Last Call Review of draft-johansson-loa-registry-
review-johansson-loa-registry-secdir-lc-roca-2012-04-03-00
| Request | Review of | draft-johansson-loa-registry |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2012-04-10 | |
| Requested | 2012-03-08 | |
| Authors | Leif Johansson | |
| I-D last updated | 2012-04-03 | |
| Completed reviews |
Genart Last Call review of -??
by David L. Black
Genart Last Call review of -?? by David L. Black Secdir Last Call review of -?? by Vincent Roca |
|
| Assignment | Reviewer | Vincent Roca |
| State | Completed | |
| Request | Last Call review on draft-johansson-loa-registry by Security Area Directorate Assigned | |
| Completed | 2012-04-03 |
review-johansson-loa-registry-secdir-lc-roca-2012-04-03-00
Hello,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
I have two comments WRT to section 7:
1/ It is said:
"An implementor of MUST NOT treat the registry as a trust framework or
federation [...]"
As I understand the IANA registry is a record of LOA definitions that are
part of a trust framework. So that's a different concept, I agree. But why
is this sentence in the "Security Considerations" section? It could be moved
to section 3 for instance.
2/ The rest of the sentence is confusing IMHO:
"An implementor [...] MUST NOT make any assumptions about the properties of
any of the listed level of assurance URIs or their associated trust
frameworks or federations based on their presense in the IANA registry."
Do you mean that the fact an IANA registry exists, by itself, does not garranty
the trust framework actually provides the expected security features (i.e. the
IANA registry is merely a definition record)?
I don't like the term "any assumption". If a LOA tells me I can achieve some
security level by using it, I'll first **assume** it's true and in a second step
I'll verify it's indeed the case.
Typos and general comments:
** section 7:
- In the first sentence, something is missing:
"An implementor of MUST NOT"
Of what?
- Later:
"...based on their presense in the IANA registry"
Don't you mean presence (with a "c")?
** section 3.1: in the example, it is said:
"Defines Level 1 of FAF"
I didn't understand what FAF stands for. I think you'd better avoid using
an acronym here.
** section 3. There's a missing "." before "This" in:
"URI: A URI referencing a Level of Assurance Profile This is the
registry key."
Regards,
Vincent