draft-nesser-otp-sha-256-384-512-01.txt

[Russ Housley <housley@vigilsec.com>]

I have a few comments on the draft.

1.  The last paragraph of section 2 says:

   Although the SHA 256, SHA 384 and SHA 512 alogrithms are still in their
   introductory state, the length of their outputs are set and will not
   change.

This is not correct.  SHA-256, SHA-384 and SHA-512 are final.  They were 
published in FIPS 180-2 on 1 August 2002.

2.  Section 5 includes the following:

   The currently defined (RFC 2289) algorithm identifiers are:

       md4        MD4 Message Digest
       md5        MD5 Message Digest
       sha1       NIST Secure Hash Algorithm Revision 1

   The following new algorithm identifiers are defined

	 sha256	NIST Secure Hash Algorithm 256-bit output
	 sha384	NIST Secure Hash Algorithm 384-bit output
	 sha512	NIST Secure Hash Algorithm 512-bit output

I think it would be much clearer to say the following:

   The currently defined (RFC 2289) algorithm identifiers are:

       md4        MD4, as defined in RFC 1320
       md5        MD5, as defined in RFC 1321
       sha1       NIST SHA-1, as defined in FIPS 180-1

   The following new algorithm identifiers are defined:

       sha256     NIST SHA-256, as defined in FIPS 180-2
       sha384     NIST SHA-384, as defined in FIPS 180-2
       sha512     NIST SHA-512, as defined in FIPS 180-2

3.  Section 6 should include a comment that tells the reader that each 
element in the sha.digest array is 32 bits.

4.  Section 12 should include references for RFCs 1320, 1321, and 2289.

5.  An additional section with test vectors would be very helpful.  This 
will ensure that implementations have used the correct endian order that is 
specified in section 7.

Thanks for listening,
  Russ