Skip to main content

Last Call Review of draft-freytag-lager-variant-rules-03
review-freytag-lager-variant-rules-03-secdir-lc-lonvick-2017-02-02-00

Request Review of draft-freytag-lager-variant-rules
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-02-14
Requested 2017-01-17
Authors Asmus Freytag
I-D last updated 2017-02-02
Completed reviews Secdir Last Call review of -03 by Chris M. Lonvick (diff)
Genart Last Call review of -02 by Francis Dupont (diff)
Opsdir Last Call review of -03 by Rick Casarez (diff)
Genart Last Call review of -03 by Francis Dupont (diff)
Secdir Last Call review of -05 by Chris M. Lonvick (diff)
Genart Last Call review of -05 by Francis Dupont (diff)
Assignment Reviewer Chris M. Lonvick
State Completed
Request Last Call review on draft-freytag-lager-variant-rules by Security Area Directorate Assigned
Reviewed revision 03 (document currently at 06)
Result Has issues
Completed 2017-02-02
review-freytag-lager-variant-rules-03-secdir-lc-lonvick-2017-02-02-00
Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

I consider this draft to be ready with issues.

The document is well written and thorough but has no content in the 
Security Considerations section. The guidance provided in this 
INFORMATIONAL document appears to be sound but it should still provide a 
statement of how this work attempts to address the security concerns of 
RFC 7948. For perspective, the title of section 12.1 of the Security 
Considerations section is "LGRs Are Only a Partial Remedy for Problem 
Space".

My recommendation is that a Security Considerations section for this 
document incorporate the Security Considerations section of RFC 7948, 
along with statements of how the document addresses the obtainable 
remediations, and what implementers should continue to be concerned about.

Thanks,
Chris