[OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-indicators-of-compromise-03: (with COMMENT)

Lars Eggert via Datatracker <noreply@ietf.org> Mon, 16 January 2023 13:15 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lars Eggert via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-opsec-indicators-of-compromise@ietf.org, opsec-chairs@ietf.org, opsec@ietf.org, furry13@gmail.com, furry13@gmail.com
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Lars Eggert <lars@eggert.org>
Message-ID: <167387492206.11270.15317079385387844195@ietfa.amsl.com>
Date: Mon, 16 Jan 2023 05:15:22 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/xaWGiXoV7dKcNLxv2_EdnrZ7Z1k>
Subject: [OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-indicators-of-compromise-03: (with COMMENT)

Lars Eggert has entered the following ballot position for
draft-ietf-opsec-indicators-of-compromise-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-opsec-indicators-of-compromise/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# GEN AD review of draft-ietf-opsec-indicators-of-compromise-03

CC @larseggert

Thanks to Vijay Gurbani for the General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/f4qDRffPWyGDKXuxNbrb5UVwU38).

## Comments

### Inclusive language

Found terminology that should be reviewed for inclusivity; see
https://www.rfc-editor.org/part2/#inclusive_language for background and more
guidance:

 * Term `master`; alternatives might be `active`, `central`, `initiator`,
   `leader`, `main`, `orchestrator`, `parent`, `primary`, `server`

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### URLs

These URLs in the document did not return content:

 *
 https://cert.europa.eu/static/WhitePapers/UPDATED-CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf

### Grammar/style

#### Section 1, paragraph 1
```
nce: the activity of providing cyber security to an environment through the
                               ^^^^^^^^^^^^^^
```
The word "cybersecurity" is spelled as one.

#### Section 2, paragraph 5
```
twork defenders (blue teams) to pro-actively block malicious traffic or code
                                ^^^^^^^^^^^^
```
This word is normally spelled as one.

#### Section 3.2.2, paragraph 1
```
roups to national governmental cyber security organisations and internationa
                               ^^^^^^^^^^^^^^
```
The word "cybersecurity" is spelled as one.

#### Section 3.2.7, paragraph 1
```
rce malware can be deployed by many different actors, each using their own T
                               ^^^^^^^^^^^^^^
```
Consider using "many".

#### Section 4.1.1, paragraph 3
```
security controls monitoring numerous different types of activity within net
                             ^^^^^^^^^^^^^^^^^^
```
Consider using "numerous".

#### Section 5.1.3, paragraph 1
```
the ongoing legitimate use. In a similar manner, a file hash representing an
                            ^^^^^^^^^^^^^^^^^^^
```
Consider replacing this phrase with the adverb "similarly" to avoid wordiness.

#### Section 5.2.1, paragraph 2
```
member expertise (particularly the further the lower bound extends below the
                                   ^^^^^^^
```
It appears that a comma is missing.

#### Section 5.2.1, paragraph 2
```
rust. Trust within such groups appears often strongest where members: intera
                               ^^^^^^^^^^^^^
```
The adverb "often" is usually put before the verb "appears".

#### Section 5.2.2, paragraph 2
```
uational awareness is much more time consuming. A third important considerati
                                ^^^^^^^^^^^^^^
```
This word is normally spelled with a hyphen.

#### Section 5.2.2, paragraph 3
```
C, as anything more granular is time consuming and complicated to manage. In
                                ^^^^^^^^^^^^^^
```
This word is normally spelled with a hyphen.

#### Section 5.3, paragraph 2
```
of call for protection from intrusion but endpoint solutions aren't a panacea
                                     ^^^^
```
Use a comma before "but" if it connects two independent clauses (unless they
are closely connected and short).

#### Section 6.1, paragraph 4
```
out of scope for this draft. Note too that DNS goes through firewalls, proxie
                                  ^^^^^^^^
```
Did you mean "to that"?

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool

[OPSEC] Lars Eggert's No Objection on draft-ietf-… Lars Eggert via Datatracker