[secdir] secdir review of draft-ietf-mile-template-04
Samuel Weiler <weiler+secdir@watson.org> Fri, 18 May 2012 14:01 UTC
Return-Path: <weiler+secdir@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F03C21F8650; Fri, 18 May 2012 07:01:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQ-+8YyaICmb; Fri, 18 May 2012 07:01:05 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id E939521F864E; Fri, 18 May 2012 07:01:04 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id q4IE13QC013878; Fri, 18 May 2012 10:01:03 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id q4IE130H013873; Fri, 18 May 2012 10:01:03 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Fri, 18 May 2012 10:01:03 -0400
From: Samuel Weiler <weiler+secdir@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: draft-ietf-mile-template.all@tools.ietf.org, secdir@ietf.org, iesg@ietf.org
Message-ID: <alpine.BSF.2.00.1205180950280.66835@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Fri, 18 May 2012 10:01:03 -0400 (EDT)
Subject: [secdir] secdir review of draft-ietf-mile-template-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 May 2012 14:01:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This doc provides a template for other i-d's describing IODEF extensions. The template reminds authors that they need a security considerations section and cites 3552. The surrounding document has no security considerations of note. I'm fine with the doc moving forward as-is. Minor: The doc title and abstract use "IODEF" without expansion, but I think it's an uncommon enough term that expansion is needed. This doc's security considerations section says: "This document defines a template for extensions to IODEF; the security considerations for IODEF [RFC5070] apply." I might instead say "This document raises no security issues. Extensions defined using the template in Appendix A need to provide an analysis of security issues they may raise. See A.5 for more details."
- [secdir] secdir review of draft-ietf-mile-templat… Samuel Weiler