[secdir] secdir review of draft-yourtchenko-cisco-ies-09

Charlie Kaufman <charliek@microsoft.com> Sat, 25 January 2014 01:19 UTC

Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 2929C1A02D3; Fri, 24 Jan 2014 17:19:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id rN5APSCe6ys9; Fri, 24 Jan 2014 17:18:59 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0212.outbound.protection.outlook.com []) by ietfa.amsl.com (Postfix) with ESMTP id B9D711A0293; Fri, 24 Jan 2014 17:18:58 -0800 (PST)
Received: from CH1PR03MB599.namprd03.prod.outlook.com ( by CH1PR03MB599.namprd03.prod.outlook.com ( with Microsoft SMTP Server (TLS) id 15.0.847.13; Sat, 25 Jan 2014 01:18:50 +0000
Received: from CH1PR03MB599.namprd03.prod.outlook.com ([]) by CH1PR03MB599.namprd03.prod.outlook.com ([]) with mapi id 15.00.0847.008; Sat, 25 Jan 2014 01:18:49 +0000
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-yourtchenko-cisco-ies.all@tools.ietf.org" <draft-yourtchenko-cisco-ies.all@tools.ietf.org>
Thread-Topic: [secdir] secdir review of draft-yourtchenko-cisco-ies-09
Thread-Index: Ac8ZaAlSJfd9ZHMbTi+Pma3WGHP9yA==
Date: Sat, 25 Jan 2014 01:18:49 +0000
Message-ID: <5d469d015350423b83a782a78a5527b5@CH1PR03MB599.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-forefront-prvs: 01026E1310
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(199002)(189002)(54356001)(56776001)(54316002)(74316001)(76796001)(85306002)(87266001)(2656002)(93136001)(81542001)(47446002)(74876001)(74366001)(47736001)(86362001)(83322001)(94316002)(76176001)(76576001)(2201001)(76786001)(19580395003)(69226001)(31966008)(74706001)(74502001)(93516002)(33646001)(49866001)(53806001)(56816005)(47976001)(76482001)(81816001)(59766001)(83072002)(65816001)(15202345003)(85852003)(80022001)(15975445006)(74662001)(77982001)(77096001)(87936001)(4396001)(80976001)(51856001)(90146001)(46102001)(79102001)(92566001)(81342001)(66066001)(50986001)(81686001)(63696002)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:CH1PR03MB599; H:CH1PR03MB599.namprd03.prod.outlook.com; CLIP:; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [secdir] secdir review of draft-yourtchenko-cisco-ies-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2014 01:19:01 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document is a mechanism to bring an IANA registry of log event types up to date to correspond with existing practice based on updates to the protocol defined in RFC3954. There are no security considerations other than vague concerns over what a buggy existing implementations might do if they see new event types that they don't recognize. This should not be controversial.

Formatting nits:

At the bottom of page 2 and the top of page 3, there are question marks that seem to have a pre-pended space that looks out of place, but it may have been required by some formatting requirement around the bracketed reference that precedes it.

The formatter that translated the XML in appendix A into text for the RFC seems to have strange taste in where to place line breaks. For example, in the middle of page 13, there appears: