Last Call Review of draft-cotton-rfc4020bis-01
review-cotton-rfc4020bis-01-secdir-lc-kivinen-2013-09-12-00
Request | Review of | draft-cotton-rfc4020bis |
---|---|---|
Requested revision | No specific revision (document currently at 02) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-09-24 | |
Requested | 2013-08-29 | |
Authors | Michelle Cotton | |
I-D last updated | 2013-09-12 | |
Completed reviews |
Genart Last Call review of -01
by Robert Sparks
(diff)
Genart Telechat review of -02 by Robert Sparks Secdir Last Call review of -01 by Tero Kivinen (diff) |
|
Assignment | Reviewer | Tero Kivinen |
State | Completed | |
Request | Last Call review on draft-cotton-rfc4020bis by Security Area Directorate Assigned | |
Reviewed revision | 01 (document currently at 02) | |
Result | Ready | |
Completed | 2013-09-12 |
review-cotton-rfc4020bis-01-secdir-lc-kivinen-2013-09-12-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes (or updates) the process for early allocation of code points by IANA from registries for which "Specification Required", "RFC Required", "IETF Review", or "Standards Action" policies apply. One of the big problems with early allocations is that the implementations using those numbers will never really go away, even if the numbers are later changed (i.e. changed from private number space to real allocations). At least with this kind of early real allocations, the implementations could use the real numbers and be interoperable with the RFC versions. The security considerations section do cover the denial of service attacks against IANA (depletion of code space by early allocations, and process overload of IANA itself). I do not have any comments for this document, and I think it is ready. -- kivinen at iki.fi