Early Review of draft-ietf-cellar-ffv1-02
review-ietf-cellar-ffv1-02-secdir-early-xia-2018-06-01-00

Request Review of draft-ietf-cellar-ffv1
Requested rev. no specific revision (document currently at 07)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2018-06-30
Requested 2018-05-29
Requested by Michael Richardson
Other Reviews Genart Early review of -03 by Matthew Miller (diff)
Comments
We are going to WGLC on this in a week.
This is an Informational document (status will be fixed in -03), of a file format that is already common.
Another document (draft-ietf-cellar-ffv1-v4) is standards track and is coming soon.
This document is from a group of open source coders, and this is their first IETF experience, so please be extra constructive.
Review State Completed
Reviewer Liang Xia
Review review-ietf-cellar-ffv1-02-secdir-early-xia-2018-06-01
Posted at https://mailarchive.ietf.org/arch/msg/secdir/CHfPHNF4vTXbfOflIwU43MSAEdQ
Reviewed rev. 02 (document currently at 07)
Review result Ready
Draft last updated 2018-06-01
Review completed: 2018-06-01

Review
review-ietf-cellar-ffv1-02-secdir-early-xia-2018-06-01

The whole draft is in good shape and well written.
Some nits:
1. every word should start with capital letter for the section title;
2. section 2.2.4: / ceil(a) the largest integer less than or equal to a / ceil(a) the smallest integer larger than or equal to a /
3. section 3.7.2: [ISO.15444-1.2016]?
4. section 12.1: [I-D.ietf-cellar-ffv1]?
5. section 12.2: should all the RFC move to the Normative References (section 12.1)?

Issues for clarification:
In Security Considerations, besides the DoS attacks brought by the malicious payloads, is there any other kinds of attack possibly? For example, virus or worm are hidden in the malicious payloads to attack the system for more damages? Does it make sense and what's the consideration?