[secdir] Secdir last call review of draft-ietf-iasa2-rfc4071bis-08
Christian Huitema via Datatracker <noreply@ietf.org> Mon, 18 March 2019 03:39 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A3028131047; Sun, 17 Mar 2019 20:39:08 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-iasa2-rfc4071bis.all@ietf.org, iasa20@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.94.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Christian Huitema <huitema@huitema.net>
Message-ID: <155288034847.13672.14199489874309036711@ietfa.amsl.com>
Date: Sun, 17 Mar 2019 20:39:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tDBXqZBVjm1B3lVPLb_k9BDrXSg>
Subject: [secdir] Secdir last call review of draft-ietf-iasa2-rfc4071bis-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 03:39:09 -0000
Reviewer: Christian Huitema Review result: Ready I have reviewed this draft-ietf-iasa2-rfc4071bis-08 as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. As stated in the introduction, this draft "describes the structure of the IETF Administrative Support Activity, version 2 (IASA 2.0). It defines the roles and responsibilities of the IETF LLC Board, the IETF Executive Director, and ISOC in the fiscal and administrative support of the IETF standards process. It also defines the membership and selection rules for the IETF LLC Board." The document is well written and easy to read. It does not describe any specific technology or propose standard, and the security consideration as just pro-forma, stating that "This document ... introduces no security considerations for the Internet." Which appears true. Security impact, if any, would be indirect. One could imagine that some malevolent third party might apply pressure on the LLC staff, the board members, or ISOC, with a goal of compromising the standard process and allowing publication of insecure standards. But this hypothetical pressures could probably happen just as well in the current structure. In fact, the draft's emphasis on clear process and transparency provides additional protection, which confirms the assessment that this document "introduces no security considerations for the Internet."
- [secdir] Secdir last call review of draft-ietf-ia… Christian Huitema via Datatracker