[secdir] Secdir last call review of draft-thaler-iftype-reg-05
Melinda Shore via Datatracker <email@example.com> Sat, 26 October 2019 03:07 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7835E120026; Fri, 25 Oct 2019 20:07:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
From: Melinda Shore via Datatracker <firstname.lastname@example.org>
Cc: email@example.com, firstname.lastname@example.org
Reply-To: Melinda Shore <email@example.com>
Date: Fri, 25 Oct 2019 20:07:27 -0700
Subject: [secdir] Secdir last call review of draft-thaler-iftype-reg-05
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:email@example.com?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2019 03:07:27 -0000
Reviewer: Melinda Shore Review result: Has Issues This document is an update to RFC 2863, providing revised guidelines for the definition of new interface types and tunnel types. In doing so it introduces some guidance for the development of YANG ifType and tunnelType modules, which was not previously covered elsewhere. To be honest I found the writing occasionally difficult to follow, as the text was not as well-structured as we usually see in mature IETF documents. Even the abstract doesn't really get to the point until the last sentence. Similarly, section 7 opens with a comment on some misguidance on request submission in the MIB module, while I think it would be much clearer to say "Requests may be submitted to IANA via email at firstname.lastname@example.org, or via a web form at https://www.iana.org/form/iftype" followed by some text pointing out the misguidance. The request to IANA to update the MIB module could be dropped down into IANA considerations (section 8). Nit: In section 7 "iana&iana.org" should be "email@example.com." Security considerations: It might be reasonable to argue that a document providing guidelines for registering a new MIB or YANG interface type module has no security considerations, but it's worth noting that other documents do include some text. See, for example, RFC 6117 on the registration of ENUM services, which does provide guidance on security considerations to authors of new Enumservice Types), and RFC 8436, on DSCP Pool 3 IANA registration procedures, points authors to the documents defining new DSCP values. Sections 6.3.1 and 6.3.2 could/should provide some broad guidance on writing security considerations for new ifType and tunnelType modules. So, I think there's a bit more to say there but ultimately this one would be up to the OPS ADs.
- [secdir] Secdir last call review of draft-thaler-… Melinda Shore via Datatracker
- Re: [secdir] [Last-Call] Secdir last call review … Suresh Krishnan