Telechat Review of draft-ietf-nfsv4-rpcsec-gssv3-14
review-ietf-nfsv4-rpcsec-gssv3-14-secdir-telechat-perlman-2015-12-17-00
Request | Review of | draft-ietf-nfsv4-rpcsec-gssv3 |
---|---|---|
Requested revision | No specific revision (document currently at 17) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-01-05 | |
Requested | 2015-12-10 | |
Authors | Andy Adamson , Nicolás Williams | |
I-D last updated | 2015-12-17 | |
Completed reviews |
Genart Last Call review of -13
by Elwyn B. Davies
(diff)
Genart Telechat review of -15 by Elwyn B. Davies (diff) Secdir Telechat review of -14 by Radia Perlman (diff) Opsdir Last Call review of -13 by Victor Kuarsingh (diff) |
|
Assignment | Reviewer | Radia Perlman |
State | Completed | |
Request | Telechat review on draft-ietf-nfsv4-rpcsec-gssv3 by Security Area Directorate Assigned | |
Reviewed revision | 14 (document currently at 17) | |
Result | Has nits | |
Completed | 2015-12-17 |
review-ietf-nfsv4-rpcsec-gssv3-14-secdir-telechat-perlman-2015-12-17-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Note I'm reviewing the version 14 (although it was version 13 in the assignments list). The document specifies where to carry Mandatory Access Control information in the protocol. It does not specify the Mandatory Access Control information itself… that is inherited from another spec. The language in places is a bit foreign to me, perhaps because I don't "speak" GSS-API or mandatory access control. So, for instance, in the sentence "Existing GSS-API mechanisms are insufficient for communicating certain aspects of authority to a server" I gather from context that this is authorization information. I'd have said "...insufficient for communicating certain authorization information". If "aspects of authority" means something else then perhaps "aspects of authority" should be defined here, even if defined elsewhere. If indeed this is common terminology then OK. There's a typo in section 2.5 "with an acccept stat of PROC_UNAVAIL" (extra "c" in accept) Radia