Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

I believe this document has no issues.

Editorial comments:

In section 1:

   A subset of existing PKCS#11 structure members and object attributes
   was chosen believed to be sufficient in uniquely identifying a
   PKCS#11 token, storage object, or library in a configuration file, on
   ...

This sentence is not just long but also awkward.  The phrase "was
chosen believed to be.." seems to be missing a conjunction and
possibly a verb.  Maybe this was meant to be two sentences that got
smushed together?


In section 3.3:

   PKCS#11 specification imposes various limitations on the value of
   attributes, be it a more restrictive character set for the "serial"
   ...

I think you need to start this sentence with an article, i.e. "The
PKCS#11 specification imposes..."

(I'll note that I did not validate the ABNF).

Thanks,

-derek
-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant