[secdir] SECDIR draft-secretaries-good-practices.06.txt

Chris Lonvick <lonvick.ietf@gmail.com> Sun, 22 June 2014 22:49 UTC

Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 76E031A03C5; Sun, 22 Jun 2014 15:49:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id HyyvM6dVnJyb; Sun, 22 Jun 2014 15:49:20 -0700 (PDT)
Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 531721A03AD; Sun, 22 Jun 2014 15:49:20 -0700 (PDT)
Received: by mail-pd0-f181.google.com with SMTP id v10so4924019pde.40 for <multiple recipients>; Sun, 22 Jun 2014 15:49:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=yTJK0H2/xtYMMQmN83pZrIayCAgfXe0NCo1sn2I3X/M=; b=zXpjKqFPkr0sz7yeMsFlwOkd1tGEGxtjuQuGp3JEHUmsqsDRLuvem9t9BJyXAm8klK zW4nvKy3h93ZR0tfvVKag4iHLRc0vNpa/Ij52WiHspBWbV38mBiWHs6p29P2PjT7Wx83 gBglxrLw5o+JABqIQX3DxH0AskMCm8yg4/CigZ+38naqZRP5zkkdN557Yg5ykMnfHO9C kcTUrpJF1YcWAVwG0jMLrKzpRTUXiCVxIqTdJrTOflXVSOSvVuCSutRSbGZDq2+9Joq0 Q989DZxZT4nr/9GXowuEAuiGTU+abAEobEdnzR5HwW3P3nEAdAyyW/wbregX363gmfGS pzWg==
X-Received: by with SMTP id bu3mr23767876pbd.34.1403477359937; Sun, 22 Jun 2014 15:49:19 -0700 (PDT)
Received: from [] (172-3-137-150.lightspeed.sntcca.sbcglobal.net. []) by mx.google.com with ESMTPSA id oz7sm23659172pbc.41.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 22 Jun 2014 15:49:19 -0700 (PDT)
Message-ID: <53A75D6E.3020502@gmail.com>
Date: Sun, 22 Jun 2014 15:49:18 -0700
From: Chris Lonvick <lonvick.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: iesg@ietf.org, secdir@ietf.org, draft-secretaries-good-practices.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="------------000701050507030907010205"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/ofoPi6j6UtT-7lVPrcTVQdmmD68
Subject: [secdir] SECDIR draft-secretaries-good-practices.06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jun 2014 22:49:23 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall the document appears to be well written and thorough.  I
have one security related suggestion and some nits.

It appears that this document suggests that some Secretaries should
be given access to tools that are normally reserved for Chairs, such
as maillist administration.  It would be prudent to note in the
Security Considerations section that the Chairs know how to revoke
those privileges in case of problems.

The authors may wish to consider the following nits.

The third line of the first paragraph of the Introduction is a bit confusing.
    of RFC 2418 [1]). Over time, the WG Secretary role's has greatly
    of RFC 2418 [1]).  Over time, the role of the WG Secretary has greatly

The last sentence of the second paragraph of the Introduction seems to run on for a bit.
    In that regard, part or even all of the guidelines it
    provides might not be relevant for the smaller WGs, the Chairs of
    which do not need to delegate operational tasks as they handle them
    by themselves.
    In that regard, part or even all of the guidelines provided in this
    document might not be relevant for the successful operation of
    smaller WGs.  In those, the Chairs may not need to delegate
    operations tasks.

The last two sentences of second bullet in Section 3.1.1 could use some more explanation.
    The call for discussion slots
    should remind these policies as well as how should the requests be
    formulated, together with a deadline for sending them.  The call would
    also typically include information on when will the particular WG
    session be held during the IETF meeting noting that the IETF agenda
    is draft until being final.
    The note sent by the Secretary should remind the WG members of the
    policies, the formats of requests, and deadlines.
Note: I would just strike the last sentence as that seems to be better discussed in the
next bullet.
I'll suggest some rewording of "Proposing a WG session agenda"
    Based on the collected discussion's slot requests, and depending on
    the known preferences of the WG Chairs for the typical structure of
    their WG sessions, or on the objectives Chairs have for a particular
    WG session, and/or on his/her personal view, the Secretary could
    propose to the Chairs a structured agenda for the upcoming WG
    session. Following that, the WG Secretary could work with the Chairs
    to finalise the agenda in view of publishing a first draft agenda.
    While the decisions for the slot are to be made by the WG Chairs,
    the Secretary can further aid them by proposing a session agenda
    based upon his/her knowledge of the preference of the Chairs and
    the topical work of the WG.  Following that, the WG Secretary could
    work with the Chairs to finalize the agenda.
I'll suggest some rewording of the third paragraph in Section 4.
    Although typically a WG might only have one Secretary there is no
    reason why two Secretaries might not be appointed. This might be to
    help transition a new WG secretary into the role, before the previous
    Secretary steps down, or simply to load balance the tasks across two
    Secretaries. Reciprocally, a person may perfectly be Secretary of
    multiple WGs. This primarily depends on his/her ability to deal with
    the induced workload, noting nevertheless that synergies may be
    realised in such a situation. In any case, this document does not
    give a recommendation on what should be the appropriate value for the
    "Secretary / WG" ratio.
    Typically a WG may have a Secretary to cover the expected workload.
    However, a WG may consider having multiple Secretaries if the
    workload is very excessive, or to provide an overlap of Secretaries
    to transition the role as one steps down.  There may also be other
    reasons for multiple Secretaries that have not been recognized yet.

    Similar to individuals holding Chair roles in multiple WGs, there is
    no known reason why individuals cannot hold Secretary roles in
    multiple WGs, or that they may be a Chair of some WGs and Secretary of
    other WGs.  This will depend on his/her ability to deal with the
    workload, noting  that synergies may be realized in such situations.
A couple of minor things in the first paragraph of Section 5
    Section 3 has listed the typical functions and responsibilities of WG
    Secretaries. The role of a WG Secretary can range from a few of these
    to the full spectrum of them, and even beyond. In that regard, there
    is a number of additional WG related events to which the support of
    the WG Secretary would be useful. Those for example include planning
    and setting for WG interim meetings, design team meetings, etc.
    Nevertheless, some tasks described herein apply to these contexts.
    Section 3 has listed the typical functions and responsibilities of WG
    Secretaries. The role of a WG Secretary can range from a few of these
    to the full spectrum of them, and even beyond. In that regard, there
    may be additional WG related events to which the support of
    the WG Secretary would be useful; for example, planning WG interim

Best regards,