Last Call Review of draft-melnikov-imap-keywords-
review-melnikov-imap-keywords-secdir-lc-weiler-2009-11-11-00

Request Review of draft-melnikov-imap-keywords
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-11-16
Requested 2009-10-22
Authors Dave Cridland, Alexey Melnikov
Draft last updated 2009-11-11
Completed reviews Secdir Last Call review of -?? by Samuel Weiler
Assignment Reviewer Samuel Weiler
State Completed
Review review-melnikov-imap-keywords-secdir-lc-weiler-2009-11-11
Review completed: 2009-11-11

Review
review-melnikov-imap-keywords-secdir-lc-weiler-2009-11-11

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG.  These comments were written primarily for the benefit of the 


security area directors.  Document editors and WG chairs should treat 


these comments just like any other last call comments.






From a security perspective, I have no issues with this document. 


It creates a new registry and defines two sets of assignment metrics, 


one for "common use" keywords, and one for vendor-specific keywords.






It also registers four keywords.  (I'm wondering if it shouldn't be 


registering more.)







I'm finding the IANA assignment metrics to be a little more 


ambiguous that I'd like.




Starting with the vendor-specific text:

   Registration of vendor specific IMAP keywords is done on First Come
   First Serve [RFC5226] basis and doesn't require the Expert Review.
   However such review is still encouraged.  Should the review be
   requested, ...



Who requests the review?  The registrant or IANA?  Does IANA need to 


encourage the review?  Perhaps it would be better to have all requests 


(including vendor-specific) be sent to the mailing list, with IANA 


assignment of the vendor-specific ones being automatic following a 


(short) delay for comment and optional revision.




And for the common-use:

   Registration of an IMAP keyword intended for common use (whether or
   not they use the "$" prefix) requires Expert Review [RFC5226].  IESG
   appoints one or more Expert Reviewer, one of which is designated as
   the primary Expert Reviewer.  IMAP keywords intended for common use
   SHOULD be standardized in IETF Consensus [RFC5226] documents. ...
   In cases when an IMAP
   Keyword being registered is already deployed, Expert Reviewers
   should favour registering it over requiring perfect documentation.



Would it be better to say: "requires either IETF Consensus or Expert 


Review"?  (For example: do the registrations made in this doc have to 


go through Expert Review?  Isn't it enough to have them in a consensus 


doc?")  And how do you expect the expert to encourage/enforce the 


SHOULD, given the "favour registering it over requiring perfect 


documentation" guideline?  Again, the current text isn't as clear as 


I'd like.




-- Sam