Reviewer: Linda Dunbar
Review result: Ready
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team
(Gen-ART) reviews all IETF documents being processed by the IESG for the IETF
Chair. Please treat these comments just like any other last call comments.
For more information, please see the FAQ at
<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
Document: draft-ietf-precis-7613bis
Reviewer: Linda Dunbar
Review Date: 2017-06-25
IETF LC End Date: 2017-06-27
IESG Telechat date: 2017-07-06
Summary:
The document is written very clear. Even for a person who is not familiar with
the App area, I can follow through the description. The document is ready for
publication as standard track document Major issues:
One Minor issue:
Page 6 last paragraph has:
SASL mechanisms SHOULD delay any case mapping to the last possible
moment, such as when doing a lookup by username, performing username
comparisons, or generating a cryptographic salt from a username (if the last
possible moment happens on the server, then decisions about case mapping can be
a matter of deployment policy). In keeping with [RFC4422], SASL mechanisms are
not to apply this or any other profile to authorization identifiers, only to
authentication identifiers.
What does "last possible moment" mean? When I read it, I thought it meant wait
until you got all the characters. But the next sentence mentions "..happens on
the server". How is the "server" related to the entity that check the user name
& password?
Best Regards,
Linda Dunbar