Telechat Review of draft-ietf-nfsv4-multi-domain-fs-reqs-09
review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01-00

Request Review of draft-ietf-nfsv4-multi-domain-fs-reqs
Requested rev. no specific revision (document currently at 11)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2016-08-30
Requested 2016-08-25
Draft last updated 2016-09-01
Completed reviews Genart Last Call review of -08 by Brian Carpenter (diff)
Genart Telechat review of -09 by Brian Carpenter (diff)
Secdir Last Call review of -08 by Russ Housley (diff)
Secdir Telechat review of -09 by Russ Housley (diff)
Assignment Reviewer Russ Housley
State Completed
Review review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01
Reviewed rev. 09 (document currently at 11)
Review result Has Nits
Review completed: 2016-09-01

Review
review-ietf-nfsv4-multi-domain-fs-reqs-09-secdir-telechat-housley-2016-09-01

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Version reviewed: draft-ietf-nfsv4-multi-domain-fs-reqs-09


Summary: Ready

Thank you for rewriting the Abstract and Introduction.  They are much
improved.


Major Concerns:  None.


Minor Concerns:

The first paragraph in Section 3 includes: "The issues with multi-domain
deployments described in this document apply ...".  I do not think that
"issues" is the right word.  To be consistent with the title of the
document, it should be talking about guidance or deployment
alternatives.

In Section 6.2.1, it says:

   Multiple security services per NFSv4 Domain is allowed, and brings
   the issue of mapping multiple Kerberos 5 principal@REALMs to the same
   local ID.  Methods of achieving this are beyond the scope of this
   document.

I think it would be better to use "need" instead of "issue".


Nits:

Please change "internet" to "Internet" throughout the document.

In Section 2, "Stringified UID or GID" definition:  Please add "of" to
the last sentence, so that it reads: "See Section 5.9 of [RFC5661]."