Last Call Review of draft-sparks-genarea-review-tracker-02
review-sparks-genarea-review-tracker-02-secdir-lc-hanna-2015-08-13-00
Request | Review of | draft-sparks-genarea-review-tracker |
---|---|---|
Requested revision | No specific revision (document currently at 03) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-08-04 | |
Requested | 2015-07-08 | |
Authors | Robert Sparks , Tero Kivinen | |
I-D last updated | 2015-08-13 | |
Completed reviews |
Genart Last Call review of -02
by Suresh Krishnan
(diff)
Genart Telechat review of -03 by Suresh Krishnan Secdir Last Call review of -02 by Steve Hanna (diff) |
|
Assignment | Reviewer | Steve Hanna |
State | Completed | |
Request | Last Call review on draft-sparks-genarea-review-tracker by Security Area Directorate Assigned | |
Reviewed revision | 02 (document currently at 03) | |
Result | Has nits | |
Completed | 2015-08-13 |
review-sparks-genarea-review-tracker-02-secdir-lc-hanna-2015-08-13-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides requirements for improving the tools used to manage team document reviews in IETF. These tools are be used for managing secdir reviews, for example. If you want to get a peek at the next generation of these tools, peruse the document. It looks fine to me and Tero was one of the authors so I expect that he's fine with it. This document is Ready With Nits. The nits are included below. Thanks, Steve ------------------ * The second bullet on page 7 refers to "the above bullet" but it is not clear which bullet is intended. * In the fourth bullet on page 9, "must be able easily" should be "must be able to easily". * In the eighth bullet on page 9, "that have" should be "that they have". * The last sentence in the Security Considerations section seems a bit flippant. It currently reads "None of these [authentication and authorization considerations] have been identified as non-obvious." Although I don't have any material problems with this analysis, I wouldn't want to see other documents taking such a nonchalant approach to security. Instead of that sentence, I suggest "None of these have been identified as differing from the considerations relevant to the existing datatracker."