Dear all, Taking a look at the draft I have noted some comments.
**********
- “This draft proposes that a capability interface to NSFs can be developed on
a flow-based paradigm….”
- What about the other three interfaces: registration, monitoring and
notification?
- Section 3.3 talks about the “Registration Interface” communicating the
Security Controller and the Developer’s Mngt systems, and Section 3.2.1 also
talks about “Registration Interface” but now referring to the communication
between the Security Controller and the NSF.
- Interface’s name should be change here.
- Section 4. The terms “client” should be clarified here to avoid ambiguity.
- Section 7.1.
-In the last example, the text says:
- An Event can be "the client has passed AAA process"; → the
term client should also be clarified, do you mean “end user”, “endpoint”?
- I like the example based on IPsec, but I think the example
could be something like (just suggesting):
• Event: “traffic type X detected”
• Condition: “from domain-A to domain-B”
• Action: “Establish an IPsec tunnel”
- In general, sometimes IPS/IDP examples are used, sometimes IPsec ones,
sometimes Firewalls o DDoS, but they are not related from one section to
another. I suggest to make use of one or two running examples across the whole
document.
- Section 8
- This sentence “It is very possible that the underlay network (or
provider network) does not have the capability or resource to enforce the flow
security policies requested by the overlay network (or enterprise network)” is
quite confusing.
- The association between underlay/provider and overlay/enterprise is
not described.
- Section 9.
- Section 9.1
-In this section Firewalls, IPS and IDS are described but it
seems more a closed list rather than examples. I think it should be clarified.
BTW, security gateways (IPsec) may be included in the list of “commonly
deployed NSF”.
- Section 9 is labelled “Registration consideration” but talks about
“traffic characterization”
- What “Registration” means here? capability registration?
security services? and why it is related with traffic characterization should
be described.
just my too cents.
Regards, Gabi.
-----------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: [email protected] <mailto:[email protected]>
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
