02

Request Review of draft-ietf-tram-auth-problems
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-08-08
Requested 2014-07-24
Other Reviews Genart Telechat review of -04 by Brian Carpenter (diff)
Secdir Last Call review of -05 by Shaun Cooley
Opsdir Last Call review of -04 by Tina Tsou (diff)
Review State Completed
Reviewer Brian Carpenter
Review review-ietf-tram-auth-problems-02-genart-lc-carpenter-2014-07-26
Posted at
Reviewed rev. 02 (document currently at 05)
Review result Almost Ready
Draft last updated 2014-07-26
Review completed: 2014-07-26


I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-tram-auth-problems-02.txt
Reviewer: Brian Carpenter
Review Date: 2014-07-26
IETF LC End Date: 2014-08-08
IESG Telechat date:

Summary:  Almost ready

Minor issues:

In Problem 2, would it be useful to reference RFC 6151, which indicates why
MD5 is problematic?

Problem 6 (Hosting multiple realms on a single IP address is challenging...)
doesn't really seem to be a problem with authentication as such, so while
it's clearly a problem, is it in scope? It isn't quite clear to me that
there's a security threat there.