Skip to main content

MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)
draft-ietf-ediint-as2-20

Discuss


Yes

(Scott Hollenbeck)

No Objection

(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Jon Peterson)
(Margaret Cullen)
(Ted Hardie)
(Thomas Narten)

Abstain


Note: This ballot was opened for revision 20 and is now closed.

Steven Bellovin Former IESG member
Discuss
Discuss [Treat as non-blocking comment] (2004-10-25) Unknown
Nit: there are two sections numbered 1.1

Nit: in the second of those sections, there's text that speaks of MD5's small key size.  MD5 is a hash algorithm and doesn't have keys.  I believe what was meant is "short block size".  If possible, I'd leave MD5 out; if you must leave it in, say that it SHOULD NOT be used except for compatibility, because of cryptographic weaknesses in MD5.

4.1: "AS" is never expanded

There's no discussion of replay detection or prevention, nor of checking the message date to see if it's stale.  I assume, from the text on reusing Message-IDs, that they could function as replay detectors; in that case, some notion of when a message is stale should be included, so that the list of previously-seen Message-IDs can be pruned.
Scott Hollenbeck Former IESG member
Yes
Yes () Unknown

                            
Alex Zinin Former IESG member
No Objection
No Objection () Unknown

                            
Allison Mankin Former IESG member
No Objection
No Objection (2004-10-28) Unknown
The IANA registrations are very terse - they should say into what registry they go.
Bert Wijnen Former IESG member
No Objection
No Objection () Unknown

                            
Bill Fenner Former IESG member
No Objection
No Objection () Unknown

                            
David Kessens Former IESG member
No Objection
No Objection () Unknown

                            
Jon Peterson Former IESG member
No Objection
No Objection () Unknown

                            
Margaret Cullen Former IESG member
No Objection
No Objection () Unknown

                            
Russ Housley Former IESG member
(was Discuss) No Objection
No Objection (2005-01-14) Unknown
  I still find the signed receipt discussion confusing.  In Section 1.1,
  it would be very helpful to pointing out that the returned MIC value
  inside the MDN must be the same as the digest of the original message.
  I strongly believe that this needs to be explained early in the
  document.
Ted Hardie Former IESG member
(was Discuss) No Objection
No Objection () Unknown

                            
Thomas Narten Former IESG member
No Objection
No Objection () Unknown

                            
Harald Alvestrand Former IESG member
Abstain
Abstain (2004-10-28) Unknown
Reviewed by John Loughney, Gen-ART

His review:

Formatting problems are so severe, I'd recommend a revision before considering
this draft.  The text is somewhat dense and hard to parse, so the formatting
problems really make this impossible to read.  I can try to re-read the draft
for technical comments and will update this review if I find anything.

In summary, I'd issue a discuss on this because of formatting - I doubt this passes
the ID-Nits.

John

Major
1) What is AS2?  This needs to be explained somewhere.

Questions
1) The introduction discusses the relationship of this draft to other EDI RFCs.
   Does this document update / obsolete any of these RFCs? If so, it should mention
   it explicitly.

Nits
1) Header & footer on page 1 should be removed.
2) Lots of editing problems - bullet lists should be reformatted, 
   sections should be left justified, blank lines should be inserted
   after section titles, ToC should list page numbers, bulleted lists
   have formatting problems (page 6, for example).