Last Call Review of draft-doria-genart-experience-
review-doria-genart-experience-secdir-lc-gondrom-2011-08-05-00

Request Review of draft-doria-genart-experience
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-08-19
Requested 2011-07-09
Draft last updated 2011-08-05
Completed reviews Secdir Last Call review of -?? by Tobias Gondrom
Assignment Reviewer Tobias Gondrom
State Completed
Review review-doria-genart-experience-secdir-lc-gondrom-2011-08-05
Review completed: 2011-08-05

Review
review-doria-genart-experience-secdir-lc-gondrom-2011-08-05



I have reviewed this document as part of the
      security directorate's 


      ongoing effort to review all IETF documents being processed by the
      


      IESG.  These comments were written primarily for the benefit of
      the 


      security area directors.  Document editors and WG chairs should
      treat 


      these comments just like any other last call comments.





      This document is informational and covers the experiences of the
      General Area Review Team. 


      The Security Considerations of the draft are sufficient. 





      The following three comments: 


      1. minor editorial in section 4.3

 Form
      of Review




=> maybe replace the word "stole" with
      "derived" or any other word.


      "Rather than invent new guidelines, the Gen-ART requirements for
      the form of a review stole liberally from" / 

"Rather than invent new guidelines, the Gen-ART
      requirements for the form of a review derived liberally from"







2. Section 12: 


      is it beneficial to list all current members of the Gen-ART per
      name in the draft? 


      - first are there any privacy issues with that? 


      - when adding or removing people from the team,

 the list in the I-D might become outdated and give
      false information on the current status. 

 Would it be more appropriate/easier to update the
      draft to reference the current list 

 

of reviewers 

(e.g. on a
      tools web page) 

instead of listing them
      in the I-D? 





      3. Section 10 Security Considerations:  is ok so far. 


      On a personal comment/addition: 


      But maybe worth considering is that availability and integrity of
      sent reviews is also important: 


      I noticed that recently some emails to mail-aliases did not get
      delivered to the respective lists and therefore reviews and/or
      answers to reviews might not be received by the individuals on
      these lists. 


      Unfortunately this happens in some random fashion (for the same
      sender email and ietf tools aliases within a short time frame,
      some times it happens some times it doesn't), without a timely
      warning (but usually with a failure message 3-5 days after the
      email message has been posted). First investigations may suggest
      that this could be due to some spam filter or mail server
      configuration issues, however other reasons might also apply. 


      This can obviously impair the quality of the public review process
      if individual comments and reviews will not be delivered. 





      Kind regards, Tobias