Last Call Review of draft-melnikov-imap-keywords-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
From a security perspective, I have no issues with this document.
It creates a new registry and defines two sets of assignment metrics,
one for "common use" keywords, and one for vendor-specific keywords.
It also registers four keywords. (I'm wondering if it shouldn't be
I'm finding the IANA assignment metrics to be a little more
ambiguous that I'd like.
Starting with the vendor-specific text:
Registration of vendor specific IMAP keywords is done on First Come
First Serve [RFC5226] basis and doesn't require the Expert Review.
However such review is still encouraged. Should the review be
Who requests the review? The registrant or IANA? Does IANA need to
encourage the review? Perhaps it would be better to have all requests
(including vendor-specific) be sent to the mailing list, with IANA
assignment of the vendor-specific ones being automatic following a
(short) delay for comment and optional revision.
And for the common-use:
Registration of an IMAP keyword intended for common use (whether or
not they use the "$" prefix) requires Expert Review [RFC5226]. IESG
appoints one or more Expert Reviewer, one of which is designated as
the primary Expert Reviewer. IMAP keywords intended for common use
SHOULD be standardized in IETF Consensus [RFC5226] documents. ...
In cases when an IMAP
Keyword being registered is already deployed, Expert Reviewers
should favour registering it over requiring perfect documentation.
Would it be better to say: "requires either IETF Consensus or Expert
Review"? (For example: do the registrations made in this doc have to
go through Expert Review? Isn't it enough to have them in a consensus
doc?") And how do you expect the expert to encourage/enforce the
SHOULD, given the "favour registering it over requiring perfect
documentation" guideline? Again, the current text isn't as clear as