[secdir] SECDIR review of draft-ietf-regext-launchphase
Chris Lonvick <lonvick.ietf@gmail.com> Fri, 03 November 2017 10:58 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC4413FD83; Fri, 3 Nov 2017 03:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ddxg7tvljUc; Fri, 3 Nov 2017 03:58:22 -0700 (PDT)
Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3318913FD7C; Fri, 3 Nov 2017 03:58:19 -0700 (PDT)
Received: by mail-oi0-x244.google.com with SMTP id h6so1769353oia.10; Fri, 03 Nov 2017 03:58:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version; bh=8nKF6kzetAvduzRiACx8kKIyoTCFlYpj3Z64gXYwkhQ=; b=e2XXmFTaPwccYWAiabScRNRKbtKN2QoYkOKRveLTIV9NxKyRGhFufnOwHzHBeQ73Lh DV29eOeOxV10Rcsh7Y6KDfN0DsCYs2Nmxx2AolxbAqQa2eI5V3Ccxf++ZoZsdoIqwrBc y3f093qbXAhPq9TA7swHjQVW+mmlG0dWOdwXXkCzreWv60c/H4Bpi/XXPXKcAyPBB4ou /dmY1vAV4P3hZsOgUbcOn5EKjU+Ypb/zrzXddlpNXb+oDoPqK+oyG/Pc7P/khXvyb96g V2BMj3w6HNHEdcuFUwb85Kcp9VhnlSRzhXwv4IYAEYtHSGY2PR2tjMhoQkaR8MYwM/SL E9zQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version; bh=8nKF6kzetAvduzRiACx8kKIyoTCFlYpj3Z64gXYwkhQ=; b=VrQfP+c35Iw91uJiwahjoxx/Z91+eq8AfOj2Y/Vej58hpRJlRC2QHF2Tc1//2AL9ZY PACEtK+sLbbOzMWr/TWlX5IjTWdiH7oIyHnL6SpxPhLAhTLwBxuFTEKIvmh86WH3L0E4 x6ZOjh2QOugKhyr0cbS3JJBvnQ9JPEcabZLbfjRGvlAfQTGe5k+RKClwEInqL+JHEwjv 2HSiA1AHzoJtbSJRVI3qXyem0rTN6Mb9haXGVxYijkbqu3gwWm4OmdjCUtYqeNbXfOA0 EIgbC8f8Nf6l3cfb5eZhzoZ7Ln3KUPzoSW6tfq87kF8sAJfdUGZvhf69x7yp6TWoOTwE wfVw==
X-Gm-Message-State: AMCzsaX1z2tIklhGy7tGniBJKir+QM6gGcy8gIyD5KkO/bQWFScfstVi HnvqZBbV/GYxWxAmCI9h4Hj+UA==
X-Google-Smtp-Source: ABhQp+Trb2YJU/hrqb4Beq2H0GWJ6aCBLbiArP4pDd1JoYq1gQJ4ofGWvcfm6uokUeH0i+/Op6b9Ng==
X-Received: by 10.202.4.19 with SMTP id 19mr3502643oie.69.1509706698354; Fri, 03 Nov 2017 03:58:18 -0700 (PDT)
Received: from Chriss-Air.attlocal.net ([2600:1700:d590:b2f0:d8df:5bf5:a2fb:46f2]) by smtp.googlemail.com with ESMTPSA id a6sm2357757oic.58.2017.11.03.03.58.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Nov 2017 03:58:17 -0700 (PDT)
To: draft-ietf-regext-launchphase.all@ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
From: Chris Lonvick <lonvick.ietf@gmail.com>
Message-ID: <59FC4BC7.2040707@gmail.com>
Date: Fri, 03 Nov 2017 05:58:15 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------050803040907040902070107"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Mh0VCGAwHY1Ln3Bf9Hjf2aWaX3A>
Subject: [secdir] SECDIR review of draft-ietf-regext-launchphase
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 10:58:24 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. The abstract describes the specification as: This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of domain name registrations and applications during the launch of a domain name registry. I am not familiar with this line of work. In my review, I found in the section of Conventions Used in this Document, several XML terms are defined with each containing an addendum similar to, "The XML namespace prefix [xxx] is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer to interpret and output the XML documents." I think that it would be appropriate to have a summary statement covering these in the Security Considerations section. The Security Considerations section appears appropriate for the contents and normative references. Regards, Chris
- [secdir] SECDIR review of draft-ietf-regext-launc… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-regext-l… Gould, James