Last Call Review of draft-ietf-lamps-rfc5750-bis-05

Request Review of draft-ietf-lamps-rfc5750-bis
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2018-04-27
Requested 2018-04-13
Authors Jim Schaad, Blake Ramsdell, Sean Turner
Draft last updated 2018-04-27
Completed reviews Opsdir Last Call review of -06 by √Čric Vyncke (diff)
Genart Last Call review of -05 by Ines Robles (diff)
Secdir Last Call review of -05 by Matthew Miller (diff)
Genart Telechat review of -06 by Ines Robles (diff)
Assignment Reviewer Ines Robles
State Completed
Review review-ietf-lamps-rfc5750-bis-05-genart-lc-robles-2018-04-27
Reviewed rev. 05 (document currently at 08)
Review result Ready with Issues
Review completed: 2018-04-27



I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-lamps-rfc5750-bis-05
Reviewer: Ines Robles
Review Date: 27-04-2018
IETF LC End Date:  27-04-2018
IESG Telechat date: ---


I believe the draft is technically good. This document is well written and clear to understand.
Some minor concerns are mentioned that should be resolved before publication.

Major issues: No major issues found.

Minor issues:

Section 1.6:

    It would be nice to start the section with some text like "This document obsoletes 5750 due to the addition of the following information...."

Section 2.3:

    "but SHOULD use some other mechanism to determine ...." => It would be nice to mention some examples of the other mechanism

    "...but SHOULD use some other mechanism (such as ....) to determine..."

Section 4:

    Related to this:
    "Another method under consideration by the IETF is to provide certificate retrieval services as part of the existing Domain Name System (DNS)"

    - This text seems to be out of the date (since belongs as well to RFC5750 (2010)), maybe it would be nice to re-write it (e.g. method under consideration => method approved) and add a reference of the proposed methods. Would it be RFC 8162 [1] a good reference for this topic?

[1]  Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Nits/editorial comments:

Section 2.3: CertificateSet --> Certificate Set

Section 4.4.1: basicConstraints --> basic Constraints

Thanks for this document!