[secdir] secdir review of draft-sparks-genarea-review-tracker-02

<Steve.Hanna@infineon.com> Fri, 07 August 2015 00:08 UTC

Return-Path: <steve.hanna@infineon.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 188B41B3DA4; Thu, 6 Aug 2015 17:08:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.511
X-Spam-Status: No, score=-5.511 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pw3uLRpqHH-T; Thu, 6 Aug 2015 17:07:59 -0700 (PDT)
Received: from smtp2.infineon.com (smtp2.infineon.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 509AB1B3D9F; Thu, 6 Aug 2015 17:07:58 -0700 (PDT)
X-SBRS: None
Received: from unknown (HELO mucxv002.muc.infineon.com) ([]) by smtp2.infineon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Aug 2015 02:07:56 +0200
Received: from MUCSE606.infineon.com (mucltm.muc.infineon.com []) by mucxv002.muc.infineon.com (Postfix) with ESMTPS; Fri, 7 Aug 2015 02:07:56 +0200 (CEST)
Received: from MUCSE613.infineon.com ( by MUCSE606.infineon.com ( with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 7 Aug 2015 02:07:55 +0200
Received: from MUCSE609.infineon.com ( by MUCSE613.infineon.com ( with Microsoft SMTP Server (TLS) id 15.0.995.29; Fri, 7 Aug 2015 02:07:55 +0200
Received: from MUCSE609.infineon.com ([]) by MUCSE609.infineon.com ([]) with mapi id 15.00.0995.032; Fri, 7 Aug 2015 02:07:54 +0200
From: <Steve.Hanna@infineon.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-sparks-genarea-review-tracker.all@tools.ietf.org>
Thread-Topic: secdir review of draft-sparks-genarea-review-tracker-02
Thread-Index: AdDQocweqGHV3bMZSDeQNbmXsE+MrA==
Date: Fri, 7 Aug 2015 00:07:54 +0000
Message-ID: <5cb15db2a1654207ab98ae1b77657ba9@MUCSE609.infineon.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/hL4Ytk_NrXA8snPBPF1dhZCaubs>
Subject: [secdir] secdir review of draft-sparks-genarea-review-tracker-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 00:08:01 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document provides requirements for improving the tools used to manage team document reviews in IETF. These tools are be used for managing secdir reviews, for example. If you want to get a peek at the next generation of these tools, peruse the document. It looks fine to me and Tero was one of the authors so I expect that he's fine with it.

This document is Ready With Nits. The nits are included below.




* The second bullet on page 7 refers to "the above bullet" but it is not clear which bullet is intended.

* In the fourth bullet on page 9, "must be able easily" should be "must be able to easily".

* In the eighth bullet on page 9, "that have" should be "that they have".

* The last sentence in the Security Considerations section seems a bit flippant. It currently reads "None of these [authentication and authorization considerations] have been identified as non-obvious." Although I don't have any material problems with this analysis, I wouldn't want to see other documents taking such a nonchalant approach to security. Instead of that sentence, I suggest "None of these have been identified as differing from the considerations relevant to the existing datatracker."