Last Call Review of draft-melnikov-smime-msa-to-mda-03
review-melnikov-smime-msa-to-mda-03-genart-lc-gurbani-2014-02-25-00

Request Review of draft-melnikov-smime-msa-to-mda
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-03-05
Requested 2014-02-06
Other Reviews Secdir Last Call review of -02 by Sandra Murphy (diff)
Review State Completed
Reviewer Vijay Gurbani
Review review-melnikov-smime-msa-to-mda-03-genart-lc-gurbani-2014-02-25
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg09809.html
Reviewed rev. 03 (document currently at 04)
Review result Ready with Nits
Draft last updated 2014-02-25
Review completed: 2014-02-25

Review
review-melnikov-smime-msa-to-mda-03-genart-lc-gurbani-2014-02-25

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-melnikov-smime-msa-to-mda-03
Reviewer: Vijay K. Gurbani
Review Date: Feb-25-2014
IETF LC End Date: Mar-05-2014
IESG Telechat date: Unknown

I must say that this draft was written with implementors in mind.
This is very refreshing.

Major: 0
Minor: 0
Nits:  4

This document is ready as a Proposed Standard.  Some minor nits follow:

Nits:

- S2.2, "Organizational policy and good security practice often
 require that messages be reviewed before they are released to
 external recipients."  Here, I suspect that organizational policy may
 require such a vetting but I would think that "good security practice"
 would not.  After all, unless a party is forced to do so (the
 "organizational policy" part), why would one party willingly subject
 its private communications to a third party before sending it
 to the recipient?  I would not consider that a third party reading
 my messages a "good security practice".  Therefore, I would take
 the "good security practice" phrase out, unless of course, there is
 some context to that phrase that I am not privy to.

- S3.3, first sentence: "A 'domain signature' is a signature generated
 on behalf of a set of users in the domain the users are a member of."
 This sentence appears rather, for the lack of a better word, clunky.
 How about rewriting this as: "A 'domain signature' is a signature
 generated on behalf of a set of users who belong to the specific
 domain."

- S5, steps 3-A and 3-B: s/found then/found, then/
 There are some more occurences of this, if you feel like it, you may
 want to change these to have a comma as well.

- S7, first paragraph: s/permits masquerade./permits masquerading./
  or, s/permits masquerade attacks./

Thanks,

- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
Email: vkg@{bell-labs.com,acm.org} / vijay.gurbani at alcatel-lucent.com
Web: 

http://ect.bell-labs.com/who/vkg/

  | Calendar: 

http://goo.gl/x3Ogq