Last Call Review of draft-schaad-curdle-oid-registry-02
review-schaad-curdle-oid-registry-02-secdir-lc-kivinen-2017-10-17-00

Request Review of draft-schaad-curdle-oid-registry
Requested revision No specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-10-23
Requested 2017-10-09
Authors Jim Schaad, Rick Andrews
I-D last updated 2017-10-17
Completed reviews Secdir Last Call review of -02 by Tero Kivinen (diff)
Genart Last Call review of -02 by Roni Even (diff)
Assignment Reviewer Tero Kivinen
State Completed
Request Last Call review on draft-schaad-curdle-oid-registry by Security Area Directorate Assigned
Reviewed revision 02 (document currently at 03)
Result Has nits
Completed 2017-10-17
review-schaad-curdle-oid-registry-02-secdir-lc-kivinen-2017-10-17-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is Ready with Nits.

This document creates and IANA registry and fills it with initial
values. The numbers are inside the donated set of OIDs (donated from
Symantec Website Security) that was donated to the curdle WG earlier.

The security considerations section that as this just creates an IANA
registry it does not raise any new security considerations (altoigh
somepeople claim anything related to ASN.1 is security issue, I do
agree with the statement in the draft).

The only nit I have is that the document creates a called "SMI
Security for Cryptographic Algorithms", and I have no idea what SMI
means. I.e., it would be better if the name of the registry actually
told people what is expected to be inside this registry...

Perhaps "Short OIDs for Cryptographic Algorithms for different IETF
protocol" or similar.
-- 
kivinen@iki.fi