Shepherd writeup
rfc7292-05


This is the document shepherd write-up for
draft-moriarty-pkcs12v1-1-03.txt.  It follows the format described at
http://www.ietf.org/iesg/template/doc-writeup.html 



(1) The document is an RFC'ized version of the original PKCS12 V1.1
document and is presented for publication as an Informational RFC as
part of the transfer of copyright from RSA/EMC to the IETF trust.
Given the history of other PKCS series documents transferred to the
IETF, publication as an Informational RFC is appropriate and the
document is marked for proposed status as Informational.

(2) The suggested document announcement is as follows:

  'Technical Summary
      
      The content of the document is substantially the same as the
      source PKCS12 document with the necessary changes to publish it
      as an IETF RFC and to correct a few minor technical issues.  The
      document describes an ASN1-based transfer syntax for personal
      identity information, including private keys, certificates,
      miscellaneous secrets, and extensions.  Machines, applications,
      browsers, Internet kiosks, and so on, that support this standard
      will allow a user to import, export, and exercise a single set
      of personal identity information.  This standard supports direct
      transfer of personal information under several privacy and
      integrity modes.

  'Working Group Summary
 
      The document action is primarily a publication to document the
      transfer of copyright from RSA/EMC to the IETF.  As such, this
      has been handled as an individual submission from the current
      copyright holder with AD input.  The security area AD's believe
      this specification to be a useful addition to the set of IETF
      documents and expect it to be the basis for the publication of
      future IETF standards based on the original PKCS12 work, similar
      to what has previously happened with PKCS7.

  'Document Quality

      PKCS12-based implementations are wide spread and well
      understood. This document is a comprehensive and complete
      discussion of the current PKCS12 framework with the addition of
      code points to support more recently defined cryptographic
      mechanisms.  The document references are up to date and appear
      to be complete.

 

(3) Document review.  The current form of the document was compared to
the existing PKCS12 document, and barring minor changes for formatting
and for the addition of a few code points it is substantially
identical in content to the source document.  As the publication of
this document is primarily to document transfer of copyright, no
substantive changes were contemplated or desired.

(4)-(6) I have no concerns with the document as presented.  Given that
it is presented as a copyright transfer from RSA/EMC to the IETF, and
given that it is being published in its first form as Informational,
it would mostly defeat the purpose of the copyright transfer to allow
substantive changes to the text being transferred. 


(7, 8) The primary document author (K Moriarty) has asserted she has been
given permission by RSA/EMC to transfer PKCS12 to the IETF.  I have
consulted with the security AD's and the IAOC/IETF Trust in the person
of Scott Bradner and their opinion is that this is sufficient for the
IETF to accept the transfer.

(9) As this is an individual submission, WG consensus is not
relevant.  The Security AD's have indicated agreement with the
publication of the document.

(11) There are no actual NITS.  The ones identified by the automated
process are mis-identifications of ASN1 constructs (E.g. an ASN1
'OPTIONAL' keyword and a '[0]' ASN1 explicit tag).

(12) There is no specific formal review of contained
code/BNF/ASN.1/MIBs required for a document of this type at this
stage.  If and when standards track documents are derived from this
document I would recommend a formal review of the contained ASN1.

(13) The references have been reviewed and are up to date and
appropriately labeled as normative or informative.

(14) There are no normative references waiting for advancement on
which this document is dependent.

(15) There are no downward normative references in this document.

(16) The publication of this document will not affect the status of
any existing RFCs.

(17) As an Informational submission, this document does not contain any
items that should be referred to the IANA.

(18) No new IANA registries are required by this document.

(19) No automated checks have been performed on the contained ASN.1 as
any changes to fix issues (if any were identified) could have an
adverse affect with respect to the transfer of copyright.  As noted in
(12) above, I would recommend doing such checks if and when a document
derived from this document enters the standards track.


Back