Last Call Review of draft-cotton-rfc4020bis-01
review-cotton-rfc4020bis-01-secdir-lc-kivinen-2013-09-12-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes (or updates) the process for early allocation
of code points by IANA from registries for which "Specification
Required", "RFC Required", "IETF Review", or "Standards Action"
policies apply.

One of the big problems with early allocations is that the
implementations using those numbers will never really go away, even if
the numbers are later changed (i.e. changed from private number space
to real allocations). At least with this kind of early real
allocations, the implementations could use the real numbers and be
interoperable with the RFC versions.

The security considerations section do cover the denial of service
attacks against IANA (depletion of code space by early allocations,
and process overload of IANA itself).

I do not have any comments for this document, and I think it is ready. 
-- 
kivinen at iki.fi