Last Call Review of draft-ietf-appsawg-rfc5451bis-07
review-ietf-appsawg-rfc5451bis-07-secdir-lc-gondrom-2013-07-05-00
| Request | Review of | draft-ietf-appsawg-rfc5451bis |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-07-09 | |
| Requested | 2013-06-20 | |
| Authors | Murray Kucherawy | |
| Draft last updated | 2013-07-05 | |
| Completed reviews |
Genart Last Call review of -07
by
Peter E. Yee
(diff)
Secdir Last Call review of -07 by Tobias Gondrom (diff) |
|
| Assignment | Reviewer | Tobias Gondrom |
| State | Completed | |
| Review |
review-ietf-appsawg-rfc5451bis-07-secdir-lc-gondrom-2013-07-05
|
|
| Reviewed revision | 07 (document currently at 10) | |
| Result | Ready | |
| Completed | 2013-07-05 |
review-ietf-appsawg-rfc5451bis-07-secdir-lc-gondrom-2013-07-05-00
I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG. These comments were written primarily
for the benefit of the security area directors. Document editors
and WG chairs should treat these comments ust like any other last
call comments.
This ID is Standards Track and specifies specifies a header field
for use with electronic mail messages to indicate the results of
message authentication efforts.
I believe the security implications have been evaluated
sufficiently in the security considerations sections and think the
draft is ok to proceed.
One personal comment IMHO:
the security considerations rely heavily on the established trust
boundary. However in section 1.2 it is declared that "How this
trust is obtained is outside the scope of this document. It is
entirely a local matter." So the document itself is ok, but I
feel that this "local matter" of establishing and ensuring this
trust is an essential pre-requisite for a secure system.
Best regards, Tobias