Telechat Review of draft-gutmann-scep-10

Request Review of draft-gutmann-scep
Requested rev. no specific revision (document currently at 16)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2018-03-06
Requested 2018-01-25
Authors Peter Gutmann
Draft last updated 2018-04-26
Completed reviews Opsdir Telechat review of -10 by Susan Hares (diff)
Genart Telechat review of -08 by Christer Holmberg (diff)
Genart Last Call review of -09 by Christer Holmberg (diff)
Assignment Reviewer Susan Hares 
State Completed
Review review-gutmann-scep-10-opsdir-telechat-hares-2018-04-26
Reviewed rev. 10 (document currently at 16)
Review result Ready
Review completed: 2018-04-26


caveat:  I am not a security expert famliy with the deployment of the SCEP protocol. If an operational experience with this protocol is required for this review, I suggest you obtain a secondary review. 

General comments: The document summarizes in a readable fashion all the issues I could image regarding this protocol's deployment issues.  Issues of scale and security have been examined.   

p. 19, section 3.3.1, British spelling of authorization is used (authorisation). RFC editor may want to change or author may want to change to US spelling.

p. 26 - I appreciate the use of  non-idempotent and idempotent in this section.  I hope this is normal language for the security area.