[secdir] SECDIR review of draft-housley-pkix-oids

Matthew Lepinski <mlepinski.ietf@gmail.com> Thu, 13 February 2014 18:52 UTC

Return-Path: <mlepinski.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 339CA1A03FF; Thu, 13 Feb 2014 10:52:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogHwk8k_DeAK; Thu, 13 Feb 2014 10:52:26 -0800 (PST)
Received: from mail-ea0-x231.google.com (mail-ea0-x231.google.com [IPv6:2a00:1450:4013:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 62B801A03E7; Thu, 13 Feb 2014 10:52:25 -0800 (PST)
Received: by mail-ea0-f177.google.com with SMTP id m10so2687168eaj.8 for <multiple recipients>; Thu, 13 Feb 2014 10:52:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=GEV55a52yq5yDmR1kRci3GSyx44mSspX+bvPmOZ19Jc=; b=Q6Ok48SLorPIss6E91zhAyaSKk+JvvSBJhqpcfFxFHRA0V1llGywseg6xRxiZ/vN6B IREi7+ms0ZI05ffjXhW8Lvgoq35gxAzhqhwcmerEa4uDZeNr8XfwDC2ibd3l4ujSGI4/ DSBj66U149UYEQK2l1Jxmo8VTW4rc6PC02AfoZ3lUGe8U3H02W3wSUP+CVq3/lNJq9rT efZg8kKMusoJxCgmKeLzxVJCmX/AHoG5Czdkt0hOdlqwrUuSgXZWEfn56p4AHqcdI31Y LCAupJdMFjf6z0KUH949MnYPmV7Re+QJNrhHcEkFFYzB7paCBd/mnAWmiJyIcVWBWwy0 e/jg==
MIME-Version: 1.0
X-Received: by 10.15.26.8 with SMTP id m8mr3732595eeu.25.1392317543706; Thu, 13 Feb 2014 10:52:23 -0800 (PST)
Received: by 10.14.105.69 with HTTP; Thu, 13 Feb 2014 10:52:23 -0800 (PST)
Date: Thu, 13 Feb 2014 13:52:23 -0500
Message-ID: <CANTg3aABqjC8QcrvQSs9ppYskLjWb9DJxqr0oMR2wMkQ_Xe_UQ@mail.gmail.com>
From: Matthew Lepinski <mlepinski.ietf@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-housley-pkix-oids.all@tools.ietf.org
Content-Type: multipart/alternative; boundary=089e0160c9a09b75e204f24e3022
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/V-_K-2fg2yF4p68r2_G9dZzW0Ys
Subject: [secdir] SECDIR review of draft-housley-pkix-oids
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 18:52:28 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and working group chairs should treat these
comments just like any other last call comments.

This document returns control of the PKIX object identifier arc to IANA.
That is, it establishes a new IANA registry for OIDs in the PKIX arc and
populates that registry with the existing OID assignments. Finally, the
document establishes expert review as the criteria for future additions to
the registry and includes guidance that for review.

After reviewing the document, I agree with the author that this document
introduces no new security concerns.

I found no issues in the document and I believe it is ready for publication.

-------------------------------

Nits

The author should consider including an expansion of the acronym SMI, which
is used frequently in the document. (I believe in this context SMI =
Structure of Management Information)

In Section 3:
s/be related to X.509 certificate/be related to X.509 certificates/

In Section 3.1:
s/to points to this document/to point to this document/