[secdir] Secdir last call review of draft-ietf-iasa2-rfc4071bis-08

Christian Huitema via Datatracker <noreply@ietf.org> Mon, 18 March 2019 03:39 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A3028131047; Sun, 17 Mar 2019 20:39:08 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-iasa2-rfc4071bis.all@ietf.org, iasa20@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.94.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Christian Huitema <huitema@huitema.net>
Message-ID: <155288034847.13672.14199489874309036711@ietfa.amsl.com>
Date: Sun, 17 Mar 2019 20:39:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tDBXqZBVjm1B3lVPLb_k9BDrXSg>
Subject: [secdir] Secdir last call review of draft-ietf-iasa2-rfc4071bis-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 03:39:09 -0000

Reviewer: Christian Huitema
Review result: Ready

I have reviewed this draft-ietf-iasa2-rfc4071bis-08 as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready.

As stated in the introduction, this draft "describes the structure of the IETF 
Administrative Support Activity, version 2 (IASA 2.0).  It defines the roles 
and responsibilities of the IETF LLC Board, the IETF Executive Director, and 
ISOC in the fiscal and administrative support of the IETF standards process.  
It also defines the membership and selection rules for the IETF LLC Board."

The document is well written and easy to read. It does not describe any
specific technology or propose standard, and the security consideration
as just pro-forma, stating that "This document ...  introduces no
security considerations for the Internet." Which appears true.

Security impact, if any, would be indirect. One could imagine that some 
malevolent third party might apply pressure on the LLC staff, the board 
members, or ISOC, with a goal of compromising the standard process
and allowing publication of insecure standards. But this hypothetical
pressures could probably happen just as well in the current structure.
In fact, the draft's emphasis on clear process and transparency
provides additional protection, which confirms the assessment that
this document "introduces no security considerations for the Internet."