Last Call Review of draft-ietf-httpauth-scram-auth-13
review-ietf-httpauth-scram-auth-13-genart-lc-droms-2015-12-10-00

Request Review of draft-ietf-httpauth-scram-auth
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-12-15
Requested 2015-11-25
Draft last updated 2015-12-10
Completed reviews Genart Last Call review of -13 by Ralph Droms (diff)
Genart Last Call review of -14 by Ralph Droms (diff)
Secdir Telechat review of -11 by Russ Housley (diff)
Opsdir Telechat review of -12 by Tim Chown (diff)
Assignment Reviewer Ralph Droms
State Completed
Review review-ietf-httpauth-scram-auth-13-genart-lc-droms-2015-12-10
Reviewed rev. 13 (document currently at 15)
Review result Ready
Review completed: 2015-12-10

Review
review-ietf-httpauth-scram-auth-13-genart-lc-droms-2015-12-10

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-httpauth-scram-auth-14
Reviewer: Ralph Droms
Review Date: 2015-13-9
IETF LC End Date: 2015-12-16
IESG Telechat date: (if known)

Summary: This draft is ready for publication as an Experimental RFC.

Major issues: None.

Minor issues: None.

Nits/editorial comments:

Nicely written, very clear document.

idnits reports some lines too long and an unused reference.

In the third paragraph of the Introduction, I suggest removing the parentheses and editing the second sentence for clarity; specifically, what is "SCRAM data"?

You could probably omit the parentheses in the second paragraph of Setion 3, as well, I'm likely just arguing style.

The last sentence of the last paragraph of sectino 3 was unclear to me: which messages are referred to?

I think, in the phrase "fail the authentication" in the fifth paragraph of section 8, you are using "fail" as a transitive verb, as in "the client considers the authentication of the message to have failed".  If I have that write, I suggest rewriting the containing sentence to improve the clarity.






Attachment:


signature.asc




Description:

 Message signed with OpenPGP using GPGMail