I have reviewed this document as part of the security directorate's  


ongoing effort to review all IETF documents being processed by the  


IESG. These comments were written primarily for the benefit of the  


security area directors. Document editors and WG chairs should treat  


these comments just like any other last call comments.






This document defines additional NSIS QSPEC objects, fitting into the  


NSIS QSPEC framework. This document simply adds new objects to that  


framework. While there are many security considerations to the use of  


the QSPEC framework, they seem to be covered by the reference to draft- 


ietf-nsis-qspec-24. The new objects do not inherently add any  


additional risks other than the ones mentioned. I believe the current  


Security Considerations text is sufficient.






However, I did notice the following nits that the authors should  


address:






1. Section 3.1 introduces a QSPEC extension (Figure 1) without  


actually saying which protocol is being extended. This is very  


confusing for a reader not familiar with NSIS. It needs to name that  


protocol. (I see that Russ Housley has a current DISCUSS making this  


same comment.)






2. Section 4.4 refers to "the example given in Section 4.4 of [I- 


D.ietf-nsis-qspec]". Is that the right section? It discusses  


extensibility of QSPEC, but there's no example.




3. Reference [Y.1221] has "Y.1541" in its title rather than "Y.1221".

4. Reference [Y.2172] has "Y.1540" in its title rather than "Y.2172".