[secdir] Secdir last call review of draft-ietf-rmcat-eval-test-09

Joseph Salowey <joe@salowey.net> Sun, 10 February 2019 21:38 UTC

Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA06129524; Sun, 10 Feb 2019 13:38:38 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey <joe@salowey.net>
To: <secdir@ietf.org>
Cc: rmcat@ietf.org, iesg@ietf.org, draft-ietf-rmcat-eval-test.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.91.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154983471836.14687.15606048759231374187@ietfa.amsl.com>
Date: Sun, 10 Feb 2019 13:38:38 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/swYZFU0EZoXupCMAJcrXoT5Npp4>
Subject: [secdir] Secdir last call review of draft-ietf-rmcat-eval-test-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2019 21:38:39 -0000

Reviewer: Joseph Salowey
Review result: Has Issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Document has issues.   I would like to see Stewart
Bryant's Genart comments about emphasizing that tests should be conducted in a
controlled environment and not the open Internet.