Reviewer: Linda Dunbar
Review result: Ready
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments.
For more information, please see the FAQ at
Document: draft-ietf-precis-7613bis
Reviewer: Linda Dunbar
Review Date: 2017-06-25
IETF LC End Date: 2017-06-27
IESG Telechat date: 2017-07-06
Summary:
The document is written very clear. Even for a person who is not familiar with the App area, I can follow through the description. The document is ready for publication as standard track document Major issues:
One Minor issue:
Page 6 last paragraph has:
SASL mechanisms SHOULD delay any case mapping to the last possible moment, such as when doing a lookup by username, performing username comparisons, or generating a cryptographic
salt from a username (if the last possible moment happens on the server, then decisions about case mapping can be a matter of deployment policy). In keeping with [RFC4422], SASL mechanisms are not to apply this or any
other profile to authorization identifiers, only to authentication identifiers.
What does "last possible moment" mean? When I read it, I thought it meant wait until you got all the characters. But the next sentence mentions "..happens on the server". How is the "server" related to the entity that check the user
name & password?
Best Regards,
Linda Dunbar