Document: draft-ietf-smime-escertid-04.txt
Reviewer: Francis Dupont
Review Date: 2007-01-30
IETF LC End Date: 2007-01-31

Summary: Not Ready

Comments:
 - a security consideration section is mandatory.

 - the introduction fails to explain how the hash is used even the idea
   is very simple (identify without ambiguity a certificate by its hash).

 - and its fails too to explain the choices.

 - 1 page 3: the text is painful to read.

 - 1 page 3 ESSCertID -> ESSCertID,

 - why the version 2 is described before the version 1?

 - 2 page 4: the text is painful.

 - 2 page 4: SHA-1 able -> SHA-1 to be able

 - 2 page 4: I.e. -> I.e.,

 - 3 and 5: why the "authorization certificates" became the "certificates"?

 - 3 and 5: what are the real differences between 3 and 5 texts?
   Is it possible to factorize them in order to make common and different
   parts easy to find?

 - 3 page 6: asserts apply -> asserts to apply

 - 3 page 6: SigningCertificate -> SigningCertificateV2 or perhaps you
   mean "SigningCertificateV1 or SigningCertificateV2". I suggest to
   introduce SigningCertificate as the "or" of the two versions.

 - 4 page 8: choose between hashAlg and hashAlgorithm

 - 4 page 8: e.g. -> e.g.,

 - 4 page 8: I don't like the definition of issuer even it is copied from
   RFC 2634. For instance GeneralNames is not GeneralName, and the
   consequences must be drawn/explained...

 - 5 pages 9 and 10: what are the differences with RFC 2634 and why?

 - 7 page 12: PKIXCERT and RFC3280 are the same document!

 - I didn't check the ASN.1 (seems OK according to a diff with RFC's one).
   Is there a recommended tool? I know there is one for MIBs.

 - Author page 18: USA in the address, +1 in the phone number.