Last Call Review of draft-freytag-lager-variant-rules-03
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
I consider this draft to be ready with issues.
The document is well written and thorough but has no content in the
Security Considerations section. The guidance provided in this
INFORMATIONAL document appears to be sound but it should still provide a
statement of how this work attempts to address the security concerns of
RFC 7948. For perspective, the title of section 12.1 of the Security
Considerations section is "LGRs Are Only a Partial Remedy for Problem
My recommendation is that a Security Considerations section for this
document incorporate the Security Considerations section of RFC 7948,
along with statements of how the document addresses the obtainable
remediations, and what implementers should continue to be concerned about.