[secdir] Secdir last call review of draft-ietf-opsawg-service-model-explained-03

Joseph Salowey <joe@salowey.net> Sun, 17 September 2017 19:32 UTC

Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B4D813331E; Sun, 17 Sep 2017 12:32:04 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey <joe@salowey.net>
To: <secdir@ietf.org>
Cc: opsawg@ietf.org, iesg@ietf.org, draft-ietf-opsawg-service-model-explained.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.61.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150567672431.672.1037086780979343658@ietfa.amsl.com>
Date: Sun, 17 Sep 2017 12:32:04 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rTkRuHGDUIab8T5_7E4rzB1Eyb0>
Subject: [secdir] Secdir last call review of draft-ietf-opsawg-service-model-explained-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Sep 2017 19:32:04 -0000

Reviewer: Joseph Salowey
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is the document is ready for publication.

I think the document could be improved slightly by touching on the fact that
the service models themselves may involve security parameters.  You could add a
sentence to the security considerations section following the last sentence:

"The service model should expose security related parameters where they are
available to the customer."