Last Call Review of draft-ietf-appsawg-rfc5451bis-07
review-ietf-appsawg-rfc5451bis-07-secdir-lc-gondrom-2013-07-05-00
Request | Review of | draft-ietf-appsawg-rfc5451bis |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-07-09 | |
Requested | 2013-06-20 | |
Authors | Murray Kucherawy | |
I-D last updated | 2013-07-05 | |
Completed reviews |
Genart Last Call review of -07
by Peter E. Yee
(diff)
Secdir Last Call review of -07 by Tobias Gondrom (diff) |
|
Assignment | Reviewer | Tobias Gondrom |
State | Completed | |
Request | Last Call review on draft-ietf-appsawg-rfc5451bis by Security Area Directorate Assigned | |
Reviewed revision | 07 (document currently at 10) | |
Result | Ready | |
Completed | 2013-07-05 |
review-ietf-appsawg-rfc5451bis-07-secdir-lc-gondrom-2013-07-05-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments ust like any other last call comments. This ID is Standards Track and specifies specifies a header field for use with electronic mail messages to indicate the results of message authentication efforts. I believe the security implications have been evaluated sufficiently in the security considerations sections and think the draft is ok to proceed. One personal comment IMHO: the security considerations rely heavily on the established trust boundary. However in section 1.2 it is declared that "How this trust is obtained is outside the scope of this document. It is entirely a local matter." So the document itself is ok, but I feel that this "local matter" of establishing and ensuring this trust is an essential pre-requisite for a secure system. Best regards, Tobias