Hi Russ, thanks for your review. Comments inline. On 2/23/22 3:51 PM, Russ Mundy via Datatracker wrote:
Reviewer: Russ Mundy Review result: Ready Reviewer: Russ Mundy Review result: Ready with nits I have (re)reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is: Ready with nits The document is well written, understandable and provides sound definition of a new version of the RFC Editor Model. The only nits that I identified in the document are in the Security Considerations section where the wording infers that "the RFC Editor" is a single entity (or person). I recognize that the wording in the section came mostly from earlier RFC Editor Model versions but since this Model Version clearly states that the activities are performed by a collection of multiple entities, the wording of section 10 seems inconsistent with other parts of the document.
Good catch. We copied the Security Considerations from RFC 6635/8728 and didn't properly update it to reflect version 3 of the model.
Without trying to make this section unduly long or complex, I suggest making something like the following changes to section 10: First paragraph, third sentence current wording: "Since the RFC Editor maintains the index of publications, sufficient security must be in place to ...." Suggest changing to: "Since multiple entities described in this document participate in maintenance of the index of publications, sufficient security must be in place and followed by each entity to ..."
Something like that would make sense, although we might want to mention the RFC Production Center because Section 4.3 specifies that they have responsibility for publication, archiving, etc.
Second paragraph current wording: "The IETF LLC should take ..." Suggest changing to: "The IETF LLC or any other contracting activity(s), e.g., subcontracts, should take ..."
That seems reasonable.
Again, thanks for the excellent quality draft - hopefully, the suggested changes make section 10 clearer.
They do, thanks! Peter -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call