Last Call Review of draft-ietf-marf-as-
review-ietf-marf-as-genart-lc-thomson-2012-04-24-00

Request Review of draft-ietf-marf-as
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2012-04-24
Requested 2012-04-12
Authors J.D. Falk, Murray Kucherawy
Draft last updated 2012-04-24
Completed reviews Genart Last Call review of -?? by Martin Thomson
Genart Last Call review of -?? by Martin Thomson
Secdir Last Call review of -?? by Scott Kelly
Assignment Reviewer Martin Thomson 
State Completed
Review review-ietf-marf-as-genart-lc-thomson-2012-04-24
Review completed: 2012-04-24

Review
review-ietf-marf-as-genart-lc-thomson-2012-04-24

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-marf-as-13
Reviewer: Martin Thomson
Review Date: 2012-04-12
IETF LC End Date:
IESG Telechat date: (if known)

Summary: This document is fit for publication, though some minor
issues might warrant further consideration.

Major issues: None

Minor issues:

Reading through, this doesn't smell very much like an applicability
statement at all.  It has the distinct odor of a profile, or a set of
implementation/deployment/operational guidelines.  That might just be
me.

Section 4.2 doesn't really contain enough information for me to
determine when I might want to ignore your SHOULD.

Section 6.1, point 1 cannot be an interoperability requirement if
there isn't a mechanism provided.  The text is perfectly clear, but I
can't implement anything here to address the "MUST".  The problem is
that the reports are unsolicited, and therefore an out-of-band
"session" has not been established between providers. (Is an abuse
report the in-band solution you are looking for?  Yes, Section 7,
point 2, I know...)

Section 6.3, point 1 has the same complaint for the "SHOULD", though
in this case the softness of the "SHOULD" makes this more tolerable.

Nits/editorial comments:

Expand on first use: MUA, SPF, DKIM.

Parentheses around references is excessive ([CITE]).

Section 5.2, point 2 is a bit of a truism...MUST support optional
fields being optional.  Is it really necessary?

Section 6.3, point 3, sentence 2: missing comma after "([RFC3912])"

Section 6.4, point 3, did not parse: "reports are generated with use
by recipients not using"

Section 6.5, point 3 could be made MUST NOT by saying "MUST NOT reject
non-ARF messages based solely on the format" or by adding other
qualifications to that effect.  Obviously this has to allow for local
policy that rejects messages on other criteria, but you can make a
requirement like this.