Last Call Review of draft-melnikov-smime-msa-to-mda-03

Request Review of draft-melnikov-smime-msa-to-mda
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-03-05
Requested 2014-02-06
Authors William Ottaway, Alexey Melnikov
Draft last updated 2014-02-25
Completed reviews Genart Last Call review of -03 by Vijay Gurbani (diff)
Secdir Last Call review of -02 by Sandra Murphy (diff)
Assignment Reviewer Vijay Gurbani
State Completed
Review review-melnikov-smime-msa-to-mda-03-genart-lc-gurbani-2014-02-25
Reviewed rev. 03 (document currently at 04)
Review result Ready with Nits
Review completed: 2014-02-25


I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-melnikov-smime-msa-to-mda-03
Reviewer: Vijay K. Gurbani
Review Date: Feb-25-2014
IETF LC End Date: Mar-05-2014
IESG Telechat date: Unknown

I must say that this draft was written with implementors in mind.
This is very refreshing.

Major: 0
Minor: 0
Nits:  4

This document is ready as a Proposed Standard.  Some minor nits follow:


- S2.2, "Organizational policy and good security practice often
 require that messages be reviewed before they are released to
 external recipients."  Here, I suspect that organizational policy may
 require such a vetting but I would think that "good security practice"
 would not.  After all, unless a party is forced to do so (the
 "organizational policy" part), why would one party willingly subject
 its private communications to a third party before sending it
 to the recipient?  I would not consider that a third party reading
 my messages a "good security practice".  Therefore, I would take
 the "good security practice" phrase out, unless of course, there is
 some context to that phrase that I am not privy to.

- S3.3, first sentence: "A 'domain signature' is a signature generated
 on behalf of a set of users in the domain the users are a member of."
 This sentence appears rather, for the lack of a better word, clunky.
 How about rewriting this as: "A 'domain signature' is a signature
 generated on behalf of a set of users who belong to the specific

- S5, steps 3-A and 3-B: s/found then/found, then/
 There are some more occurences of this, if you feel like it, you may
 want to change these to have a comma as well.

- S7, first paragraph: s/permits masquerade./permits masquerading./
  or, s/permits masquerade attacks./


- vijay
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60563 (USA)
Email: vkg@{,} / vijay.gurbani at

  | Calendar: