Telechat Review of draft-ietf-i2rs-protocol-security-requirements-10

Request Review of draft-ietf-i2rs-protocol-security-requirements
Requested rev. no specific revision (document currently at 17)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2016-09-27
Requested 2016-09-15
Authors Susan Hares, Daniel Migault, Joel Halpern
Draft last updated 2016-10-06
Completed reviews Secdir Last Call review of -06 by Radia Perlman (diff)
Secdir Telechat review of -10 by Radia Perlman (diff)
Opsdir Telechat review of -06 by Mahesh Jethanandani (diff)
Rtgdir Early review of -02 by Tomonori Takeda (diff)
Assignment Reviewer Radia Perlman 
State Completed
Review review-ietf-i2rs-protocol-security-requirements-10-secdir-telechat-perlman-2016-10-06
Reviewed rev. 10 (document currently at 17)
Review result Has Nits
Review completed: 2016-10-06


On Thu, Sep 15, 2016 at 6:43 AM, Radia Perlman 


radiaperlman at



I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area directors.

Document editors and WG chairs should treat these comments just like any other last call comments.

I previously reviewed version 6 and 10, and all my comments are addressed in this version (17). The secdir assignment was for version 14, but the latest version seems to be 17, so that is the one that I reviewed.

Nothing substantive, certainly no security issues, and it's ready for publication.

I do have a few super-minor typos in this version (17)  Apologies for the weird formatting of my comments below. Perhaps it's gmail, that when I cut-and-paste from the document, makes weird boxes, so please ignore the boxes.  If gmail is just putting boxes in while I type in my comments, just to annoy me, and they don't appear in the sent email, then ignore the non-boxes I'm complaining about.  Anyway, here are my comments:

There seems to be a cut-and-paste error here:


The optional insecure transport can only be used

 restricted set of publically data available (events or information)"

Perhaps it should be "The optional insecure transport can only be used when accessing publically available data (events or information)".  

Not exactly sure what you'd like it to be...but there does seem to be at least a missing word in the text from the document.


And as long as I'm noticing extremely minor editorial things during reread:

"The first application is a weekly configuration application
   that uses the I2RS protocol to change configurations.  The second
   application is an application that allows operators to makes
   emergency changes to routers in the network"

In the first sentence I'd probably say "periodic" instead of "weekly".

The second sentence should be "to make" instead of "to makes"


Another super-minor typo "

A variety of forms of managemen"  is missing
the letter "t" in "management"