[secdir] Security review of draft-ietf-iasa2-rfc2031bis-05

"Hilarie Orman" <hilarie@purplestreak.com> Fri, 02 August 2019 19:28 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8440F120192; Fri, 2 Aug 2019 12:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YJOD1UpRsV9E; Fri, 2 Aug 2019 12:28:45 -0700 (PDT)
Received: from out01.mta.xmission.com (out01.mta.xmission.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CC28120147; Fri, 2 Aug 2019 12:28:45 -0700 (PDT)
Received: from in02.mta.xmission.com ([]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1htdEK-0003un-Ta; Fri, 02 Aug 2019 13:28:44 -0600
Received: from [] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1htdEK-0001Gc-3M; Fri, 02 Aug 2019 13:28:44 -0600
Received: from rumpleteazer.rhmr.com (localhost []) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id x72JQkRn027597; Fri, 2 Aug 2019 13:26:46 -0600
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id x72JQkZp027596; Fri, 2 Aug 2019 13:26:46 -0600
Date: Fri, 2 Aug 2019 13:26:46 -0600
Message-Id: <201908021926.x72JQkZp027596@rumpleteazer.rhmr.com>
From: "Hilarie Orman" <hilarie@purplestreak.com>
Reply-To: "Hilarie Orman" <hilarie@purplestreak.com>
To: iesg@ietf.org, secdir@ietf.org
Cc: draft-ietf-iasa2-rfc2031bis.all@tools.ietf.org
X-XM-SPF: eid=1htdEK-0001Gc-3M; ; ; mid=<201908021926.x72JQkZp027596@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1+P73cR72d7MHD5hs9fJ0el
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa05 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: **;iesg@ietf.org, secdir@ietf.org
X-Spam-Timing: total 569 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 2.6 (0.4%), b_tie_ro: 1.74 (0.3%), parse: 0.84 (0.1%), extract_message_metadata: 4.7 (0.8%), get_uri_detail_list: 1.95 (0.3%), tests_pri_-1000: 3.0 (0.5%), tests_pri_-950: 1.34 (0.2%), tests_pri_-900: 1.12 (0.2%), tests_pri_-90: 25 (4.5%), check_bayes: 24 (4.2%), b_tokenize: 8 (1.4%), b_tok_get_all: 8 (1.4%), b_comp_prob: 3.2 (0.6%), b_tok_touch_all: 2.8 (0.5%), b_finish: 0.59 (0.1%), tests_pri_0: 521 (91.5%), check_dkim_signature: 0.61 (0.1%), check_dkim_adsp: 7 (1.2%), poll_dns_idle: 0.55 (0.1%), tests_pri_10: 2.2 (0.4%), tests_pri_500: 5 (0.9%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/R-RRzNIEw-bGnd4ZRYdPdsczX4o>
Subject: [secdir] Security review of draft-ietf-iasa2-rfc2031bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 19:28:48 -0000

(with corrected subject line)       

	 Security review of The IETF-ISOC Relationship

Do not be alarmed.  I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.  These comments were written
with the intent of improving security requirements and considerations
in IETF drafts.  Comments not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.


This is an overview of the ways the IETF and the ISOC are entwined
with structural and legal relationships.  I believe that changes to
the RFC have been required because a new entity, the IETF LLC, is
being formed.  That slightly changes the way the IETF and ISOC

Does this affect the security of the Internet (something that might be
regarded as largely a mythical concept)?  The only problem that comes
to mind is that the several organizations might at some future time
have philosophical differences that are so deep that the ability of
the IETF to publish RFCs would be disrupted.  The organization that
holds IP is different from the organization that has the financial
oversight, and neither is the IP generator, so things might come apart
in some unforeseeable future.  I can see that the way the boards are
structured largely mitigates such worries.  Perhaps that is the best
that can be done.

An important document, the "operating agreement" (Limited Liability
Company Agreement of IETF Administration LLC", August 2018), is not
available via the reference section of the draft in question.  I was
able to use Internet search to find a copy.

Section 6, "Legal Relationship with ISOC" mentions both the IETF LLC
and the IETF Trust.  It would greatly help to use subheadings to
clarify that these are two separate legal entities.

This sentence is a grammatical trainwreck:
"It was established by the ISOC/IETF LLC Agreement [OpAgreement] on
August 27, 2018, and governs the relationship between the IETF LLC and
ISOC."  The pronoun "it" refers to the IETF LLC.  The second clause
has no subject, but if it did, the subject would be "the operating

We also see that "The creation of the IETF LLC has changed the way
that the IETF Trust's trustees are selected but did not change the
purpose or operation of the Trust.  One of the IETF Trust's trustees
is appointed by the ISOC's board of trustees."  How did it change
the way the trustees are selected?  Were there previously more or
fewer than one trustee appointed by ISOC?  Or was there some other change?

This sentence, which has probably been there for some time, "ISOC has
agreed to provide some funding support for the IETF (ISOC has
historically provided the IETF with significant financial support)"
sounds odd.  What is the different between "some" and "significant"?
Should it be "insignifant" and "significant"?  "Not much" and "a
lot"?  Is the differentiation even meaningful now?  When did ISOC last
affirm its agreement?  Does it matter?

RFCs generally use American spelling, so at least the uncapitalized
uses of "programme" should be changed to "program" in

   ISOC also supports the IETF standards process more indirectly (e.g.,
   by promoting it in relevant communities) through several programmes.
   For example, ISOC's Policymakers Programme to the IETF (usually
   referred to simply as ISOC's policy fellows programme)