Last Call Review of draft-giralt-schac-ns-
review-giralt-schac-ns-secdir-lc-lonvick-2011-03-11-00
| Request | Review of | draft-giralt-schac-ns |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-03-17 | |
| Requested | 2011-02-22 | |
| Authors | University Malaga , Rodney McDuff | |
| I-D last updated | 2011-03-11 | |
| Completed reviews |
Secdir Last Call review of -??
by Chris M. Lonvick
Secdir Last Call review of -?? by Chris M. Lonvick Secdir Telechat review of -?? by Chris M. Lonvick |
|
| Assignment | Reviewer | Chris M. Lonvick |
| State | Completed | |
| Request | Last Call review on draft-giralt-schac-ns by Security Area Directorate Assigned | |
| Completed | 2011-03-11 |
review-giralt-schac-ns-secdir-lc-lonvick-2011-03-11-00
Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This is actually my second review of this document. It looks like many of
my comments from 31 December 2009 have not been addressed. Below are my
comments from then with new comments preceeded by "CML>".
The only security concern I have is that the registration URN is not yet
active and that it is limited to HTTPS. While I think it is still going
to take some time for this ID to become an RFC, I'd just like to see the
web site set up sooner rather than later so the kinks may be ironed out.
Beyond that, I think that it would be better to state that it will always
be a "secure web site" which will offer credentials signed by such-n-such,
and will require the latest secure methods for accessing a web site; that
currently being http [reference] with the latest TLS transport
[reference]. My issue with this is that "https" can still reference SSLv2
and I don't think that's the intent of the statement in this ID.
I don't have any concerns about the Security Considerations section other
than the statement about using "HTTPS" as noted above.
I do have a few nits that the authors may want to address.
The terms TERENA and TF-EMC2 are used without first defining them. Maybe
some changes in Section 1.
CURRENT:
The SCHAC international activity was born inside the TF-EMC2
middleware task force of the Trans European Research and Education
Network Association. The initial aim of SCHAC was to harmonise the
PROPOSED:
The SCHAC international activity was born inside the TF-EMC2 (Task
Force on European Middleware Coordination and Collaboration)
of the Trans European Research and Education Network Association
(TERENA). The initial aim of SCHAC was to harmonise the...
CML> I do see that TERENA was defined, but EMC2 is still not defined.
I think that the second paragraph of the Abstract could use some
polishing.
CURRENT:
This namespace is for naming persistent resources defined by the
SCHAC international activity participants, their working groups and
other designated subordinates. The namespace main use will be the
creation of controlled vocabulary values for attributes in the SCHAC
schema. This values will be associated to particular instances of
persons or objects belonging to any of the SCHAC object classes.
SUGGESTED:
The namespace described in this document is for naming persistent
resources defined by the SCHAC participants internationally, their
working groups, and other designated subordinates. The main use of
this namespace will be for the creation of controlled vocabulary
values
for attributes in the SCHAC schema. These values will be associated
with particular instances of persons or objects belonging to any of
the SCHAC object classes.
CML> I see that this paragraph is been duplicated into the Introduction.
I don't think that's necessary.
In Section 4, the word "Anyhow" is ambiguous. I'd suggest replacing it
with a more definite word such as "Regardless", or with the term "In any
case".
In Section 5, the term "NREN" is not defined before it is used. I'd
suggest:
CURRENT:
The assignment and use of identifiers within the namespace are open,
and the related rule is established by the SCHAC activity members.
Registration agencies (the next level naming authorities) will be the
National Research and Education Networks and established
organizational cross-border organizations that participate in SCHAC.
SUGGESTED:
The assignment and use of identifiers within the namespace are open,
and the related rule is established by the SCHAC activity members.
Registration agencies (the next level naming authorities) will be the
National Research and Education Networks (NRENS) and other established,
cross-border organizations that participate in SCHAC.
CML> I see that this version does use the term "National Research and
Education Network" but it's not associated with the acronym.
In the third paragraph of Section 5, remove the term "as soon as
practical". ...just get it done. :-)
Could you add a URL to reference [4]?
CML> Could you also add a URL for reference [5]?
Best regards,
Chris