[secdir] Secdir last call review of draft-ietf-ippm-initial-registry-12

Paul Wouters via Datatracker <noreply@ietf.org> Fri, 01 November 2019 13:12 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98483120125; Fri, 1 Nov 2019 06:12:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: last-call@ietf.org, draft-ietf-ippm-initial-registry.all@ietf.org, ippm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.108.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul@nohats.ca>
Message-ID: <157261395653.31839.392742976360807570@ietfa.amsl.com>
Date: Fri, 01 Nov 2019 06:12:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/L4aVFC0rKhM0kkD3udgV-tg3geI>
Subject: [secdir] Secdir last call review of draft-ietf-ippm-initial-registry-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 13:12:37 -0000

Reviewer: Paul Wouters
Review result: Has Issues

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the  IESG.  These
comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

As this document populates an IANA registry with metrics values, no security
considerations apply. This is stated in the Security Section.

Normally, the IANA considerations are within one section and all other sections
are written as if this has already been done, except with a [TBD] for any value
IANA needs to put in. But this document uses text outside the Iana
Considerations section like:

      "IANA is asked to assign different numeric identifiers to each of the two
      Named Metrics."

It is better to rewrite this with clear text stating Name X is assigned value

Similarly, the document has "Change Controller", but the way this is normally
phrased is to be part of the new Registry definition of "Registration
Procedure(s)" which has defined values like "Expert review", "Specification
Required", "First Come First Serve", etc. The document should be changed to
reflect these standard types of policies, and ask IANA to create the Registries
with the standarized procedure terms for updating those registries.