OK, Stephen, it will be updated in the revised version~ Thank you again.
2017-03-06 Z.W. Yan 发件人: Stephen Farrell 发送时间: 2017-03-06 10:21:47 收件人: Z.W. Yan; The IESG 抄送: draft-ietf-dmm-hnprenum; dmm-chairs; dmm; max.ldp 主题: Re: [DMM] Stephen Farrell's No Objection ondraft-ietf-dmm-hnprenum-06:(with COMMENT) On 06/03/17 01:34, Z.W. Yan wrote: > Hello, Stephen, > Thank you for your review and comments, please confirm my in-line responses. > > > > 2017-03-06 > > > > Z.W. Yan > > > > 发件人: Stephen Farrell > 发送时间: 2017-03-03 00:48:40 > 收件人: The IESG > 抄送: draft-ietf-dmm-hnprenum; dmm-chairs; dmm; max.ldp > 主题: [DMM] Stephen Farrell's No Objection on draft-ietf-dmm-hnprenum-06:(with > COMMENT) > > Stephen Farrell has entered the following ballot position for > draft-ietf-dmm-hnprenum-06: No Objection > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dmm-hnprenum/ > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > Section 7 says: "The protection of UPN and UPA > messages in this document follows [RFC5213] and > [RFC7077]." I'm not clear if "follows" means the same > as "MUST be protected using end-to-end security > association(s) offering integrity and data origin > authentication" (RFC5213, section 4). I think it ought > really, as otherwise this could subvert the security > of PMIPv6. So wouldn't it make sense to be explicit > that these new messages have the same MUST > requirements as binding updates. Doing that by > repeating the quoted text from 5213 would be a fine > way to do that, but there may be better options. > The above was a discuss ballot. The AD and an > author agreed with the interpretation above that > that adding a clarification might be good so I've > cleared the discuss assuming they'll do that > nicely. (Thanks). > > ***The following two options are aviable as the revision : > 1) This document causes no further security problem for the signaling > exchanges. > 2) This document causes no further security problem for the signaling > exchanges.The UPN and UPA messages in this document MUST be protected using > end-to-end security association(s) offering integrity and data origin > authentication as speficied in [RFC5213] and [RFC7077]. > > Which one do you think better, Stephen? #2 is clearly better IMO, Thanks, S > > > OLD COMMENT below > - It might also be worth saying in section 7 that to > provision a new HNP someone has to have setup all the > IPsec stuff for that. > > ***Does this comment be replaced the above one? Stephen. > _______________________________________________ > dmm mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmm >
_______________________________________________ dmm mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmm
