[OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-indicators-of-compromise-03: (with COMMENT)
Lars Eggert via Datatracker <noreply@ietf.org> Mon, 16 January 2023 13:15 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: opsec@ietf.org
Delivered-To: opsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 12972C1516E7; Mon, 16 Jan 2023 05:15:22 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lars Eggert via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-opsec-indicators-of-compromise@ietf.org, opsec-chairs@ietf.org, opsec@ietf.org, furry13@gmail.com, furry13@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.5.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Lars Eggert <lars@eggert.org>
Message-ID: <167387492206.11270.15317079385387844195@ietfa.amsl.com>
Date: Mon, 16 Jan 2023 05:15:22 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/xaWGiXoV7dKcNLxv2_EdnrZ7Z1k>
Subject: [OPSEC] Lars Eggert's No Objection on draft-ietf-opsec-indicators-of-compromise-03: (with COMMENT)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2023 13:15:22 -0000
Lars Eggert has entered the following ballot position for draft-ietf-opsec-indicators-of-compromise-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsec-indicators-of-compromise/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # GEN AD review of draft-ietf-opsec-indicators-of-compromise-03 CC @larseggert Thanks to Vijay Gurbani for the General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/f4qDRffPWyGDKXuxNbrb5UVwU38). ## Comments ### Inclusive language Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and more guidance: * Term `master`; alternatives might be `active`, `central`, `initiator`, `leader`, `main`, `orchestrator`, `parent`, `primary`, `server` ## Nits All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. ### URLs These URLs in the document did not return content: * https://cert.europa.eu/static/WhitePapers/UPDATED-CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf ### Grammar/style #### Section 1, paragraph 1 ``` nce: the activity of providing cyber security to an environment through the ^^^^^^^^^^^^^^ ``` The word "cybersecurity" is spelled as one. #### Section 2, paragraph 5 ``` twork defenders (blue teams) to pro-actively block malicious traffic or code ^^^^^^^^^^^^ ``` This word is normally spelled as one. #### Section 3.2.2, paragraph 1 ``` roups to national governmental cyber security organisations and internationa ^^^^^^^^^^^^^^ ``` The word "cybersecurity" is spelled as one. #### Section 3.2.7, paragraph 1 ``` rce malware can be deployed by many different actors, each using their own T ^^^^^^^^^^^^^^ ``` Consider using "many". #### Section 4.1.1, paragraph 3 ``` security controls monitoring numerous different types of activity within net ^^^^^^^^^^^^^^^^^^ ``` Consider using "numerous". #### Section 5.1.3, paragraph 1 ``` the ongoing legitimate use. In a similar manner, a file hash representing an ^^^^^^^^^^^^^^^^^^^ ``` Consider replacing this phrase with the adverb "similarly" to avoid wordiness. #### Section 5.2.1, paragraph 2 ``` member expertise (particularly the further the lower bound extends below the ^^^^^^^ ``` It appears that a comma is missing. #### Section 5.2.1, paragraph 2 ``` rust. Trust within such groups appears often strongest where members: intera ^^^^^^^^^^^^^ ``` The adverb "often" is usually put before the verb "appears". #### Section 5.2.2, paragraph 2 ``` uational awareness is much more time consuming. A third important considerati ^^^^^^^^^^^^^^ ``` This word is normally spelled with a hyphen. #### Section 5.2.2, paragraph 3 ``` C, as anything more granular is time consuming and complicated to manage. In ^^^^^^^^^^^^^^ ``` This word is normally spelled with a hyphen. #### Section 5.3, paragraph 2 ``` of call for protection from intrusion but endpoint solutions aren't a panacea ^^^^ ``` Use a comma before "but" if it connects two independent clauses (unless they are closely connected and short). #### Section 6.1, paragraph 4 ``` out of scope for this draft. Note too that DNS goes through firewalls, proxie ^^^^^^^^ ``` Did you mean "to that"? ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT]. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments [IRT]: https://github.com/larseggert/ietf-reviewtool
- [OPSEC] Lars Eggert's No Objection on draft-ietf-… Lars Eggert via Datatracker