Last Call Review of draft-ietf-i2nsf-problem-and-use-cases-12
review-ietf-i2nsf-problem-and-use-cases-12-secdir-lc-atkins-2017-04-27-00

Request Review of draft-ietf-i2nsf-problem-and-use-cases
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-03-22
Requested 2017-03-08
Other Reviews Genart Last Call review of -11 by Dale Worley (diff)
Genart Telechat review of -12 by Dale Worley (diff)
Genart Telechat review of -15 by Dale Worley (diff)
Review State Completed
Reviewer Derek Atkins
Review review-ietf-i2nsf-problem-and-use-cases-12-secdir-lc-atkins-2017-04-27
Posted at https://mailarchive.ietf.org/arch/msg/secdir/0fXZHbQFseyh_NImuVFT18IQ3Js
Reviewed rev. 12 (document currently at 16)
Review result Has Nits
Last updated 2017-04-27

Review
review-ietf-i2nsf-problem-and-use-cases-12-secdir-lc-atkins-2017-04-27

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary:

Ready to publish with small edits.

Details:

This document doesn't specify any protocols.

There appears to be a missing word in the end of the Security
Considerations section which says:

   It is important to proper AAA [RFC2904] to authorize access to the
   network and access to the I2NSF management stream.

I'm not sure if this is missing "proper AAA [something] [RFC2904] to
authorize" or if there is a different phrasing.  I'm not sure what is
trying to be said about AAA, but this sentence is clearly missing an
article (as "proper AAA" by itself is not a noun").

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant