I am the assigned Gen-ART reviewer for this draft. For background on




Gen-ART, please see the FAQ at




 




<

https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.tools.ietf.org_area_gen_trac_wiki_GenArtfaq&d=AAICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=I4dzGxR31OcNXCJfQzvlsiLQfucBXRucPvdrphpBsFA&m=sITgTP84yGaHOlBBZiB9yr8yJ3saUDz_ezXr0_7zXR0&s=ToxyMtIhluT9g1P7ZBH2FQN1ysRhib5pmy7-QEPiUBo&e=


>.




 




Please resolve these comments along with any other Last Call comments




you may receive.




 




Document: draft-ietf-tsvwg-port-use-06.txt




Reviewer: Dan Romascanu




Review Date: 12/15/14




IETF LC End Date: 12/22/14




IESG Telechat date: not yet




 




Summary: Ready with issues




 




The document is very clear and well written. I suggest that the author addresses the couple of issues raised here which are not show stoppers but their resolution can further improve the quality of the document.





 




Major issues:




 




Minor issues:




 







1.

      


The abstract says: 




 







Ø

 


This document provides recommendations to application and service


   designers on how to use the transport protocol port number space.




 




Section 1. Introduction says: 







 







Ø

 


   This document provides information and advice to system designers on


   the use of transport port numbers. 




 




In Section 7.2 ‘system designers’ appears again:





 







Ø

 


… 


system designers cannot yet rely on their presence.







Ø

 


 




 




I do not like ‘system designers’ because this term is vague and not defined. Beyond the inconsistency in terminology which is obvious in page 2, there is also room for confusion because ‘system’ is used with a completely different meaning
 as in ‘system port’. 




 




I suspect that  in section 1 ‘system designers’ is meant to be an alias for the ‘application and service designers’ from the intro, while in section 7.2 it’s rather meant to be an alias for ‘network designers’. If I am right I suggest
 replacing in both places. 




 







2.

      


The privacy considerations are not mentioned at all in the document. It seems to me that detecting in clear the port numbers and mapping this information to the source/destination addresses can provide information
 about specific hosts running specific services. I believe that this aspect should be mentioned either in the security considerations section or in a separate privacy considerations section, and in section 5, together with the paragraphs that mentions the capability
 of intermediate devices to monitor available services, monitor or intercept traffic.





 




 




 




Nits/editorial comments: