[secdir] Secdir last call review of draft-iab-rfcefdp-rfced-model-11
Russ Mundy via Datatracker <noreply@ietf.org> Wed, 23 February 2022 22:51 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB5D3A106C; Wed, 23 Feb 2022 14:51:47 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Mundy via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-iab-rfcefdp-rfced-model.all@ietf.org, iab@iab.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.45.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164565670705.28507.12262976632263611001@ietfa.amsl.com>
Reply-To: Russ Mundy <mundy@tislabs.com>
Date: Wed, 23 Feb 2022 14:51:47 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mCs5u4ybj51Ansul6l5FvXITdMc>
Subject: [secdir] Secdir last call review of draft-iab-rfcefdp-rfced-model-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2022 22:51:47 -0000
Reviewer: Russ Mundy Review result: Ready Reviewer: Russ Mundy Review result: Ready with nits I have (re)reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is: Ready with nits The document is well written, understandable and provides sound definition of a new version of the RFC Editor Model. The only nits that I identified in the document are in the Security Considerations section where the wording infers that "the RFC Editor" is a single entity (or person). I recognize that the wording in the section came mostly from earlier RFC Editor Model versions but since this Model Version clearly states that the activities are performed by a collection of multiple entities, the wording of section 10 seems inconsistent with other parts of the document. Without trying to make this section unduly long or complex, I suggest making something like the following changes to section 10: First paragraph, third sentence current wording: "Since the RFC Editor maintains the index of publications, sufficient security must be in place to ...." Suggest changing to: "Since multiple entities described in this document participate in maintenance of the index of publications, sufficient security must be in place and followed by each entity to ..." Second paragraph current wording: "The IETF LLC should take ..." Suggest changing to: "The IETF LLC or any other contracting activity(s), e.g., subcontracts, should take ..." Again, thanks for the excellent quality draft - hopefully, the suggested changes make section 10 clearer. Russ Mundy
- [secdir] Secdir last call review of draft-iab-rfc… Russ Mundy via Datatracker
- Re: [secdir] Secdir last call review of draft-iab… Peter Saint-Andre