Document: draft-ietf-crisp-iris-core-06
Reviewer: Spencer Dawkins
Date: May 12, 2004

NOTE: Reviewed together with iris-dreg-06 and iris-beep-06

Summary - these drafts are close to baked for Proposed Standard.

Nits, all of which are Auth48:

(iris-core) - 1st paragraph of 1.2 - "a URI, more specifically a URN"
is a little pedantic ("a URN"), but at the very least, URN should be
expanded at first use.

(iris-core) - 1.3 layer figure doesn't expand "beep", iris-lwz, etc.

(general) - the "formal XML syntax" sections of these documents go for
pages - maybe tens of pages - with no explanation. Appendix A of
iris-dreg is a lot more readable, with only a little more text that
points out what to look for, section by section. As they stand, the
formal XML syntax sections are a lot more useful to automated syntax
checkers than to humans.

(iris-core) - 7.2 - "there is nothing stopping them" is idiomatic and
problematic for ESL. If there's a recommendation (application protocol
label string == scheme name), it should be a lot clearer than this.

(iris-core) - 10 - the "SHOULD NOT be used" seems to be directed at a
registry, but the client is the one who would misuse authentication
credentials for mechanisms vulnerable to replay attacks.

(iris-core) Appendix C - is really nice, but tends to use "lookup" as
a verb. It should be "look up", when it's a verb, should it not?

(iris-beep) - 1 - the third paragraph sounds like a political speech.
It could be a LOT clearer. And "straight use of TCP" in the fourth
paragraph isn't clear - you mean "IRIS directly over TCP", right?

(iris-beep) - 4 - Certificates don't actually cryptographically
verify, right? (They are inanimate!) something like "must be
cryptographically verified"?

(iris-dreg) - 3.2.1 - "And their specified cardinality allows their
absence" is stilted and confusing, and "if they are present without
content" is ambiguous (I think you're talking about element types, but
boolean attributes is closer in the sentence).