[Last-Call] Secdir last call review of draft-ietf-regext-epp-registry-maintenance-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Melinda Shore
Review result: Has Issues

The security considerations section is scanty - transport security is not
described at all, nor is the question of defense against a malicious actor
spoofing a server.  It may be the case that there are, in fact, mitigations in
common use but they are not spelled out in this draft nor in RFC 5730 (and I’ll
be the first to admit that I may have missed something).  Because of this I do
have reservations about progressing the document towards publication.

Section 3.3: Is it the case that if an element is not explicitly identified as
optional, it’s mandatory?  If that’s the case you may want to mention that in
the first paragraph of this section

Nits:

There’s occasionally some unidiomatic English (for example, “The command
mappings described here are specifically for the use to notify [ … ]” rather
than, for example, “The command mappings described here are specifically used
to notify [ … ]”, “The information on a [ … ]” rather than “The information
about a [ … ], etc.),

Section 1, first paragraph:  It’s actually not very clear about what registries
are informing registrars.  It may be clearer to start with something along the
lines of “Registries usually inform registrars of maintenance activities in
different ways.”


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux