Last Call Review of draft-freytag-lager-variant-rules-03
review-freytag-lager-variant-rules-03-secdir-lc-lonvick-2017-02-02-00

Request Review of draft-freytag-lager-variant-rules
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-02-14
Requested 2017-01-17
Other Reviews Genart Last Call review of -02 by Francis Dupont (diff)
Opsdir Last Call review of -03 by Rick Casarez (diff)
Genart Last Call review of -03 by Francis Dupont (diff)
Secdir Last Call review of -05 by Chris Lonvick (diff)
Genart Last Call review of -05 by Francis Dupont (diff)
Review State Completed
Reviewer Chris Lonvick
Review review-freytag-lager-variant-rules-03-secdir-lc-lonvick-2017-02-02
Posted at https://mailarchive.ietf.org/arch/msg/secdir/qdRbIp7p0AQ83uHRWJg1eUVpn5A
Reviewed rev. 03 (document currently at 06)
Review result Has Issues
Last updated 2017-02-02

Review
review-freytag-lager-variant-rules-03-secdir-lc-lonvick-2017-02-02

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

I consider this draft to be ready with issues.

The document is well written and thorough but has no content in the 
Security Considerations section. The guidance provided in this 
INFORMATIONAL document appears to be sound but it should still provide a 
statement of how this work attempts to address the security concerns of 
RFC 7948. For perspective, the title of section 12.1 of the Security 
Considerations section is "LGRs Are Only a Partial Remedy for Problem 
Space".

My recommendation is that a Security Considerations section for this 
document incorporate the Security Considerations section of RFC 7948, 
along with statements of how the document addresses the obtainable 
remediations, and what implementers should continue to be concerned about.

Thanks,
Chris