Telechat Review of draft-ietf-nfsv4-multi-domain-fs-reqs-09
review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01-00
| Request | Review of | draft-ietf-nfsv4-multi-domain-fs-reqs |
|---|---|---|
| Requested rev. | no specific revision (document currently at 11) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2016-08-30 | |
| Requested | 2016-08-25 | |
| Authors | Andy Adamson, Nicolás Williams | |
| Draft last updated | 2016-09-01 | |
| Completed reviews |
Genart Last Call review of -08 by Brian Carpenter
(diff)
Genart Telechat review of -09 by Brian Carpenter (diff) Secdir Last Call review of -08 by Russ Housley (diff) Secdir Telechat review of -09 by Russ Housley (diff) |
|
| Assignment | Reviewer | Russ Housley |
| State | Completed | |
| Review | review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01 | |
| Reviewed rev. | 09 (document currently at 11) | |
| Review result | Has Nits | |
| Review completed: | 2016-09-01 |
Review
review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01
I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Version reviewed: draft-ietf-nfsv4-multi-domain-fs-reqs-09 Summary: Ready Thank you for rewriting the Abstract and Introduction. They are much improved. Major Concerns: None. Minor Concerns: The first paragraph in Section 3 includes: "The issues with multi-domain deployments described in this document apply ...". I do not think that "issues" is the right word. To be consistent with the title of the document, it should be talking about guidance or deployment alternatives. In Section 6.2.1, it says: Multiple security services per NFSv4 Domain is allowed, and brings the issue of mapping multiple Kerberos 5 principal@REALMs to the same local ID. Methods of achieving this are beyond the scope of this document. I think it would be better to use "need" instead of "issue". Nits: Please change "internet" to "Internet" throughout the document. In Section 2, "Stringified UID or GID" definition: Please add "of" to the last sentence, so that it reads: "See Section 5.9 of [RFC5661]."