Skip to main content

Last Call Review of draft-ietf-regext-launchphase-06
review-ietf-regext-launchphase-06-secdir-lc-lonvick-2017-11-18-00

Request Review of draft-ietf-regext-launchphase
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-11-03
Requested 2017-10-20
Authors James Gould , Wil Tan , Gavin Brown
I-D last updated 2017-11-18
Completed reviews Opsdir Last Call review of -06 by Scott O. Bradner (diff)
Secdir Last Call review of -06 by Chris M. Lonvick (diff)
Genart Last Call review of -06 by Stewart Bryant (diff)
Artart Telechat review of -06 by Harald T. Alvestrand (diff)
Assignment Reviewer Chris M. Lonvick
State Completed
Request Last Call review on draft-ietf-regext-launchphase by Security Area Directorate Assigned
Reviewed revision 06 (document currently at 07)
Result Has issues
Completed 2017-11-18
review-ietf-regext-launchphase-06-secdir-lc-lonvick-2017-11-18-00
Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments. The summary of the 
review is Ready with Nits.

The abstract describes the specification as: This document describes an 
Extensible Provisioning Protocol (EPP) extension mapping for the 
provisioning and management of domain name registrations and 
applications during the launch of a domain name registry.

I am not familiar with this line of work. In my review, I found in the 
section of Conventions Used in this Document, several XML terms are 
defined with each containing an addendum similar to, "The XML namespace 
prefix [xxx] is used, but implementations MUST NOT depend on it and 
instead employ a proper namespace-aware XML parser and serializer to 
interpret and output the XML documents." I think that it would be 
appropriate to have a summary statement covering these in the Security 
Considerations section.

The Security Considerations section appears appropriate for the contents 
and normative references.

Regards,
Chris