I have completed the secdir review of draft-ietf-rift-applicability, part of the secdir effort to review all documents progressing to this stage in the IETF. These comments should be treated like any other in the the last call process. The result of the review is not ready.

I used to think I knew broadly what networking was, then I read this document. There's a fair number of terms that are new to me, and some more references might help develop understanding. But that's a minor editorial point.

More concerning is the complete absence of discussion of security, choosing to kick that to RIFT. That's despite a section about key management in the document, as well as discussion of operational scenarios that have implications for the choice of key management technology used. I'd like to see more here: it's an opportunity to spell out security considerations applicable to the scenarios with more specificity than in the RIFT drafts.

Sincerely,
Watson Ladd