[secdir] Fwd: secdir review of draft-ietf-ianaplan-icg-response-06

Sean Turner <turners@ieca.com> Sat, 13 December 2014 16:01 UTC

Return-Path: <turners@ieca.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399091A01F4 for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 08:01:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UH-CyjEbjtL6 for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 08:01:25 -0800 (PST)
Received: from gateway12.websitewelcome.com (gateway12.websitewelcome.com [67.18.70.6]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94ED81A01D6 for <secdir@ietf.org>; Sat, 13 Dec 2014 08:01:25 -0800 (PST)
Received: by gateway12.websitewelcome.com (Postfix, from userid 5007) id B3390D4B5C84; Sat, 13 Dec 2014 10:01:24 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway12.websitewelcome.com (Postfix) with ESMTP id 8FDDBD4B5BCD for <secdir@ietf.org>; Sat, 13 Dec 2014 10:01:24 -0600 (CST)
Received: from [96.231.218.201] (port=62997 helo=[192.168.1.7]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1Xzp8F-0003ij-Bs for secdir@ietf.org; Sat, 13 Dec 2014 10:01:23 -0600
From: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Date: Sat, 13 Dec 2014 11:01:21 -0500
References: <7E631EA0-8577-4616-A885-331078D93115@ieca.com>
To: secdir@ietf.org
Message-Id: <51EBFE8D-74AE-4B84-B855-1D7733AA43AF@ieca.com>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 96.231.218.201
X-Exim-ID: 1Xzp8F-0003ij-Bs
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.7]) [96.231.218.201]:62997
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/JbHAmWquXJc85Tf6lduBnQbx0SY
Subject: [secdir] Fwd: secdir review of draft-ietf-ianaplan-icg-response-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2014 16:01:27 -0000

And I managed to leave secdir off as a recipient.

spt

Begin forwarded message:

> From: Sean Turner <turners@ieca.com>;
> Subject: secdir review of draft-ietf-ianaplan-icg-response-06
> Date: December 13, 2014 at 10:25:49 EST
> To: draft-ietf-ianaplan-icg-response@tools.ietf.org, The IESG <iesg@ietf.org>;, ietf@ietf.org
> 
> Do not be alarmed.  I have reviewed this document as part of the security
> directorate’s ongoing effort to review all IETF documents being
> processed by the IESG.  These comments were written with the intent
> of improving security requirements and considerations in IETF drafts.
> Comments not addressed in last call may be included in AD reviews
> during the IESG review.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> Summary: No security or privacy issues that I can see, but I do have
> a couple of nits.
> 
> 0) General:
> 
> I guess it wasn’t clear to me that the response will take on the form of the
> RFC or if the text not proceeded by “>>>” in the main body will be returned
> in some of other form.
> 
> 1) Sec 1:
> 
> There’s a pointer to ICG’s charter and the RFP shouldn’t we also have a
> pointer to the NTIA announcement:
> 
> http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions
> 
> 2) Abstract contains:
> 
>   The IETF community is invited to
>   comment and propose changes to this document.
> 
> I guess this makes it crystal clear that folks could comment on the draft,
> but this sentence should be struck before going to the RFC editor.
> 
> 3) Sec I (section #s refer to RFP sections): Missing word
> 
> Missing “the”?  r/on iana.org/on the iana.org
> 
>   The IETF
>   community presently accesses the protocol parameter registries via
>   references based on iana.org domain name, and makes use of the term
>   "IANA" in the protocol parameter registry processes [RFC5226].
> 
> 4) Sec I: missing “.” at the end of the sentence:
> 
>>>> A description of any overlaps or interdependencies between your
>>>> IANA requirements and the functions required by other customer
>>>> communities
> 
> 5) Sec I: Overlap
> 
> I assume the overlap here is with the other two communities listed in
> this RFP (i.e., names & numbers) and not the IEEE or W3C?
> 
> 6) Sec I: "RIR System"?
> 
>      Through the IANA protocol
>      parameters registries, the IETF delegates unicast IP address and
>      AS number ranges to the RIR system [RFC7020],[RFC7249].
> 
> I went and looked in RFCs 7020 and 7249 and could find no reference
> to an “RIR system” I found Internet Numbers Registry System was that
> what you’re referring to?
> 
> 7) Sec I: Missing question/response?
> 
> In addition to the four bullets there is also this paragraph in the RFP:
> 
>   If your community relies on any other IANA service or activity
>   beyond the scope of the IANA functions contract, you may describe
>   them here. In this case please also describe how the service or
>   activity should be addressed by the transition plan.
> 
> And because the intro of the RFP says:
> 
>   The IANA Stewardship Transition Coordination Group (ICG) seeks
>   complete formal responses to this RFP through processes which are to
>   be convened …
> 
> Don’t we need to include a response to this question even if the answer
> is “none” or “see above”?
> 
> 8) Sec II.A: r/the/The & r/all/All
> 
>   IETF Response: the protocol parameters registries.
> 
>   IETF Response: all policy sources relating to the protocol parameters
>   registry are affected.
> 
> 9) Sec IV: Missing question?
> 
> The “Risks” paragraph in the RFP includes the following question:
> 
>   Description of how long the proposals in Section III are expected to
>   take to complete, and any intermediate milestones that may occur
>   before they are completed.
> 
> Does it need to be included along with the bullets in Sec IV?
> 
> 10) Sec V: missing question/response:
> 
> There are five bullets in sV this one is omitted:  
> 
>    o The proposal must not replace the NTIA role with a government-led
>      or an inter-governmental organization solution.
> 
> Should we say something about our proposal not replacing
> NTIA with a government-y organizational solution?  I mean I know it’s
> obvious to you and me, but maybe being explicit here is better.
> 
> 11) Sec VI: add IETF LC?
> 
> I assume you’re going to add a link to the IETF LC and maybe the ballots
> to the end of the list of actions.
> 
> 12) s3 (IANA Considerations)
> 
> r/is a response a request for/is a response to a request for
> 
> Cheers,
> 
> spt