Last Call Review of draft-ietf-tsvwg-iana-ports-
I have reviewed this
document as part of the security directorate's ongoing effort to review all
IETF documents being processed by the
IESG. These comments
were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat
these comments just like any other last call
The draft draft-ietf-tsvwg-iana-ports-09 consolidates
the procedures scattered over several RFC for the assignment of service names
and ports for transport protocols. It establishes definitions and
specifications where they were previously missing (like syntax for service
names). It provides a single reference for assignment procedures going
forward and establishes procedures for port/name de-assignment, reuse,
revocation, etc., and a description of the required and optional fields that
must be provided in any request.
I did NOT review the referenced documents and did
not therefore consider differences between this procedure and previously
There is a required format for communication of a
request to the IANA, I presume by email. I did not see any mention of the
email address to which the request should be sent (RFC5226 also doesn’t
seem to mention it).
The procedure requires that the same previous
Assignee (or Contact) make any subsequent request about a port/name assignment,
where the email address is provided in the request. Security question:
how does the IANA know that it is communicating with the same Assignee/Contact?
There’s no recommendation for security of that communication.
In the IANA section there is a paragraph:
IANA is instructed to create a new service name entry in the service
name and port number registry [PORTREG] for any entry in the
"Protocol and Service Names" registry [PROTSERVREG] that does not
already have one assigned.
Are there no guidelines for creating the new service