Do not be alarmed. I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: No security or privacy issues that I can see, but I do have a couple of nits. 0) General: I guess it wasn’t clear to me that the response will take on the form of the RFC or if the text not proceeded by “>>>” in the main body will be returned in some of other form. 1) Sec 1: There’s a pointer to ICG’s charter and the RFP shouldn’t we also have a pointer to the NTIA announcement: http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions 2) Abstract contains: The IETF community is invited to comment and propose changes to this document. I guess this makes it crystal clear that folks could comment on the draft, but this sentence should be struck before going to the RFC editor. 3) Sec I (section #s refer to RFP sections): Missing word Missing “the”? r/on iana.org/on the iana.org The IETF community presently accesses the protocol parameter registries via references based on iana.org domain name, and makes use of the term "IANA" in the protocol parameter registry processes [RFC5226]. 4) Sec I: missing “.” at the end of the sentence: >>> A description of any overlaps or interdependencies between your >>> IANA requirements and the functions required by other customer >>> communities 5) Sec I: Overlap I assume the overlap here is with the other two communities listed in this RFP (i.e., names & numbers) and not the IEEE or W3C? 6) Sec I: "RIR System"? Through the IANA protocol parameters registries, the IETF delegates unicast IP address and AS number ranges to the RIR system [RFC7020],[RFC7249]. I went and looked in RFCs 7020 and 7249 and could find no reference to an “RIR system” I found Internet Numbers Registry System was that what you’re referring to? 7) Sec I: Missing question/response? In addition to the four bullets there is also this paragraph in the RFP: If your community relies on any other IANA service or activity beyond the scope of the IANA functions contract, you may describe them here. In this case please also describe how the service or activity should be addressed by the transition plan. And because the intro of the RFP says: The IANA Stewardship Transition Coordination Group (ICG) seeks complete formal responses to this RFP through processes which are to be convened … Don’t we need to include a response to this question even if the answer is “none” or “see above”? 8) Sec II.A: r/the/The & r/all/All IETF Response: the protocol parameters registries. IETF Response: all policy sources relating to the protocol parameters registry are affected. 9) Sec IV: Missing question? The “Risks” paragraph in the RFP includes the following question: Description of how long the proposals in Section III are expected to take to complete, and any intermediate milestones that may occur before they are completed. Does it need to be included along with the bullets in Sec IV? 10) Sec V: missing question/response: There are five bullets in sV this one is omitted: o The proposal must not replace the NTIA role with a government-led or an inter-governmental organization solution. Should we say something about our proposal not replacing NTIA with a government-y organizational solution? I mean I know it’s obvious to you and me, but maybe being explicit here is better. 11) Sec VI: add IETF LC? I assume you’re going to add a link to the IETF LC and maybe the ballots to the end of the list of actions. 12) s3 (IANA Considerations) r/is a response a request for/is a response to a request for Cheers, spt