Alexey Melnikov has entered the following ballot position for draft-ietf-anima-autonomic-control-plane-16: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-anima-autonomic-control-plane/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I haven't finished reading the whole document. I agree with Benjamin and Ekr that some security aspects are underspecified. A few extra comments/questions of my own: 1) Where is locator-option formally defined? 2) 6.10.2. The ACP Addressing Base Scheme o The 40 bits ULA "global ID" (term from [RFC4193]) for ACP addresses carried in the domain information field of domain certificates are the first 40 bits of the SHA256 hash of the routing subdomain from the same domain information field. I think you need to make clear that one needs to canonicalize (e.g. to lowercase) the routing subdomain before applying hash. You don't want some nodes using "example.com" and other "EXAMPLE.com". In the example of Section 6.1.1, the routing subdomain is "area51.research.acp.example.com" and the 40 bits ULA "global ID" 89b714f3db. 3) A.6: When Alice and Bob successfully establish the GRASP/TSL session, they typo: TSL --> TLS will negotiate the channel mechanism to use using objectives such as performance and perceived quality of the security. After agreeing on a channel mechanism, Alice and Bob start the selected Channel protocol. Once the secure channel protocol is successfully running, the GRASP/TLS connection can be kept alive or timed out as long as the selected channel protocol has a secure association between Alice and Bob. When it terminates, it needs to be re-negotiated via GRASP/ TLS. _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
