Telechat Review of draft-ietf-regext-epp-fees-18
review-ietf-regext-epp-fees-18-secdir-telechat-nir-2019-09-17-00
| Request | Review of | draft-ietf-regext-epp-fees |
|---|---|---|
| Requested rev. | no specific revision (document currently at 20) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-09-17 | |
| Requested | 2019-09-09 | |
| Authors | Roger Carney, Gavin Brown, Jothan Frakes | |
| Draft last updated | 2019-09-17 | |
| Completed reviews |
Genart Last Call review of -16 by Stewart Bryant
(diff)
Opsdir Last Call review of -16 by Carlos Pignataro (diff) Secdir Last Call review of -16 by Yoav Nir (diff) Secdir Telechat review of -18 by Yoav Nir (diff) Genart Telechat review of -18 by Stewart Bryant (diff) |
|
| Assignment | Reviewer | Yoav Nir |
| State | Completed | |
| Review | review-ietf-regext-epp-fees-18-secdir-telechat-nir-2019-09-17 | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/NyWI78IQoOYLkoR3REgYFiVr8R4 | |
| Reviewed rev. | 18 (document currently at 20) | |
| Review result | Has Nits | |
| Review completed: | 2019-09-17 |
Review
review-ietf-regext-epp-fees-18-secdir-telechat-nir-2019-09-17
The changes in revision -17 are fine. I would still like to have it stated that financial information is not at risk of leaking because the account information of a customer is only sent in communications with that customer. The Security Considerations section already says that encryption is used when transmitting financial information. That is necessary but not sufficient. You also need to state that such information is only sent to entities that should have access to that information.