Last Call Review of draft-ietf-regext-data-escrow-05
review-ietf-regext-data-escrow-05-opsdir-lc-hares-2020-02-29-00

Request Review of draft-ietf-regext-data-escrow
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2020-02-28
Requested 2020-02-14
Authors Gustavo Lozano
Draft last updated 2020-02-29
Completed reviews Opsdir Last Call review of -05 by Susan Hares
Genart Last Call review of -04 by Stewart Bryant (diff)
Intdir Telechat review of -05 by Carlos Bernardos
Assignment Reviewer Susan Hares
State Completed
Review review-ietf-regext-data-escrow-05-opsdir-lc-hares-2020-02-29
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/V9R9wBQeCrp_XPs5ow39R23xTQI
Reviewed rev. 05
Review result Ready
Review completed: 2020-02-29

Review
review-ietf-regext-data-escrow-05-opsdir-lc-hares-2020-02-29

Status:  Ready
comments:  Excellent write-up

Detailed Comment:  I have read and re-read this document to find an error in the technical text.  Congratulations to the authors.  This is one of the few documents I cannot find any improvement in the base text.   

Did you check the text code snippet with a validator?  If not, it is normally good form. 

My operational comments on this document are "meta-comments" for the Operations AD below
-------------------

The security section starts out with the phrase:
 "This specification does not define the security mechanism to be used 
in the transmission of the dat escrow deposits, since it only 
specifies the  minimum necessary to enable the rebuidling of a 
registry from the deposits wtihotu intervention from the original registry." 

Given this focus, it is difficult to determine if the data deposited is really
the data that was on the original source.   The language among the 
depositers is couched in "recommended" and "should".   

As a META question, the IESG reviewers should ask is the the "best" 
than can be done due to the on the legal constraints in the countries
that the data registries live in.  If so, it would be wise to provide 
a second document that provides additional suggestions for 
countries in which additional operational security can be mandated.