[secdir] Secdir review of draft-ietf-appsawg-rfc3536bis-06

Catherine Meadows <catherine.meadows@nrl.navy.mil> Mon, 11 July 2011 19:52 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F063C11E80C6; Mon, 11 Jul 2011 12:52:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xVe+OapATInn; Mon, 11 Jul 2011 12:52:48 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id B7F6511E80AB; Mon, 11 Jul 2011 12:52:47 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id p6BJqjCH005558; Mon, 11 Jul 2011 15:52:46 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id p6BJqhti002009; Mon, 11 Jul 2011 15:52:43 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2011071115524331621 ; Mon, 11 Jul 2011 15:52:43 -0400
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary=Apple-Mail-8--752622389
Date: Mon, 11 Jul 2011 16:02:22 -0400
Message-Id: <E2A16833-A619-4A5C-AC95-AC76F343C5E9@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-appsawg-rfc3536bis.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [secdir] Secdir review of draft-ietf-appsawg-rfc3536bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2011 19:52:49 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft provides definitions for a set of terms commonly used in internationalization in the IETF, that is terms having to do with the representation of text strings that
appear in protocols in different languages, writing systems, and alphabets.  In the security considerations sections the authors point out that since this draft consists of definitions
of terminology having to do with the representation of text strings, it has only an indirect connection with security in some authentication methods may rely on the comparison of
text strings.  However, I don't see anything in the definition of terms here that would negatively impact the ability to discuss or specify such security methods, so I don't see any
security issues here.

One nit, having nothing to do with security:  I found the phrase

"Internet users must be
   able to be enter text in typical input methods and displayed in any
   human language."

in the introduction somewhat hard to parse.  Does it mean that 1) users should be able to use any of a set of typical input methods and
2) it should be possible to display the results in any human language, or that users should be able to enter text from any human
language using typical input methods?


Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil