This is the document shepherd write-up for
draft-moriarty-pkcs12v1-1-03.txt. It follows the format described at
http://www.ietf.org/iesg/template/doc-writeup.html
(1) The document is an RFC'ized version of the original PKCS12 V1.1
document and is presented for publication as an Informational RFC as
part of the transfer of copyright from RSA/EMC to the IETF trust.
Given the history of other PKCS series documents transferred to the
IETF, publication as an Informational RFC is appropriate and the
document is marked for proposed status as Informational.
(2) The suggested document announcement is as follows:
'Technical Summary
The content of the document is substantially the same as the
source PKCS12 document with the necessary changes to publish it
as an IETF RFC and to correct a few minor technical issues. The
document describes an ASN1-based transfer syntax for personal
identity information, including private keys, certificates,
miscellaneous secrets, and extensions. Machines, applications,
browsers, Internet kiosks, and so on, that support this standard
will allow a user to import, export, and exercise a single set
of personal identity information. This standard supports direct
transfer of personal information under several privacy and
integrity modes.
'Working Group Summary
The document action is primarily a publication to document the
transfer of copyright from RSA/EMC to the IETF. As such, this
has been handled as an individual submission from the current
copyright holder with AD input. The security area AD's believe
this specification to be a useful addition to the set of IETF
documents and expect it to be the basis for the publication of
future IETF standards based on the original PKCS12 work, similar
to what has previously happened with PKCS7.
'Document Quality
PKCS12-based implementations are wide spread and well
understood. This document is a comprehensive and complete
discussion of the current PKCS12 framework with the addition of
code points to support more recently defined cryptographic
mechanisms. The document references are up to date and appear
to be complete.
(3) Document review. The current form of the document was compared to
the existing PKCS12 document, and barring minor changes for formatting
and for the addition of a few code points it is substantially
identical in content to the source document. As the publication of
this document is primarily to document transfer of copyright, no
substantive changes were contemplated or desired.
(4)-(6) I have no concerns with the document as presented. Given that
it is presented as a copyright transfer from RSA/EMC to the IETF, and
given that it is being published in its first form as Informational,
it would mostly defeat the purpose of the copyright transfer to allow
substantive changes to the text being transferred.
(7, 8) The primary document author (K Moriarty) has asserted she has been
given permission by RSA/EMC to transfer PKCS12 to the IETF. I have
consulted with the security AD's and the IAOC/IETF Trust in the person
of Scott Bradner and their opinion is that this is sufficient for the
IETF to accept the transfer.
(9) As this is an individual submission, WG consensus is not
relevant. The Security AD's have indicated agreement with the
publication of the document.
(11) There are no actual NITS. The ones identified by the automated
process are mis-identifications of ASN1 constructs (E.g. an ASN1
'OPTIONAL' keyword and a '[0]' ASN1 explicit tag).
(12) There is no specific formal review of contained
code/BNF/ASN.1/MIBs required for a document of this type at this
stage. If and when standards track documents are derived from this
document I would recommend a formal review of the contained ASN1.
(13) The references have been reviewed and are up to date and
appropriately labeled as normative or informative.
(14) There are no normative references waiting for advancement on
which this document is dependent.
(15) There are no downward normative references in this document.
(16) The publication of this document will not affect the status of
any existing RFCs.
(17) As an Informational submission, this document does not contain any
items that should be referred to the IANA.
(18) No new IANA registries are required by this document.
(19) No automated checks have been performed on the contained ASN.1 as
any changes to fix issues (if any were identified) could have an
adverse affect with respect to the transfer of copyright. As noted in
(12) above, I would recommend doing such checks if and when a document
derived from this document enters the standards track.