Skip to main content

Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords
draft-ietf-precis-7613bis-11

Yes

(Ben Campbell)

No Objection

(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Benoît Claise)
(Deborah Brungard)
(Mirja Kühlewind)
(Spencer Dawkins)
(Suresh Krishnan)
(Terry Manderson)

Recuse


Note: This ballot was opened for revision 08 and is now closed.

Warren Kumari
No Objection
Comment (2017-07-05 for -08) Unknown
Taking a page from Benoit's playbook, here is a diff from RFC7613: https://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://tools.ietf.org/id/draft-ietf-precis-7613bis-08.txt&url2=https://tools.ietf.org/rfc/rfc7613.txt
(I feel really stupid for not realizing this earlier, but diff'ing a -bis from the base RFC is a: obvious and b: really useful for understanding which bits need more review)
Adam Roach Former IESG member
Yes
Yes (2017-07-05 for -08) Unknown
Nit: The final paragraph of section 1 is missing a paren after "[RFC7622]".

Nit: Step 2 in section 4.2.2 cites RFC 4013 as text rather than the normal citation format of [RFC4013]

I have the same comment as I did on rfc7700bis regarding the implications of operation idempotence.
Ben Campbell Former IESG member
Yes
Yes (for -08) Unknown

                            
Alia Atlas Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Alissa Cooper Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Alvaro Retana Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Benoît Claise Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Deborah Brungard Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Eric Rescorla Former IESG member
No Objection
No Objection (2017-07-05 for -08) Unknown
I agree with jsalowey's point about discouraging raw password comparison. Can you do something about that?

The use of "false positive" is confusing because positive can either mean "accept" or "reject". I would use "false accept" or "false reject" or some other clearer term
Mirja Kühlewind Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Spencer Dawkins Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Suresh Krishnan Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Terry Manderson Former IESG member
No Objection
No Objection (for -08) Unknown

                            
Alexey Melnikov Former IESG member
Recuse
Recuse (2017-06-27 for -08) Unknown
I am a co-editor.