Do not be alarmed. I have reviewed this document as part of the security
directorate’s ongoing effort to review all IETF documents being
processed by the IESG. These comments were written with the intent
of improving security requirements and considerations in IETF drafts.
Comments not addressed in last call may be included in AD reviews
during the IESG review. Document editors and WG chairs should treat
these comments just like any other last call comments.
Summary: No security or privacy issues that I can see, but I do have
a couple of nits.
0) General:
I guess it wasn’t clear to me that the response will take on the form of the
RFC or if the text not proceeded by “>>>” in the main body will be returned
in some of other form.
1) Sec 1:
There’s a pointer to ICG’s charter and the RFP shouldn’t we also have a
pointer to the NTIA announcement:
http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions
2) Abstract contains:
The IETF community is invited to
comment and propose changes to this document.
I guess this makes it crystal clear that folks could comment on the draft,
but this sentence should be struck before going to the RFC editor.
3) Sec I (section #s refer to RFP sections): Missing word
Missing “the”? r/on iana.org/on the iana.org
The IETF
community presently accesses the protocol parameter registries via
references based on iana.org domain name, and makes use of the term
"IANA" in the protocol parameter registry processes [RFC5226].
4) Sec I: missing “.” at the end of the sentence:
>>> A description of any overlaps or interdependencies between your
>>> IANA requirements and the functions required by other customer
>>> communities
5) Sec I: Overlap
I assume the overlap here is with the other two communities listed in
this RFP (i.e., names & numbers) and not the IEEE or W3C?
6) Sec I: "RIR System"?
Through the IANA protocol
parameters registries, the IETF delegates unicast IP address and
AS number ranges to the RIR system [RFC7020],[RFC7249].
I went and looked in RFCs 7020 and 7249 and could find no reference
to an “RIR system” I found Internet Numbers Registry System was that
what you’re referring to?
7) Sec I: Missing question/response?
In addition to the four bullets there is also this paragraph in the RFP:
If your community relies on any other IANA service or activity
beyond the scope of the IANA functions contract, you may describe
them here. In this case please also describe how the service or
activity should be addressed by the transition plan.
And because the intro of the RFP says:
The IANA Stewardship Transition Coordination Group (ICG) seeks
complete formal responses to this RFP through processes which are to
be convened …
Don’t we need to include a response to this question even if the answer
is “none” or “see above”?
8) Sec II.A: r/the/The & r/all/All
IETF Response: the protocol parameters registries.
IETF Response: all policy sources relating to the protocol parameters
registry are affected.
9) Sec IV: Missing question?
The “Risks” paragraph in the RFP includes the following question:
Description of how long the proposals in Section III are expected to
take to complete, and any intermediate milestones that may occur
before they are completed.
Does it need to be included along with the bullets in Sec IV?
10) Sec V: missing question/response:
There are five bullets in sV this one is omitted:
o The proposal must not replace the NTIA role with a government-led
or an inter-governmental organization solution.
Should we say something about our proposal not replacing
NTIA with a government-y organizational solution? I mean I know it’s
obvious to you and me, but maybe being explicit here is better.
11) Sec VI: add IETF LC?
I assume you’re going to add a link to the IETF LC and maybe the ballots
to the end of the list of actions.
12) s3 (IANA Considerations)
r/is a response a request for/is a response to a request for
Cheers,
spt