Early Review of draft-ietf-cellar-ffv1-02

Request Review of draft-ietf-cellar-ffv1
Requested rev. no specific revision (document currently at 18)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2018-06-30
Requested 2018-05-29
Requested by Michael Richardson
Authors Michael Niedermayer, Dave Rice, Jérôme Martinez
Draft last updated 2018-06-01
Completed reviews Secdir Early review of -02 by Liang Xia (diff)
Genart Early review of -03 by Matthew Miller (diff)
Secdir Last Call review of -16 by Liang Xia (diff)
Genart Last Call review of -16 by Joel Halpern (diff)
Opsdir Last Call review of -17 by Qin Wu (diff)
We are going to WGLC on this in a week.
This is an Informational document (status will be fixed in -03), of a file format that is already common.
Another document (draft-ietf-cellar-ffv1-v4) is standards track and is coming soon.
This document is from a group of open source coders, and this is their first IETF experience, so please be extra constructive.
Assignment Reviewer Liang Xia 
State Completed
Review review-ietf-cellar-ffv1-02-secdir-early-xia-2018-06-01
Reviewed rev. 02 (document currently at 18)
Review result Ready
Review completed: 2018-06-01


The whole draft is in good shape and well written.
Some nits:
1. every word should start with capital letter for the section title;
2. section 2.2.4: / ceil(a) the largest integer less than or equal to a / ceil(a) the smallest integer larger than or equal to a /
3. section 3.7.2: [ISO.15444-1.2016]?
4. section 12.1: [I-D.ietf-cellar-ffv1]?
5. section 12.2: should all the RFC move to the Normative References (section 12.1)?

Issues for clarification:
In Security Considerations, besides the DoS attacks brought by the malicious payloads, is there any other kinds of attack possibly? For example, virus or worm are hidden in the malicious payloads to attack the system for more damages? Does it make sense and what's the consideration?