Bad title change on document in the 48-hour queue

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

Greetings again. There is a bad change to a title on a document in 
the RFC author's 48-hour queue (RFC 3562) that I hope can be fixed 
before the RFC is published. The acronym for a cryptographic function 
has be spelled out in a confusing fashion.

The title on the Internet Draft is:
   Security Requirements for Keys used with the TCP MD5 Signature Option
The title on RFC 3652 in the queue is:
   Key Management Considerations for the TCP MD5 (Message-Digest) 
Signature Option

(FWIW, I think the change from "Security Requirements" to 
"Considerations" is a good one.)

MD5 is the name of a specific message digest algorithm. Saying "MD5 
(Message-Digest)" indicates that MD5 *means* Message-Digest, which is 
very definitely does not. The parenthetical expansion should be 
removed here to make the title accurate and understandable.

Although expanding some acronyms in titles will help some readers, 
doing it blindly will not. There has already been another more 
serious embarrassing error for a recent security document, RFC 3537:

   Wrapping a Hashed Message Authentication Code (HMAC) key with
   a Triple-Data Encryption Standard (DES) Key or an Advanced
   Encryption Standard (AES) Key

This makes it look like "Triple-Data Encryption Standard" means 
"DES". The original title of the Internet Draft used "Triple-DES", 
which is completely understood in the security world. Spelling it out 
makes the title of the RFC harder to understand.

--Paul Hoffman, Director
--VPN Consortium