Document: draft-ietf-pkix-authorityclearanceconstraints-02.txt
Reviewer: Francis Dupont
Review Date: 2009-08-10
IETF LC End Date: 2009-08-14
IESG Telechat date: unknown

Summary: Not Ready

Major issues: the I-D is too hard to read

Minor issues: 
 - IMHO a transition paragraph is needed at the end of the Introduction
  in order to introduce technical dependencies:
  * clearance attribute is in fact from 3281bis (this is obvious when
  one reads the ASN.1 module appendix but it should be mentioned as
  soon as possible)
  * the processings augment the RFC 5280 section 6 (so the text is
  understable only with this section in mind)  The whole idea is to prepare a first reader (IMHO it is a problem when  a document needs to be read more than once to get a good idea about  what it specifies :-).

 - another issue is the multiple values in a Clearance attribute.
  The Clearance attribute syntax of section 2 is in fact for an  AttributeValue type and doesn't include multiple values (only  multiple SecurityCategory). Of course the Attribute in AC can  contains multiple values, so the text often uses the term "value"
 in a very ambiguous way.

Nits/editorial comments: 
 - Abstract page 2: TA and AA abbrevs are useless, CA abbrev must be
  expanded. Note abbrevs are useless in abstracts if they aren't
  possible keywords or very common (the RFC Editor has a list of
  common abbrevs with very common, cf PS). In no case the Abstract
  can introduce an abbrev for the body.

 - ToC page 3: Author's Addresses -> Authors' Addresses

 - Introduction 1: please introduce abbrevs (PKC, PKI, CA, AA, TA)

 - 3 page 6: I don't understand this statement:
  "In 
   addition, each Clearance attribute in the SEQUENCE must not contain 
   more than one value."
  perhaps SEQUENCE should be sequence (of AuthorityClearanceConstraints)?

 - 4.1.1.2 page 8: ,, -> ,

 - 4.1.1.2 page 8: can't understand:
   If any of the Clearance attributes in the permitted-clearances 
   contains more than one value

 - 4.1.1.3 page 8: 6. -> 6 (for uniformity among the text)

 - 4.1.1.5.1 page 9:
  in "If the permitted-clearances has special value of all-clearances, exit
  with success." what about the effective-clearance (unchanged?)

 - 5.1.1 page 11: [RFC5280 -> [RFC5280]

 - 8 page 15: what is id-TBSL?

 - Author's Addresses page 19:
  Author's Addresses -> Authors' Addresses
  EMail/Email: choose one of them (EMail seems to be the standard)

Regards

Francis.Dupont@fdupont.fr

PS: http://www.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt
PPS: it should be fine to get an implementation report (not required for Proposed Standards but in this case it should show there is no trivial mistakes in the processing stuff).