[secdir] secdir review of draft-yevstifeyev-ion-report-06

[Catherine Meadows <meadows@itd.nrl.navy.mil>]

Resend of my previous message:  I mistyped the tools email address.

Cathy


I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

  This draft reports on the IETF Operational Notes Process (ION) process experiment,
which was intended to provide a repository for operational documents that were intended to stand
somewhere between RFC's and Internet Drafts by being less permanent than RFC's but easier to reference
than Internet Drafts.  This document describes the RFC's related to this experiment, and the IONs that were published.
It also formally notes the termination of the experiment, and the reason for its termination: namely that IESG statements and web pages
already fulfilled the purpose which IONs were designed for.  The document also gives a description of the subsequent history of the IONs, all except one of which
were re-published in another form.

This document does not have much to do with security, since it  merely records the history of the of an experimental method of publishing documents,
and the only issue was that an acceptable method of publishing the documents already existed.  However, I have a little problem with the statement in the security
considerations section that 

IONs did not include protocol specifications and therefore
   terminating this series is not believed to have any impact on
   security of the Internet.

I can think of plenty of IETF documents that don't have include protocol specifications but do
have an impact on security, e.g. informational RFC's on best security practices.  I would recommend
that the authors instead say that since the it was determined that the information in IONs could be distributed by other means,
terminating this series should not have any impact on security.




Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil





Begin forwarded message:

> From: Mail Delivery Subsystem <MAILER-DAEMON@fw5540.nrl.navy.mil>
> Date: August 1, 2011 4:57:59 PM EDT
> To: <meadows@itd.nrl.navy.mil>
> Subject: Returned mail: see transcript for details
> 
> The original message was received at Mon, 1 Aug 2011 16:57:52 -0400 (EDT)
> from sun1.fw5540.net [10.0.0.11]
> 
>   ----- The following addresses had permanent fatal errors -----
> <draft-yevstifeyev-ion-report.all@tools.org>
>    (reason: 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User unknown)
> 
>   ----- Transcript of session follows -----
> ... while talking to mail.medispecialty.com.:
>>>> RCPT To:<draft-yevstifeyev-ion-report.all@tools.org>
> <<< 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User unknown
> 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User unknown
> Reporting-MTA: dns; fw5540.nrl.navy.mil
> Received-From-MTA: DNS; sun1.fw5540.net
> Arrival-Date: Mon, 1 Aug 2011 16:57:52 -0400 (EDT)
> 
> Final-Recipient: RFC822; draft-yevstifeyev-ion-report.all@tools.org
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; mail.medispecialty.com
> Diagnostic-Code: SMTP; 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User unknown
> Last-Attempt-Date: Mon, 1 Aug 2011 16:57:59 -0400 (EDT)
> 
> From: Catherine Meadows <meadows@itd.nrl.navy.mil>
> Date: August 1, 2011 5:07:19 PM EDT
> To: iesg@ietf.org, secdir@ietf.org, draft-yevstifeyev-ion-report.all@tools.org
> Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
> Subject: secdir review of draft-yevstifeyev-ion-report-06
> 
>