Last Call Review of draft-ietf-uta-email-tls-certs-05
review-ietf-uta-email-tls-certs-05-opsdir-lc-wijnen-2015-12-22-00

Request Review of draft-ietf-uta-email-tls-certs
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-12-15
Requested 2015-11-29
Authors Alexey Melnikov
Draft last updated 2015-12-22
Completed reviews Genart Last Call review of -05 by Joel Halpern (diff)
Secdir Last Call review of -05 by Adam Montville (diff)
Opsdir Last Call review of -05 by Bert Wijnen (diff)
Assignment Reviewer Bert Wijnen 
State Completed
Review review-ietf-uta-email-tls-certs-05-opsdir-lc-wijnen-2015-12-22
Reviewed rev. 05 (document currently at 09)
Review result Has Nits
Review completed: 2015-12-22

Review
review-ietf-uta-email-tls-certs-05-opsdir-lc-wijnen-2015-12-22

Hi I did the OPS-Directorate review fordraft-ietf-uta-email-tls-certs-07

In general, I think this document is more or less ready to be published.

I do believe that section 5 does touch on a number of operational
aspects (and specifically about scaling). The title of that section
however is:
    Compliance Checklist for Mail Service Providers and Certificate
    Signing Request generation tools
So it may not immediately attract attention from operators so that
they can see operational aspects. Maybe that could be pointed out
somewhere in the document.

Section 5 also states that this document and its predecessors
"don't address scaling issues caused by use of TLS in multi-tenanted
environments." And it states that further work is needed in that space.
That is another operational aspect that may need to be pointed out
specifically to operators.

So maybe these 2 points can be highlighted in a saparate small sectoin
titled "Operational Considerations".
Just thinking aloud here. The point s have been made, but such a small
section qould quickly point operators to the proper places for info.

Nits:
- Page 4:
   5.  Email protocols allow use of certain wilcards in identifiers
  s/wilcards/wildcards/

- page 5, 1st para section 4.1:
    email clients would be forced to manual confirm exception, because
  s/manual/manually/ ??









Bert