Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings
RFC 5554

[Ballot comment]
Based on the response from the author to Brian Carpenter's Gen-ART
  Review, I was expecting this paragraph to be revised:
  >
  > Where a language binding of the GSS-API models channel bindings as
  > OCTET STRINGs (or the language's equivalent), then the implementation
  > MUST assume that the given bindings correspond only to the
  > application-data field of GSS-CHANNEL-BINDINGS as shown above, rather
  > than some encoding of GSS-CHANNEL-BINDINGS.
  >
  The expected update would be something like this:
  >
  > Where the language binding of the GSS-API model's channel bindings is
  > a single OCTET STRING (or the language's equivalent), then the
  > implementation SHOULD assume that the given bindings correspond only
  > to the application-data field of GSS-CHANNEL-BINDINGS shown above.

[Ballot discuss]
INTRODUCTION, paragraph 14:
>    This document clarifies and generalizes the Generic Security Services
>    Application Programming Interface (GSS-API) "channel bindings"
>    facility, and imposes requirements on future GSS-API mechanisms and
>    programming language bindings of the GSS-API.

  DISCUSS: This sounds like this document should "Update" RFC2743 and/or
  RFC2744? (Will clear immediately once we've figured out the answer to
  this.)

(1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this version of the
      document and, in particular, does he or she believe this
      version is ready for forwarding to the IESG for publication?

Shawn Emery, yes, yes

(1.b)  Has the document had adequate review both from key WG members
      and from key non-WG members?  Does the Document Shepherd have
      any concerns about the depth or breadth of the reviews that
      have been performed?

The document had adequate review from the WG members.  The shepherd doesn't know of reviews by non WG members.

(1.c)  Does the Document Shepherd have concerns that the document
      needs more review from a particular or broader perspective,
      e.g., security, operational complexity, someone familiar with
      AAA, internationalization or XML?

No.

(1.d)  Does the Document Shepherd have any specific concerns or
      issues with this document that the Responsible Area Director
      and/or the IESG should be aware of?  For example, perhaps he
      or she is uncomfortable with certain parts of the document, or
      has concerns whether there really is a need for it.  In any
      event, if the WG has discussed those issues and has indicated
      that it still wishes to advance the document, detail those
      concerns here.  Has an IPR disclosure related to this document
      been filed?  If so, please include a reference to the
      disclosure and summarize the WG discussion and conclusion on
      this issue.

No concerns. No IPR disclosure is known to the author or the shepherd.

(1.e)  How solid is the WG consensus behind this document?  Does it
      represent the strong concurrence of a few individuals, with
      others being silent, or does the WG as a whole understand and
      agree with it?

There is WG consensus to publish the document.

(1.f)  Has anyone threatened an appeal or otherwise indicated extreme
      discontent?  If so, please summarise the areas of conflict in
      separate email messages to the Responsible Area Director.  (It
      should be in a separate email because this questionnaire is
      entered into the ID Tracker.)

Nobody threatened to appeal.

(1.g)  Has the Document Shepherd personally verified that the
      document satisfies all ID nits?  (See
      http://www.ietf.org/ID-Checklist.html and
      http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
      not enough; this check needs to be thorough.  Has the document
      met all formal review criteria it needs to, such as the MIB
      Doctor, media type and URI type reviews?

Idnits 2.08.10 found no nits in the document.

(1.h)  Has the document split its references into normative and
      informative?  Are there normative references to documents that
      are not ready for advancement or are otherwise in an unclear
      state?  If such normative references exist, what is the
      strategy for their completion?  Are there normative references
      that are downward references, as described in [RFC3967]?  If
      so, list these downward references to support the Area
      Director in the Last Call procedure for them [RFC3967].

There are only normative references in the document. No donwref references.

(1.i)  Has the Document Shepherd verified that the document IANA
      consideration section exists and is consistent with the body
      of the document?  If the document specifies protocol
      extensions, are reservations requested in appropriate IANA
      registries?  Are the IANA registries clearly identified?  If
      the document creates a new registry, does it define the
      proposed initial contents of the registry and an allocation
      procedure for future registrations?  Does it suggest a
      reasonable name for the new registry?  See [RFC2434].  If the
      document describes an Expert Review process has Shepherd
      conferred with the Responsible Area Director so that the IESG
      can appoint the needed Expert during the IESG Evaluation?

The IANA considerations section exists. It requires no action from IANA, which is correct.

(1.j)  Has the Document Shepherd verified that sections of the
      document that are written in a formal language, such as XML
      code, BNF rules, MIB definitions, etc., validate correctly in
      an automated checker?

No ABNF, no MIB, no XML, ASN.1 was validated.

(1.k)  The IESG approval announcement includes a Document
      Announcement Write-Up.  Please provide such a Document
      Announcement Write-Up?  Recent examples can be found in the
      "Action" announcements for approved documents.  The approval
      announcement contains the following sections:

          Technical Summary
            Relevant content can frequently be found in the abstract
            and/or introduction of the document.  If not, this may be
            an indication that there are deficiencies in the abstract
            or introduction.

This document clarifies and generalizes the Generic Security Services Application Programming Interface (GSS-API) "channel bindings" facility, and imposes requirements on future GSS-API mechanisms and programming language bindings of the GSS-API.

          Working Group Summary

            Was there anything in WG process that is worth noting?  For
            example, was there controversy about particular points or
            were there decisions where the consensus was particularly
            rough?

Nothing worth noting regarding WG process.

          Document Quality

            Are there existing implementations of the protocol?  Have a
            significant number of vendors indicated their plan to
            implement the specification?  Are there any reviewers that
            merit special mention as having done a thorough review,
            e.g., one that resulted in important changes or a
            conclusion that the document had no substantive  issues? If
            there was a MIB Doctor, Media Type or other expert review,
            what was its course (briefly)?  In the case of a Media Type
            review, on what date was the request posted?

No one is using channel bindings that I'm aware of, however with the recent publication on channel binding usage, RFC5056, the guidance will help foster such interest with vendors.

          Personnel

            Who is the Document Shepherd for this document?  Who is the
            Responsible Area Director?

Shawn M. Emery  is the document shepherd for this document.