I reviewed the document "SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms" (draft-hansen-scram-sha256-02.txt) as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the operational area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.   Intended status: Informational Updates: 5802 (if approved) Current IESG state: Waiting for Writeup IANA Review State: IANA - Not OK (see for IANA comments at: https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/history/ ) IANA Action State: None   Summary: The document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS. It updates RFC 5802. The registration form for the SCRAM family of algorithms is also updated, which adds two new fields: Minimum iteration-count and Associated OID.   I don't see any issues from the operations and management pov. However, I would like to suggest to delete the string "in minor ways" in the abstract.   There is a major nit for the use of RFC 2119 keywords in an Informational document (see https://tools.ietf.org/idnits?url="">     ** The document seems to lack a both a reference to RFC 2119 and the      recommended RFC 2119 boilerplate, even if it appears to use RFC 2119      keywords.        RFC 2119 keyword, line 85: '...   SHOULD announce a hash iteration-co...'      RFC 2119 keyword, line 121: '...      SHOULD announce...'      RFC 2119 keyword, line 122: '...ciated OID: IANA SHOULD assign a GSS-A...'      RFC 2119 keyword, line 132: '...s of this family MUST be explicitly re...'      RFC 2119 keyword, line 133: '...      the "IETF Review" [RFC5226] registration procedure.  Reviews MUST...'      (1 more instance...)   Cheers, Mehmet