Secdir last call review of draft-ietf-iasa2-rfc4071bis-08

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Christian Huitema
Review result: Ready

I have reviewed this draft-ietf-iasa2-rfc4071bis-08 as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready.

As stated in the introduction, this draft "describes the structure of the IETF 
Administrative Support Activity, version 2 (IASA 2.0).  It defines the roles 
and responsibilities of the IETF LLC Board, the IETF Executive Director, and 
ISOC in the fiscal and administrative support of the IETF standards process.  
It also defines the membership and selection rules for the IETF LLC Board."

The document is well written and easy to read. It does not describe any
specific technology or propose standard, and the security consideration
as just pro-forma, stating that "This document ...  introduces no
security considerations for the Internet." Which appears true.

Security impact, if any, would be indirect. One could imagine that some 
malevolent third party might apply pressure on the LLC staff, the board 
members, or ISOC, with a goal of compromising the standard process
and allowing publication of insecure standards. But this hypothetical
pressures could probably happen just as well in the current structure.
In fact, the draft's emphasis on clear process and transparency
provides additional protection, which confirms the assessment that
this document "introduces no security considerations for the Internet." 






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux