[Gen-art] Genart last call review of draft-ietf-regext-login-security-05
Brian Carpenter via Datatracker <noreply@ietf.org> Sun, 03 November 2019 03:49 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D75321200B6; Sat, 2 Nov 2019 20:49:20 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Carpenter via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: last-call@ietf.org, draft-ietf-regext-login-security.all@ietf.org, regext@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.108.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Brian Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <157275296078.5986.16873647589469042217@ietfa.amsl.com>
Date: Sat, 02 Nov 2019 20:49:20 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/z7yn4U1SFu4uYtnll5so_9y73ww>
Subject: [Gen-art] Genart last call review of draft-ietf-regext-login-security-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2019 03:49:21 -0000
Reviewer: Brian Carpenter Review result: Ready with Issues Gen-ART Last Call review of draft-ietf-regext-login-security-05 I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-regext-login-security-05.txt Reviewer: Brian Carpenter Review Date: 2019-11-03 IETF LC End Date: 2019-11-12 IESG Telechat date: Summary: Ready with minor issues -------- Minor issues: ------------- I found section 2 "Migrating to Newer Versions of This Extension" a little hard to follow. Firstly, am I correct in assuming that "a new version" means a version number higher than 1.0, e.g. "loginSec-1.1"? That is probably the intended meaning, but I think it needs to be explicit. Maybe state that this document defines "loginSec-1.0" and future documents can define other minor and major versions such as "loginSec-1.1" or "loginSec-2.0". Then "(for a temporary migration period)" is a bit vague. I think it would be useful to suggest the order of magnitude of the overlap period: days?, months?; hopefully not years. I also think a short discussion of adding & removing versions is needed in the Security Considerations, since the reason for a new version might be the discovery of a vulnerability in the current version. That's when a short migration period is desirable. FYI, there are some other extension design considerations in https://tools.ietf.org/html/rfc6709#section-4 . Nits: ----- "1. Introduction This document describes an Extensible Provisioning Protocol (EPP) extension for enhancing the security of the EPP login command in EPP RFC 5730. The enhancements include supporting longer passwords (or passphrases) than the 16-character maximum and providing a list of security events in the login response. The password (current and new) in EPP RFC 5730 can be overridden..." "RFC 5730" should either be in parenthesis as "(RFC 5730)" or a reference "[RFC5730]" (twice).
- [Gen-art] Genart last call review of draft-ietf-r… Brian Carpenter via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Gould, James
- Re: [Gen-art] Genart last call review of draft-ie… Brian E Carpenter
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper