MIME-Based Secure Peer-to-Peer Business Data Interchange Using HTTP, Applicability Statement 2 (AS2)
draft-ietf-ediint-as2-20
Discuss
Yes
(Scott Hollenbeck)
No Objection
(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(David Kessens)
(Jon Peterson)
(Margaret Cullen)
(Ted Hardie)
(Thomas Narten)
Abstain
Note: This ballot was opened for revision 20 and is now closed.
Steven Bellovin Former IESG member
Discuss
Discuss
[Treat as non-blocking comment]
(2004-10-25)
Unknown
Nit: there are two sections numbered 1.1 Nit: in the second of those sections, there's text that speaks of MD5's small key size. MD5 is a hash algorithm and doesn't have keys. I believe what was meant is "short block size". If possible, I'd leave MD5 out; if you must leave it in, say that it SHOULD NOT be used except for compatibility, because of cryptographic weaknesses in MD5. 4.1: "AS" is never expanded There's no discussion of replay detection or prevention, nor of checking the message date to see if it's stale. I assume, from the text on reusing Message-IDs, that they could function as replay detectors; in that case, some notion of when a message is stale should be included, so that the list of previously-seen Message-IDs can be pruned.
Scott Hollenbeck Former IESG member
Yes
Yes
()
Unknown
Alex Zinin Former IESG member
No Objection
No Objection
()
Unknown
Allison Mankin Former IESG member
No Objection
No Objection
(2004-10-28)
Unknown
The IANA registrations are very terse - they should say into what registry they go.
Bert Wijnen Former IESG member
No Objection
No Objection
()
Unknown
Bill Fenner Former IESG member
No Objection
No Objection
()
Unknown
David Kessens Former IESG member
No Objection
No Objection
()
Unknown
Jon Peterson Former IESG member
No Objection
No Objection
()
Unknown
Margaret Cullen Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
(was Discuss)
No Objection
No Objection
(2005-01-14)
Unknown
I still find the signed receipt discussion confusing. In Section 1.1, it would be very helpful to pointing out that the returned MIC value inside the MDN must be the same as the digest of the original message. I strongly believe that this needs to be explained early in the document.
Ted Hardie Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Thomas Narten Former IESG member
No Objection
No Objection
()
Unknown
Harald Alvestrand Former IESG member
Abstain
Abstain
(2004-10-28)
Unknown
Reviewed by John Loughney, Gen-ART His review: Formatting problems are so severe, I'd recommend a revision before considering this draft. The text is somewhat dense and hard to parse, so the formatting problems really make this impossible to read. I can try to re-read the draft for technical comments and will update this review if I find anything. In summary, I'd issue a discuss on this because of formatting - I doubt this passes the ID-Nits. John Major 1) What is AS2? This needs to be explained somewhere. Questions 1) The introduction discusses the relationship of this draft to other EDI RFCs. Does this document update / obsolete any of these RFCs? If so, it should mention it explicitly. Nits 1) Header & footer on page 1 should be removed. 2) Lots of editing problems - bullet lists should be reformatted, sections should be left justified, blank lines should be inserted after section titles, ToC should list page numbers, bulleted lists have formatting problems (page 6, for example).