Last Call Review of draft-ietf-ippm-initial-registry-12
review-ietf-ippm-initial-registry-12-secdir-lc-wouters-2019-11-01-00

Request Review of draft-ietf-ippm-initial-registry
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-11-06
Requested 2019-10-23
Authors Al Morton, Marcelo Bagnulo, Philip Eardley, Kevin D'Souza
Draft last updated 2019-11-01
Completed reviews Genart Last Call review of -12 by Joel Halpern (diff)
Secdir Last Call review of -12 by Paul Wouters (diff)
Assignment Reviewer Paul Wouters
State Completed
Review review-ietf-ippm-initial-registry-12-secdir-lc-wouters-2019-11-01
Posted at https://mailarchive.ietf.org/arch/msg/secdir/L4aVFC0rKhM0kkD3udgV-tg3geI
Reviewed rev. 12 (document currently at 15)
Review result Has Issues
Review completed: 2019-11-01

Review
review-ietf-ippm-initial-registry-12-secdir-lc-wouters-2019-11-01

I have reviewed this document as part of the security directorate's  ongoing effort to review all IETF documents being processed by the  IESG.  These comments were written primarily for the benefit of the  security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

As this document populates an IANA registry with metrics values, no security considerations apply. This is stated in the Security Section.


Normally, the IANA considerations are within one section and all other sections are written as if this has already been done, except with a [TBD] for any value IANA needs to put in. But this document uses text outside the Iana Considerations section like:

      "IANA is asked to assign different numeric identifiers to each of the two Named Metrics."

It is better to rewrite this with clear text stating Name X is assigned value [TBD]

Similarly, the document has "Change Controller", but the way this is normally phrased is to be part of the new Registry definition of "Registration Procedure(s)" which has defined values like "Expert review", "Specification Required", "First Come First Serve", etc. The document should be changed to reflect these standard types of policies, and ask IANA to create the Registries with the standarized procedure terms for updating those registries.