Last Call Review of draft-ietf-rift-applicability-14
review-ietf-rift-applicability-14-secdir-lc-ladd-2024-04-18-00

I have completed the secdir review of draft-ietf-rift-applicability, part of
the secdir effort to review all documents progressing to this stage in the
IETF. These comments should be treated like any other in the the last call
process. The result of the review is not ready.

I used to think I knew broadly what networking was, then I read this document.
There's a fair number of terms that are new to me, and some more references
might help develop understanding. But that's a minor editorial point.

More concerning is the complete absence of discussion of security, choosing to
kick that to RIFT. That's despite a section about key management in the
document, as well as discussion of operational scenarios that have implications
for the choice of key management technology used. I'd like to see more here:
it's an opportunity to spell out security considerations applicable to the
scenarios with more specificity than in the RIFT drafts.

Sincerely,
Watson Ladd