Last Call Review of draft-doria-genart-experience-
review-doria-genart-experience-secdir-lc-gondrom-2011-08-05-00
| Request | Review of | draft-doria-genart-experience |
|---|---|---|
| Requested revision | No specific revision (document currently at 04) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-08-19 | |
| Requested | 2011-07-09 | |
| Authors | avri doria , Brian E. Carpenter , Mary Barnes , Harald T. Alvestrand | |
| I-D last updated | 2015-10-14 (Latest revision 2011-07-06) | |
| Completed reviews |
Secdir IETF Last Call review of -??
by Tobias Gondrom
|
|
| Assignment | Reviewer | Tobias Gondrom |
| State | Completed | |
| Request | IETF Last Call review on draft-doria-genart-experience by Security Area Directorate Assigned | |
| Completed | 2011-08-05 |
review-doria-genart-experience-secdir-lc-gondrom-2011-08-05-00
I have reviewed this document as part of the
security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of
the
security area directors. Document editors and WG chairs should
treat
these comments just like any other last call comments.
This document is informational and covers the experiences of the
General Area Review Team.
The Security Considerations of the draft are sufficient.
The following three comments:
1. minor editorial in section 4.3
Form
of Review
=> maybe replace the word "stole" with
"derived" or any other word.
"Rather than invent new guidelines, the Gen-ART requirements for
the form of a review stole liberally from" /
"Rather than invent new guidelines, the Gen-ART
requirements for the form of a review derived liberally from"
2. Section 12:
is it beneficial to list all current members of the Gen-ART per
name in the draft?
- first are there any privacy issues with that?
- when adding or removing people from the team,
the list in the I-D might become outdated and give
false information on the current status.
Would it be more appropriate/easier to update the
draft to reference the current list
of reviewers
(e.g. on a
tools web page)
instead of listing them
in the I-D?
3. Section 10 Security Considerations: is ok so far.
On a personal comment/addition:
But maybe worth considering is that availability and integrity of
sent reviews is also important:
I noticed that recently some emails to mail-aliases did not get
delivered to the respective lists and therefore reviews and/or
answers to reviews might not be received by the individuals on
these lists.
Unfortunately this happens in some random fashion (for the same
sender email and ietf tools aliases within a short time frame,
some times it happens some times it doesn't), without a timely
warning (but usually with a failure message 3-5 days after the
email message has been posted). First investigations may suggest
that this could be due to some spam filter or mail server
configuration issues, however other reasons might also apply.
This can obviously impair the quality of the public review process
if individual comments and reviews will not be delivered.
Kind regards, Tobias