[secdir] Secdir last call review of draft-iab-rfcefdp-rfced-model-11

Russ Mundy via Datatracker <noreply@ietf.org> Wed, 23 February 2022 22:51 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB5D3A106C; Wed, 23 Feb 2022 14:51:47 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Mundy via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-iab-rfcefdp-rfced-model.all@ietf.org, iab@iab.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.45.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164565670705.28507.12262976632263611001@ietfa.amsl.com>
Reply-To: Russ Mundy <mundy@tislabs.com>
Date: Wed, 23 Feb 2022 14:51:47 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mCs5u4ybj51Ansul6l5FvXITdMc>
Subject: [secdir] Secdir last call review of draft-iab-rfcefdp-rfced-model-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2022 22:51:47 -0000

Reviewer: Russ Mundy
Review result: Ready

Reviewer: Russ Mundy
Review result: Ready with nits

I have (re)reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the  IESG.
These comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is: Ready with nits

The document is well written, understandable and provides sound definition of a
new version of the RFC Editor Model.

The only nits that I identified in the document are in the Security
Considerations section where the wording infers that "the RFC Editor" is a
single entity (or person). I recognize that the wording in the section came
mostly from earlier RFC Editor Model versions but since this Model Version
clearly states that the activities are performed by a collection of multiple
entities, the wording of section 10 seems inconsistent with other parts of the
document.

Without trying to make this section unduly long or complex, I suggest making
something like the following changes to section 10:

First paragraph, third sentence current wording:

"Since the RFC Editor maintains the index of publications, sufficient security
must be in place to ...."

Suggest changing to:

"Since multiple entities described in this document participate in maintenance
of the index of publications, sufficient security must be in place and followed
by each entity to ..."

Second paragraph current wording:

"The IETF LLC should take ..."

Suggest changing to:

"The IETF LLC or any other contracting activity(s), e.g., subcontracts,  should
take ..."

Again, thanks for the excellent quality draft - hopefully, the suggested
changes make section 10 clearer.

Russ Mundy