[secdir] Fwd: secdir review of draft-ietf-ianaplan-icg-response-06
Sean Turner <turners@ieca.com> Sat, 13 December 2014 16:01 UTC
Return-Path: <turners@ieca.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 399091A01F4 for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 08:01:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UH-CyjEbjtL6 for <secdir@ietfa.amsl.com>; Sat, 13 Dec 2014 08:01:25 -0800 (PST)
Received: from gateway12.websitewelcome.com (gateway12.websitewelcome.com [67.18.70.6]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94ED81A01D6 for <secdir@ietf.org>; Sat, 13 Dec 2014 08:01:25 -0800 (PST)
Received: by gateway12.websitewelcome.com (Postfix, from userid 5007) id B3390D4B5C84; Sat, 13 Dec 2014 10:01:24 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway12.websitewelcome.com (Postfix) with ESMTP id 8FDDBD4B5BCD for <secdir@ietf.org>; Sat, 13 Dec 2014 10:01:24 -0600 (CST)
Received: from [96.231.218.201] (port=62997 helo=[192.168.1.7]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1Xzp8F-0003ij-Bs for secdir@ietf.org; Sat, 13 Dec 2014 10:01:23 -0600
From: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 13 Dec 2014 11:01:21 -0500
References: <7E631EA0-8577-4616-A885-331078D93115@ieca.com>
To: secdir@ietf.org
Message-Id: <51EBFE8D-74AE-4B84-B855-1D7733AA43AF@ieca.com>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 96.231.218.201
X-Exim-ID: 1Xzp8F-0003ij-Bs
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([192.168.1.7]) [96.231.218.201]:62997
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/JbHAmWquXJc85Tf6lduBnQbx0SY
Subject: [secdir] Fwd: secdir review of draft-ietf-ianaplan-icg-response-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Dec 2014 16:01:27 -0000
And I managed to leave secdir off as a recipient. spt Begin forwarded message: > From: Sean Turner <turners@ieca.com> > Subject: secdir review of draft-ietf-ianaplan-icg-response-06 > Date: December 13, 2014 at 10:25:49 EST > To: draft-ietf-ianaplan-icg-response@tools.ietf.org, The IESG <iesg@ietf.org>, ietf@ietf.org > > Do not be alarmed. I have reviewed this document as part of the security > directorate’s ongoing effort to review all IETF documents being > processed by the IESG. These comments were written with the intent > of improving security requirements and considerations in IETF drafts. > Comments not addressed in last call may be included in AD reviews > during the IESG review. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Summary: No security or privacy issues that I can see, but I do have > a couple of nits. > > 0) General: > > I guess it wasn’t clear to me that the response will take on the form of the > RFC or if the text not proceeded by “>>>” in the main body will be returned > in some of other form. > > 1) Sec 1: > > There’s a pointer to ICG’s charter and the RFP shouldn’t we also have a > pointer to the NTIA announcement: > > http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions > > 2) Abstract contains: > > The IETF community is invited to > comment and propose changes to this document. > > I guess this makes it crystal clear that folks could comment on the draft, > but this sentence should be struck before going to the RFC editor. > > 3) Sec I (section #s refer to RFP sections): Missing word > > Missing “the”? r/on iana.org/on the iana.org > > The IETF > community presently accesses the protocol parameter registries via > references based on iana.org domain name, and makes use of the term > "IANA" in the protocol parameter registry processes [RFC5226]. > > 4) Sec I: missing “.” at the end of the sentence: > >>>> A description of any overlaps or interdependencies between your >>>> IANA requirements and the functions required by other customer >>>> communities > > 5) Sec I: Overlap > > I assume the overlap here is with the other two communities listed in > this RFP (i.e., names & numbers) and not the IEEE or W3C? > > 6) Sec I: "RIR System"? > > Through the IANA protocol > parameters registries, the IETF delegates unicast IP address and > AS number ranges to the RIR system [RFC7020],[RFC7249]. > > I went and looked in RFCs 7020 and 7249 and could find no reference > to an “RIR system” I found Internet Numbers Registry System was that > what you’re referring to? > > 7) Sec I: Missing question/response? > > In addition to the four bullets there is also this paragraph in the RFP: > > If your community relies on any other IANA service or activity > beyond the scope of the IANA functions contract, you may describe > them here. In this case please also describe how the service or > activity should be addressed by the transition plan. > > And because the intro of the RFP says: > > The IANA Stewardship Transition Coordination Group (ICG) seeks > complete formal responses to this RFP through processes which are to > be convened … > > Don’t we need to include a response to this question even if the answer > is “none” or “see above”? > > 8) Sec II.A: r/the/The & r/all/All > > IETF Response: the protocol parameters registries. > > IETF Response: all policy sources relating to the protocol parameters > registry are affected. > > 9) Sec IV: Missing question? > > The “Risks” paragraph in the RFP includes the following question: > > Description of how long the proposals in Section III are expected to > take to complete, and any intermediate milestones that may occur > before they are completed. > > Does it need to be included along with the bullets in Sec IV? > > 10) Sec V: missing question/response: > > There are five bullets in sV this one is omitted: > > o The proposal must not replace the NTIA role with a government-led > or an inter-governmental organization solution. > > Should we say something about our proposal not replacing > NTIA with a government-y organizational solution? I mean I know it’s > obvious to you and me, but maybe being explicit here is better. > > 11) Sec VI: add IETF LC? > > I assume you’re going to add a link to the IETF LC and maybe the ballots > to the end of the list of actions. > > 12) s3 (IANA Considerations) > > r/is a response a request for/is a response to a request for > > Cheers, > > spt