[secdir] Secdir last call review of draft-ietf-ippm-initial-registry-12
Paul Wouters via Datatracker <email@example.com> Fri, 01 November 2019 13:12 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98483120125; Fri, 1 Nov 2019 06:12:36 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
From: Paul Wouters via Datatracker <firstname.lastname@example.org>
Cc: email@example.com, firstname.lastname@example.org, email@example.com
Reply-To: Paul Wouters <firstname.lastname@example.org>
Date: Fri, 01 Nov 2019 06:12:36 -0700
Subject: [secdir] Secdir last call review of draft-ietf-ippm-initial-registry-12
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:email@example.com?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:firstname.lastname@example.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 13:12:37 -0000
Reviewer: Paul Wouters Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. As this document populates an IANA registry with metrics values, no security considerations apply. This is stated in the Security Section. Normally, the IANA considerations are within one section and all other sections are written as if this has already been done, except with a [TBD] for any value IANA needs to put in. But this document uses text outside the Iana Considerations section like: "IANA is asked to assign different numeric identifiers to each of the two Named Metrics." It is better to rewrite this with clear text stating Name X is assigned value [TBD] Similarly, the document has "Change Controller", but the way this is normally phrased is to be part of the new Registry definition of "Registration Procedure(s)" which has defined values like "Expert review", "Specification Required", "First Come First Serve", etc. The document should be changed to reflect these standard types of policies, and ask IANA to create the Registries with the standarized procedure terms for updating those registries.
- [secdir] Secdir last call review of draft-ietf-... Paul Wouters via Datatracker
- Re: [secdir] Secdir last call review of draft-i... MORTON, ALFRED C (AL)