Skip to main content

Last Call Review of draft-iab-rfcefdp-rfced-model-11

Request Review of draft-iab-rfcefdp-rfced-model
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-02-25
Requested 2022-02-09
Requested by Mirja Kühlewind
Authors Peter Saint-Andre
I-D last updated 2022-02-23
Completed reviews Rtgdir Last Call review of -11 by Stig Venaas (diff)
Secdir Last Call review of -11 by Russ Mundy (diff)
Genart Last Call review of -11 by Christer Holmberg (diff)
Intdir Last Call review of -11 by Sheng Jiang (diff)
Opsdir Last Call review of -11 by Dan Romascanu (diff)
Tsvart Last Call review of -11 by Wesley Eddy (diff)
Artart Last Call review of -11 by Thomas Fossati (diff)
I18ndir Last Call review of -11 by Martin J. Dürst (diff)
We're aiming to maximize the reviews for all documents associated with the change in the RFC Editor model. This document is the main deliverable from the RFC future editor model program and describes the new RFC editor model. The more eyes we get on this, the better!
Assignment Reviewer Russ Mundy
State Completed
Review review-iab-rfcefdp-rfced-model-11-secdir-lc-mundy-2022-02-23
Posted at
Reviewed revision 11 (document currently at 13)
Result Ready
Completed 2022-02-23
Reviewer: Russ Mundy
Review result: Ready with nits

I have (re)reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the  IESG.
These comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is: Ready with nits

The document is well written, understandable and provides sound definition of a
new version of the RFC Editor Model.

The only nits that I identified in the document are in the Security
Considerations section where the wording infers that "the RFC Editor" is a
single entity (or person). I recognize that the wording in the section came
mostly from earlier RFC Editor Model versions but since this Model Version
clearly states that the activities are performed by a collection of multiple
entities, the wording of section 10 seems inconsistent with other parts of the

Without trying to make this section unduly long or complex, I suggest making
something like the following changes to section 10:

First paragraph, third sentence current wording:

"Since the RFC Editor maintains the index of publications, sufficient security
must be in place to ...."

Suggest changing to:

"Since multiple entities described in this document participate in maintenance
of the index of publications, sufficient security must be in place and followed
by each entity to ..."

Second paragraph current wording:

"The IETF LLC should take ..."

Suggest changing to:

"The IETF LLC or any other contracting activity(s), e.g., subcontracts,  should
take ..."

Again, thanks for the excellent quality draft - hopefully, the suggested
changes make section 10 clearer.

Russ Mundy