Last Call Review of draft-ietf-idnabis-tables-
review-ietf-idnabis-tables-secdir-lc-kelly-2009-10-22-00
Request | Review of | draft-ietf-idnabis-tables |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2009-10-13 | |
Requested | 2009-09-30 | |
Authors | Patrik Fältström | |
I-D last updated | 2009-10-22 | |
Completed reviews |
Secdir Last Call review of -??
by Scott G. Kelly
Secdir Telechat review of -?? by Scott G. Kelly |
|
Assignment | Reviewer | Scott G. Kelly |
State | Completed | |
Request | Last Call review on draft-ietf-idnabis-tables by Security Area Directorate Assigned | |
Completed | 2009-10-22 |
review-ietf-idnabis-tables-secdir-lc-kelly-2009-10-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document specifies rules for deciding whether a code point should be included in an Internationalized Domain Name. It's a member of a 4-document group, and as Paul pointed out in a related review, should be considered as such. The security considerations section consists of one sentence: "The security issues associated with this work are discussed in [IDNA2008-protocol]." Following that link to the protocol document's security considerations section: "Security Considerations for this version of IDNA, except for the special issues associated with right to left and characters, are described in [IDNA2008-Defs]. Specific issues for labels containing characters associated with scripts written right to left appear in [IDNA2008-BIDI]." The security considerations in those two documents (especially the protocol document) do seem to cover the issues, although like Sam, I don't feel qualified to definitively state this, and so I think the security ADs should pay some attention to this collection of documents. Editorially, one might consider removing the reference indirection and pointing the reader directly at [IDNA2008-Defs] and [IDNA2008-BIDI]. --Scott