Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
 (Postfix) with ESMTP id 2929C1A02D3; Fri, 24 Jan 2014 17:19:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level: 
X-Spam-Status: No,
 score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rN5APSCe6ys9;
 Fri, 24 Jan 2014 17:18:59 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com
 (mail-bl2lp0212.outbound.protection.outlook.com [207.46.163.212]) by
 ietfa.amsl.com (Postfix) with ESMTP id B9D711A0293;
 Fri, 24 Jan 2014 17:18:58 -0800 (PST)
Received: from CH1PR03MB599.namprd03.prod.outlook.com (10.255.156.164) by
 CH1PR03MB599.namprd03.prod.outlook.com (10.255.156.164) with Microsoft SMTP
 Server (TLS) id 15.0.847.13; Sat, 25 Jan 2014 01:18:50 +0000
Received: from CH1PR03MB599.namprd03.prod.outlook.com ([169.254.7.197]) by
 CH1PR03MB599.namprd03.prod.outlook.com ([169.254.7.197]) with mapi id
 15.00.0847.008; Sat, 25 Jan 2014 01:18:49 +0000
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>,
 "draft-yourtchenko-cisco-ies.all@tools.ietf.org"
 <draft-yourtchenko-cisco-ies.all@tools.ietf.org>
Thread-Topic: [secdir] secdir review of draft-yourtchenko-cisco-ies-09
Thread-Index: Ac8ZaAlSJfd9ZHMbTi+Pma3WGHP9yA==
Date: Sat, 25 Jan 2014 01:18:49 +0000
Message-ID: <5d469d015350423b83a782a78a5527b5@CH1PR03MB599.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [131.107.192.211]
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges
 (Engineering ONLY)
x-forefront-prvs: 01026E1310
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009001)(6009001)(199002)(189002)(54356001)(56776001)(54316002)(74316001)(76796001)(85306002)(87266001)(2656002)(93136001)(81542001)(47446002)(74876001)(74366001)(47736001)(86362001)(83322001)(94316002)(76176001)(76576001)(2201001)(76786001)(19580395003)(69226001)(31966008)(74706001)(74502001)(93516002)(33646001)(49866001)(53806001)(56816005)(47976001)(76482001)(81816001)(59766001)(83072002)(65816001)(15202345003)(85852003)(80022001)(15975445006)(74662001)(77982001)(77096001)(87936001)(4396001)(80976001)(51856001)(90146001)(46102001)(79102001)(92566001)(81342001)(66066001)(50986001)(81686001)(63696002)(24736002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:CH1PR03MB599;
 H:CH1PR03MB599.namprd03.prod.outlook.com; CLIP:131.107.192.211; FPR:;
 RD:InfoNoRecords; A:1; MX:1; LANG:en; 
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: [secdir]  secdir review of draft-yourtchenko-cisco-ies-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
 <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
 <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2014 01:19:01 -0000

I have reviewed this document as part of the security directorate's ongoing=
 effort to review all IETF documents being processed by the IESG.  These co=
mments were written primarily for the benefit of the security area director=
s.  Document editors and WG chairs should treat these comments just like an=
y other last call comments.

This document is a mechanism to bring an IANA registry of log event types u=
p to date to correspond with existing practice based on updates to the prot=
ocol defined in RFC3954. There are no security considerations other than va=
gue concerns over what a buggy existing implementations might do if they se=
e new event types that they don't recognize. This should not be controversi=
al.

Formatting nits:

At the bottom of page 2 and the top of page 3, there are question marks tha=
t seem to have a pre-pended space that looks out of place, but it may have =
been required by some formatting requirement around the bracketed reference=
 that precedes it.

The formatter that translated the XML in appendix A into text for the RFC s=
eems to have strange taste in where to place line breaks. For example, in t=
he middle of page 13, there appears:

<reference>
 http://www
 .cisco.com
 /en/US/pro
 ducts/hw/s
 witches/ps
 700/products_configuration_example...

	--Charlie