Reviewer: Charlie Kaufman
Review result: Has nits

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document specifies a syntax for specifying security policies that apply in a networked environment. It is intended that general policies would be fed into the system in this syntax and then some policy engine would determine which policies need to be enforced by which nodes in the system and appropriate subsets would be distributed. The syntax takes the form of a YANG data model.

The review result I wanted to give was "Mostly Harmless". I am skeptical as to whether the collection of policies specifiable is flexible enough to be usable to manage a real network, but the syntax is easily extensible and this seems as good a place to start as any. If it encourages experimentation with management systems that distribute policies this way, that would be a good thing, and any deficiencies found could be fixed later. I could imagine other groups having very different visions as to how to manage this information, but I would not expect the presence of this document as an RFC would discourage them from experimenting with those visions.

I'm not sufficiently familiar with YANG or with Network Functions Virtualization to have a useful opinion as to how good this design is.

I noticed one nit, which suggests they might want to run the document through a spelling checker. The nit is not worth holding the document up if no one finds anything else.

Nits:

Page 8: interuption -> interruption

--Charlie