PROTO Writeup: RFC 4590bis

["Bernard Aboba" <bernard_aboba@hotmail.com>]

Since no additional issues have been raised, we are preparing to send RFC 
4590bis off to the IESG for publication as a Proposed Standard.  Here is the 
PROTO writeup:

------------------------------------------------------------------------
Title:   RADIUS Extension for Digest Authentication
I-D:
http://www.ietf.org/internet-drafts/draft-ietf-radext-rfc4590bis-01.txt

Status: Proposed Standard

(1.a) Who is the Document Shepherd for this document? Has the Document
Shepherd personally reviewed this version of the document and, in 
particular,
does he or she believe this version is ready for forwarding to the IESG for
publication?

Document Shepherd: Bernard Aboba
I have personally reviewed the document.

(1.b) Has the document had adequate review from both key WG members and
key non-WG members? Does the Document Shepherd have any concerns
about the depth or breadth of the reviews that have been performed?

Yes. This document has been through a WG last call.

(1.c) Does the Document Shepherd have concerns that the document needs
more review from a particular or broader perspective e.g., security, 
operational
complexity, someone familiar with AAA, internationalization or XML?

This document includes some fixes to RFC 4590, which was discovered to 
contain
IANA errors after publication.  These problems were fixed along with a
few other errata.  So this document has already received extensive review in
the relatively recent past.

(1.d) Does the Document Shepherd have any specific concerns or issues with 
this
document that the Responsible Area Director and/or the IESG should be aware 
of?
For example, perhaps he or she is uncomfortable with certain parts of the
document,  or has concerns whether there really is a need for it. In any 
event, if the WG
has discussed those issues and has indicated that it still wishes to advance 
the
document, detail those concerns here. Has an IPR disclosure related to this 
document been
filed? If so, please include a reference to the disclosure and summarize the 
WG
discussion and conclusion on this issue.

No concerns.

(1.e) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with
it?

There is solid consensus behind this document, as there was behind
RFC 4590.

The issues raised and the resolutions are available for inspection at
http://www.drizzle.com/~aboba/RADEXT/

(1.f) Has anyone threatened an appeal or otherwise indicated extreme 
discontent?
If so, please summarise the areas of conflict in separate email messages to 
the
Responsible Area Director. (It should be in a separate email because this
questionnaire is entered into the ID Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the document 
satisfies
all ID nits? (See http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; 
this
check needs to be thorough. Has the document met all formal review criteria 
it
needs to, such as the MIB Doctor, media type and URI type reviews?

Yes. An output of the run on this revision of the ID by the online nits
checker:

idnits 2.04.05

tmp/draft-ietf-radext-rfc4590bis-01.txt:
tmp/draft-ietf-radext-rfc4590bis-01.txt(1132): Found possible
IPv4 address '3.2.2.2' in position 64; this doesn't match RFC3330's 
suggested
192.0.2.0/24 address range.

[BA] 3.2.2.2 is a section header, not an address.

  Checking boilerplate required by RFC 3978 and 3979, updated by RFC 4748:
  
----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt:
  
----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.


  Checking nits according to http://www.ietf.org/ID-Checklist.html:
  
----------------------------------------------------------------------------

  ** There are 1 instance of lines with non-RFC3330-compliant IPv4 addresses
     in the document.  If these are example addresses, they should be 
changed.

[BA] They are not example addresses.

  Miscellaneous warnings:
  
----------------------------------------------------------------------------

     No issues found here.

  Checking references for intended status: Proposed Standard
  
----------------------------------------------------------------------------

  -- Looks like a reference, but probably isn't: '4' on line 1008
     '0-1      0      0      1          0    24  State [4]...'

  -- Looks like a reference, but probably isn't: '1' on line 1028
     '0        0-1    0      0          0   121  Digest-HA1 [1][2]...'

  -- Looks like a reference, but probably isn't: '2' on line 1028
     '0        0-1    0      0          0   121  Digest-HA1 [1][2]...'

  -- Looks like a reference, but probably isn't: '3' on line 1018
     '0-1      0      0      0-1        0-1 111  Digest-Algorithm [3]...'

  == Missing Reference: 'Note 1' is mentioned on line 1039, but not
     defined
     '[Note 1] Digest-HA1 MUST be used instead of Digest-Response-Auth...'

  -- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 1'

  == Missing Reference: 'Note 2' is mentioned on line 1042, but not
     defined
     '[Note 2] Digest-Response-Auth MUST be used instead of Digest-HA1...'

  -- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 2'

  == Missing Reference: 'Note 3' is mentioned on line 1045, but not
     defined
'[Note 3] If Digest-Algorithm is missing, 'MD5' is assumed....'

  -- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 3'

  == Missing Reference: 'Note 4' is mentioned on line 1047, but not
     defined
     '[Note 4] An Access-Challenge MUST contain a State attribute, whic...'

  -- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 4'

  ** Downref: Normative reference to an Informational RFC: RFC 3579

  -- Obsolete informational reference (is this intentional?): RFC 2069
     (Obsoleted by RFC 2617)

[BA] This is intentional.

     Summary: 3 errors (**), 4 warnings (==), 9 comments (--).

(1.h) Has the document split its references into normative and informative?
Are there normative references to documents that are not ready for 
advancement
or are otherwise in an unclear state? If such normative references exist, 
what
is the strategy for their completion? Are there normative references that 
are
downward references, as described in [RFC3967]? If so, list these downward
references to support the Area Director in the Last Call procedure for them
[RFC3967].

The document splits normative and informative references.
There are no normative references to IDs.

(1.i) Has the Document Shepherd verified that the document IANA 
consideration
section exists and is consistent with the body of the document? If the 
document
specifies protocol extensions, are reservations requested in appropriate 
IANA
registries? Are the IANA registries clearly identified? If the document 
creates
a new registry, does it define the proposed initial contents of the registry 
and
an allocation procedure for future registrations? Does it suggest a 
reasonable
name for the new registry? See [RFC2434]. If the document describes an 
Expert
Review process has Shepherd conferred with the Responsible Area Director so
that the IESG can appoint the needed Expert during the IESG Evaluation?

I have verified that the IANA consideration exists and is consistent with 
the
body of the document.  The inconsistency in RFC 4590 was the reason why this
document needed to be produced.

(1.j) Has the Document Shepherd verified that sections of the document that
are written in a formal language, such as XML code, BNF rules, MIB 
definitions,
etc., validate correctly in an automated checker?

This document does not contain sections written in a formal language.

(1.k) The IESG approval announcement includes a Document Announcement 
Write-Up.
Please provide such a Document Announcement Write-Up? Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

   - Technical Summary

   This document defines an extension to the Remote Authentication Dial-
   In User Service (RADIUS) protocol to enable support of Digest
   Authentication, for use with HTTP-style protocols like the Session
   Initiation Protocol (SIP) and HTTP.

   - Working Group Summary

   Working Group discussion largely centered on whether the issues
   identified in RFC 4590 could be fixed via an errata or whether
   a new RFC was required.  Due to conflicts between the RFC 4590 text
   and the parameters allocated by IANA, it was decided that a new
   RFC would be needed, so as to avoid potential interoperability
   problems.

   - Document Quality

This document is needed to address a problem in the IANA allocations for
Digest Authentication as well as several errata that were found after the
publication of RFC 4590.  At this point, we believe that RFC 4590bis 
addresses
all issues raised since the publication of RFC 4590.

   - Personnel

Bernard Aboba is the document shepherd.  The responsible Area Director is
Dan Romascanu. No IANA expert is needed.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>