Last Call Review of draft-ietf-iasa2-rfc4071bis-08
review-ietf-iasa2-rfc4071bis-08-secdir-lc-huitema-2019-03-17-00

Request Review of draft-ietf-iasa2-rfc4071bis
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-03-18
Requested 2019-03-04
Draft last updated 2019-03-17
Completed reviews Secdir Last Call review of -08 by Christian Huitema (diff)
Rtgdir Last Call review of -08 by Ben Niven-Jenkins (diff)
Genart Last Call review of -08 by Paul Kyzivat (diff)
Assignment Reviewer Christian Huitema
State Completed
Review review-ietf-iasa2-rfc4071bis-08-secdir-lc-huitema-2019-03-17
Reviewed rev. 08 (document currently at 11)
Review result Ready
Review completed: 2019-03-17

Review
review-ietf-iasa2-rfc4071bis-08-secdir-lc-huitema-2019-03-17

I have reviewed this draft-ietf-iasa2-rfc4071bis-08 as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready.

As stated in the introduction, this draft "describes the structure of the IETF 
Administrative Support Activity, version 2 (IASA 2.0).  It defines the roles 
and responsibilities of the IETF LLC Board, the IETF Executive Director, and 
ISOC in the fiscal and administrative support of the IETF standards process.  
It also defines the membership and selection rules for the IETF LLC Board."

The document is well written and easy to read. It does not describe any
specific technology or propose standard, and the security consideration
as just pro-forma, stating that "This document ...  introduces no
security considerations for the Internet." Which appears true.

Security impact, if any, would be indirect. One could imagine that some 
malevolent third party might apply pressure on the LLC staff, the board 
members, or ISOC, with a goal of compromising the standard process
and allowing publication of insecure standards. But this hypothetical
pressures could probably happen just as well in the current structure.
In fact, the draft's emphasis on clear process and transparency
provides additional protection, which confirms the assessment that
this document "introduces no security considerations for the Internet."