Last Call Review of draft-freytag-lager-variant-rules-05
review-freytag-lager-variant-rules-05-secdir-lc-lonvick-2017-04-27-00

Team Security Area Directorate (secdir)
Title Last Call Review of draft-freytag-lager-variant-rules-05
Request Last Call - requested 2017-04-17
Reviewer Chris Lonvick
Review result Has Nits
Posted at https://mailarchive.ietf.org/arch/msg/secdir/HGTM9kueXSItcgOXoetYYUpotb8
Last updated 2017-04-27

Review
review-freytag-lager-variant-rules-05-secdir-lc-lonvick-2017-04-27

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

I consider this draft to be ready with nits.

I reviewed versions -02 and -03. In my review of -03, I noted, "RFC 7940 
has a short section in its Security Considerations section, noted below, 
about how LGRs are only a partial remedy to the problem. The new 
Security Considerations section in -03 seems to indicate that the 
problem space may be constrained by properly utilizing certain optional 
features of 7940. If that is correct, then perhaps the author would 
consider revising the last part of the second paragraph to more clearly 
state that?"

The Security Considerations section in -05 has been updated to amply 
address that.

The few nits there were have been addressed between -03 and -05. 
However, I'm not understanding this sentence in the last paragraph of 
the Security Considerations section:
    Also, the question of whether to define variants are all, or what 
labels are to be considered variants...
Perhaps should be:
    Also, the question of whether to define variants _at_ all...

Thanks,
Chris