Eric Rescorla has entered the following ballot position for draft-ietf-i2nsf-problem-and-use-cases-11: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-problem-and-use-cases/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I don't have any problem with this document per se, but it's a little odd how it's written in a vacuum as if there weren't already technologies which did a lot of the things you are talking about here (e.g., YANG) and which the WG intends to use. I think this document would be a lot stronger if it didn't act as if the WG was agnostic and instead called out what solutions the WG intends to adopt for these. I'm also somewhat surprised this is being advanced as Standards Track, given that it doesn't have any normative content, and becaus ehte writeup says that there isn't commitment to implement this. I won't hold a DISCUSS on this, but I would suggest it be Informational. S 2. Flow-based NSF: An NSF which inspects network flows according to a security policy. Flow-based security also means that packets are inspected in the order they are received, This seems over-specific, because sometimes firewalls and the like will store packets so that it can re-assemble them, in which case it inspects them in logical not time order. S 3.1.7. Different policies might need different signatures or profiles. Today, the construction and use of black list databases can be a win-win strategy for all parties involved. Well, except for attackers. They are involved. S 3.1.9; bullet 3. Symmetric keys and group keys are not the same type of category, so I can't read this section. What are you trying to say here? S 3.5. "xamine" and "scnearios" are misspelled. S 3.6. ToR seems to be undefined. Figure 3. I think this dotted circle-thing is intended to tell me that the operator controls the stuff inside the circle, but I'm not sure. Maybe some labels would help. _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
