[secdir] Secdir review of draft-doria-genart-experience-04
Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 02 August 2011 02:51 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C705D11E8158 for <secdir@ietfa.amsl.com>; Mon, 1 Aug 2011 19:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.761
X-Spam-Level:
X-Spam-Status: No, score=-94.761 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fspVXS8GsRfa for <secdir@ietfa.amsl.com>; Mon, 1 Aug 2011 19:51:02 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 4EBD011E8156 for <secdir@ietf.org>; Mon, 1 Aug 2011 19:50:59 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=uieixYzsKwwSYum7uVEjGjEq6ESa+VliL0hR9JwVtMUuPn8pYGx9wNvB97NwTBQhWm4F2VzxHFDN8nTNaBLljV6toPs5ZuBrJULCeuXviloM4+LJcS6c/AVm2YeRO6t4; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type;
Received: (qmail 7641 invoked from network); 2 Aug 2011 04:50:45 +0200
Received: from ip-64-119-211-105.static.fibrenoire.ca (HELO ?172.16.52.23?) (64.119.211.105) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Aug 2011 04:50:44 +0200
Message-ID: <4E376603.8090009@gondrom.org>
Date: Tue, 02 Aug 2011 03:50:43 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110627 Thunderbird/5.0
MIME-Version: 1.0
To: ietf@ietf.org, secdir@ietf.org, iesg@ietf.org, draft-doria-genart-experience.all@tools.ietf.org, gen-art@ietf.org
Content-Type: multipart/alternative; boundary="------------070603010908060305070700"
Subject: [secdir] Secdir review of draft-doria-genart-experience-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 02:51:15 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is informational and covers the experiences of the General Area Review Team. The Security Considerations of the draft are sufficient. The following three comments: 1. minor editorial in section 4.3Form of Review => maybe replace the word "stole" with "derived" or any other word. "Rather than invent new guidelines, the Gen-ART requirements for the form of a review stole liberally from" / "Rather than invent new guidelines, the Gen-ART requirements for the form of a review derived liberally from" 2. Section 12: is it beneficial to list all current members of the Gen-ART per name in the draft? - first are there any privacy issues with that? - when adding or removing people from the team,the list in the I-D might become outdated and give false information on the current status. Would it be more appropriate/easier to update the draft to reference the current list of reviewers (e.g. on a tools web page) instead of listing them in the I-D? 3. Section 10 Security Considerations: is ok so far. On a personal comment/addition: But maybe worth considering is that availability and integrity of sent reviews is also important: I noticed that recently some emails to mail-aliases did not get delivered to the respective lists and therefore reviews and/or answers to reviews might not be received by the individuals on these lists. Unfortunately this happens in some random fashion (for the same sender email and ietf tools aliases within a short time frame, some times it happens some times it doesn't), without a timely warning (but usually with a failure message 3-5 days after the email message has been posted). First investigations may suggest that this could be due to some spam filter or mail server configuration issues, however other reasons might also apply. This can obviously impair the quality of the public review process if individual comments and reviews will not be delivered. Kind regards, Tobias
- [secdir] Secdir review of draft-doria-genart-expe… Tobias Gondrom