Last Call Review of draft-ietf-mile-iodef-guidance-10
review-ietf-mile-iodef-guidance-10-secdir-lc-meadows-2017-08-31-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready With Nits.

This document contains advice on using the Incident Object Description Exchange
Format (IODEF) to describe incident reports.  In contains general guidelines. 
No security-related issues are addressed; in particular guidance on setting
restrictions is avoided. In the security considerations section, the authors
point out that this document  introduces no new security concerns other than
those already addressed in RFC7870 (the IODEF RFC), and reader is referred to 
RFC7970 for any security questions.

I agree with this, and I don’t see any need for making substantive changes. 
There are a couple of nits though:

1.  The sentence at the bottom of page 6, beginning “IODEF implementations
SHOULD not consider using their own IODEF extensions unless …” doesn’t parse. 
I think you can get the meaning you intended by removing the words “”is not a
suitable option” at the end.

2.  The “Nevertheless” at the beginning of the second sentence of the Security
Considerations section is confusing.  The second sentence doesn’t contradict
the first; it merely elaborates on it.  I’d suggest removing the word
“Nevertheless.”

Cathy Meadows

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil <mailto:catherine.meadows@nrl.navy.mil>