Last Call Review of draft-ietf-oauth-urn-sub-ns-
review-ietf-oauth-urn-sub-ns-secdir-lc-kivinen-2012-07-13-00

Request Review of draft-ietf-oauth-urn-sub-ns
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2012-07-17
Requested 2012-06-28
Authors Brian Campbell, Hannes Tschofenig
Draft last updated 2012-07-13
Completed reviews Genart Last Call review of -05 by Ben Campbell (diff)
Secdir Last Call review of -?? by Tero Kivinen
Assignment Reviewer Tero Kivinen
State Completed
Review review-ietf-oauth-urn-sub-ns-secdir-lc-kivinen-2012-07-13
Review result Ready
Review completed: 2012-07-13

Review
review-ietf-oauth-urn-sub-ns-secdir-lc-kivinen-2012-07-13

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document creates a new URN subregistry for oauth use.

The security considerations section points out that there is no new
security considerations in this document that are not already
inherernt to using URNs and points to RFC2141 for more information.

On the other hand RFC2141 is very generic and says that there are
security considerations that are outside the scope of that document,
and they should be included in the document registering the namespace
identifiers.

As this again only generates subregistry and not any actual registry
values, it might be better to just add similar note than what is in
RFC2141, adding pointer to another document which says "there is
nothing here", isn't that helpful.
-- 
kivinen at iki.fi