Telechat Review of draft-ietf-regext-data-escrow-05

Request Review of draft-ietf-regext-data-escrow
Requested rev. no specific revision (document currently at 05)
Type Telechat Review
Team Internet Area Directorate (intdir)
Deadline 2020-04-07
Requested 2020-03-16
Requested by Éric Vyncke
Authors Gustavo Lozano
Draft last updated 2020-03-17
Completed reviews Opsdir Last Call review of -05 by Susan Hares
Genart Last Call review of -04 by Stewart Bryant (diff)
Intdir Telechat review of -05 by Carlos Bernardos
Assignment Reviewer Carlos Bernardos
State Completed
Review review-ietf-regext-data-escrow-05-intdir-telechat-bernardos-2020-03-17
Posted at
Reviewed rev. 05
Review result Ready with Nits
Review completed: 2020-03-17


Reviewer: Carlos J. Bernardos
Review result: Ready with nits

I am an assigned INT directorate reviewer for draft-ietf-regext-data-escrow  These
comments were written primarily for the benefit of the Internet Area Directors.
Document editors and shepherd(s) should treat these comments just like they
would treat comments from any other IETF contributors and resolve them along
with any other Last Call comments that have been received. For more details on
the INT Directorate, see

I hope these comments are clear and useful.

From an INT directorate point of view the document is ready, as it does not deal with the mechanisms used to actually transfer the data escrow deposits.
I have some comments regarding the security and privacy sections.
- In section 10 (Security considerations):

"Depending on local policies, some elements or, most likely, the whole deposit will be considered confidential. As such, the registry transmitting the data to the escrow agent should take all the necessary precautions such as encrypting the data itself and/or the transport channel to avoid inadvertent disclosure of private data."

I'd assume the should in "escrow agent should take" should be UPPER case, right?

"Authentication of the parties passing data escrow deposit files is also of the utmost importance. The escrow agent SHOULD properly authenticate the identity of the registry before accepting data escrow deposits. In a similar manner, the registry SHOULD authenticate the identity of the escrow agent before submitting any data.

Additionally, the registry and the escrow agent SHOULD use integrity checking mechanisms to ensure the data transmitted is what the source intended. Validation of the contents by the escrow agent is RECOMMENDED to ensure not only that the file was transmitted correctly from the registry, but also that the contents are "meaningful"."

In general, I wonder why not all the SHOULDs in this section are not MUST. But this should be probably better assessed by the SECDIR.

- In section 11 (Privacy considerations):

"This specification defines a format that may be used to escrow personal data. The process of data escrow is governed by a legal document agreed by the parties, and such legal document must regulate the particularities regarding the protection of personal data."

I'd assume the must should be in UPPER case, no?