Re: [Gen-art] Gen-art LC review: draft-hansen-scram-sha256

Tony Hansen <tony@att.com> Fri, 22 May 2015 22:00 UTC

Return-Path: <tony@att.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D30C1A894F; Fri, 22 May 2015 15:00:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4mURwqg28Lm; Fri, 22 May 2015 15:00:21 -0700 (PDT)
Received: from nbfkord-smmo05.seg.att.com (nbfkord-smmo05.seg.att.com [209.65.160.92]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18BD61A8956; Fri, 22 May 2015 15:00:21 -0700 (PDT)
Received: from unknown [144.160.229.23] (EHLO alpi154.enaf.aldc.att.com) by nbfkord-smmo05.seg.att.com(mxl_mta-7.2.4-5) over TLS secured channel with ESMTP id 2f6af555.0.3245677.00-2365.8692164.nbfkord-smmo05.seg.att.com (envelope-from <tony@att.com>); Fri, 22 May 2015 22:00:21 +0000 (UTC)
X-MXL-Hash: 555fa6f533653152-48ad760a6fcde899ed75499c7ef550942f22c4ee
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4MM0HM6027951; Fri, 22 May 2015 18:00:17 -0400
Received: from alpi132.aldc.att.com (alpi132.aldc.att.com [130.8.217.2]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4MM0Bcs027926 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 22 May 2015 18:00:15 -0400
Received: from alpi153.aldc.att.com (alpi153.aldc.att.com [130.8.42.31]) by alpi132.aldc.att.com (RSA Interceptor); Fri, 22 May 2015 21:59:56 GMT
Received: from aldc.att.com (localhost [127.0.0.1]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4MLxulJ017256; Fri, 22 May 2015 17:59:56 -0400
Received: from dns.maillennium.att.com (maillennium.att.com [135.25.114.99]) by alpi153.aldc.att.com (8.14.5/8.14.5) with ESMTP id t4MLxqk7017131; Fri, 22 May 2015 17:59:52 -0400
Received: from tonys-macbook-pro.local (unknown[135.110.240.65](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20150522215948gw1000cebse>; Fri, 22 May 2015 21:59:52 +0000
X-Originating-IP: [135.110.240.65]
Message-ID: <555FA6D3.8080104@att.com>
Date: Fri, 22 May 2015 17:59:47 -0400
From: Tony Hansen <tony@att.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Robert Sparks <rjsparks@nostrum.com>, General Area Review Team <gen-art@ietf.org>, draft-hansen-scram-sha256@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf@ietf.org" <ietf@ietf.org>
References: <551D8D6E.8010307@nostrum.com>
In-Reply-To: <551D8D6E.8010307@nostrum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-AnalysisOut: [v=2.0 cv=b/AFFK6x c=1 sm=1 a=VXHOiMMwGAwA+y4G3/O+aw==:17 a]
X-AnalysisOut: [=5hWoPXNsKEoA:10 a=ZXRAoOSSXYMA:10 a=BLceEmwcHowA:10 a=Ikc]
X-AnalysisOut: [TkHD0fZMA:10 a=zQP7CpKOAAAA:8 a=h1PgugrvaO0A:10 a=48vgC7mU]
X-AnalysisOut: [AAAA:8 a=JILEOeat5sZnRvVEb0MA:9 a=QEXdDO2ut3YA:10 a=M8obPk]
X-AnalysisOut: [6z-QfwpYHt:21 a=B9yHtgrlGu8OsnMi:21]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2014051901)]
X-MAIL-FROM: <tony@att.com>
X-SOURCE-IP: [144.160.229.23]
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/S9KScVGtVwNQKTDwormrgbWMwuQ>
Subject: Re: [Gen-art] Gen-art LC review: draft-hansen-scram-sha256
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 22:00:24 -0000

On 4/2/15 2:41 PM, Robert Sparks wrote:
> I am the assigned Gen-ART reviewer for this draft. For background on
> Gen-ART, please see the FAQ at
>
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>
> Please resolve these comments along with any other Last Call comments
> you may receive.
>
> Document: draft-hansen-scram-sha256
> Reviewer: Robert Sparks
> Review Date: 2Apr2015
> IETF LC End Date: 24Apr2015
> IESG Telechat date: (if known)
>
> Summary: Ready for publication as Informational, with nits that should
> be considered.
>
> Nits/editorial comments:
>
> Nit:
> It raises flags for me when an Informational document uses "Updates"
> on a standards track document.
> I would argue that this does _not_ update 5802. IANA did the things
> that 5802 requested, and this document
> is requesting something else that happens to change those things. That
> makes this more of a "see also" than
> a "the protocol changed", and I think the Updates should be removed.
>
> I don't feel super strongly about the difference in _this particular
> case_, hence its classification as a Nit.
> But for consistency, and avoiding the issue of having an Informational
> update a PS, I hope you choose to remove it.
>
> Editorial comment:
> The URLs in the references section seem superfluous since you've
> already expanded them in the introduction?

Finally made it back to working on this doc. Thank you Robert for your
review.

Your comments raise a different question for me: should this spec
instead be on the standards track? It *is* defining a SASL mechanism
that will probably be used in other standards, in particular, httpauth.


One of the reasons for the updates is that mailing address specified in
5802 has changed. If someone reads 5802 without reading this spec, they
will probably send email to the wrong mailing address.


As for the URIs, those will go away when the paragraph holding them goes
away.

Thanks again for the comments.

    Tony Hansen