And I managed to leave secdir off as a recipient. spt Begin forwarded message: > From: Sean Turner > Subject: secdir review of draft-ietf-ianaplan-icg-response-06 > Date: December 13, 2014 at 10:25:49 EST > To: draft-ietf-ianaplan-icg-response at tools.ietf.org, The IESG , ietf at ietf.org > > Do not be alarmed. I have reviewed this document as part of the security > directorate’s ongoing effort to review all IETF documents being > processed by the IESG. These comments were written with the intent > of improving security requirements and considerations in IETF drafts. > Comments not addressed in last call may be included in AD reviews > during the IESG review. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Summary: No security or privacy issues that I can see, but I do have > a couple of nits. > > 0) General: > > I guess it wasn’t clear to me that the response will take on the form of the > RFC or if the text not proceeded by “>>>” in the main body will be returned > in some of other form. > > 1) Sec 1: > > There’s a pointer to ICG’s charter and the RFP shouldn’t we also have a > pointer to the NTIA announcement: > > http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions > > 2) Abstract contains: > > The IETF community is invited to > comment and propose changes to this document. > > I guess this makes it crystal clear that folks could comment on the draft, > but this sentence should be struck before going to the RFC editor. > > 3) Sec I (section #s refer to RFP sections): Missing word > > Missing “the”? r/on iana.org/on the iana.org > > The IETF > community presently accesses the protocol parameter registries via > references based on iana.org domain name, and makes use of the term > "IANA" in the protocol parameter registry processes [RFC5226]. > > 4) Sec I: missing “.” at the end of the sentence: > >>>> A description of any overlaps or interdependencies between your >>>> IANA requirements and the functions required by other customer >>>> communities > > 5) Sec I: Overlap > > I assume the overlap here is with the other two communities listed in > this RFP (i.e., names & numbers) and not the IEEE or W3C? > > 6) Sec I: "RIR System"? > > Through the IANA protocol > parameters registries, the IETF delegates unicast IP address and > AS number ranges to the RIR system [RFC7020],[RFC7249]. > > I went and looked in RFCs 7020 and 7249 and could find no reference > to an “RIR system” I found Internet Numbers Registry System was that > what you’re referring to? > > 7) Sec I: Missing question/response? > > In addition to the four bullets there is also this paragraph in the RFP: > > If your community relies on any other IANA service or activity > beyond the scope of the IANA functions contract, you may describe > them here. In this case please also describe how the service or > activity should be addressed by the transition plan. > > And because the intro of the RFP says: > > The IANA Stewardship Transition Coordination Group (ICG) seeks > complete formal responses to this RFP through processes which are to > be convened … > > Don’t we need to include a response to this question even if the answer > is “none” or “see above”? > > 8) Sec II.A: r/the/The & r/all/All > > IETF Response: the protocol parameters registries. > > IETF Response: all policy sources relating to the protocol parameters > registry are affected. > > 9) Sec IV: Missing question? > > The “Risks” paragraph in the RFP includes the following question: > > Description of how long the proposals in Section III are expected to > take to complete, and any intermediate milestones that may occur > before they are completed. > > Does it need to be included along with the bullets in Sec IV? > > 10) Sec V: missing question/response: > > There are five bullets in sV this one is omitted: > > o The proposal must not replace the NTIA role with a government-led > or an inter-governmental organization solution. > > Should we say something about our proposal not replacing > NTIA with a government-y organizational solution? I mean I know it’s > obvious to you and me, but maybe being explicit here is better. > > 11) Sec VI: add IETF LC? > > I assume you’re going to add a link to the IETF LC and maybe the ballots > to the end of the list of actions. > > 12) s3 (IANA Considerations) > > r/is a response a request for/is a response to a request for > > Cheers, > > spt