Hi,
I looked at this document from the perspective of NETCONF/RESTCONF and
here are some comments I wrote down while reading the document:
a) The abstract says:
Environment security requirements are independent of the protocol
used for I2RS.
Hence, there should be no requirements for NETCONF. But lets see...
REQ 3: The I2RS Agent validates data to ensure injecting the
information will not create a deadlock with any other system,
nor will it create a routing loop, nor will it cause the
control plane to fail to converge.
This is not implementable. How should an I2RS Agent determine this?
This would require that every I2RS Agent has a global view on the
network and the routing state in all network elements.
b) There are a number of AAA requirements, some are difficult to
understand and it remains unclear why they are not already covered
in the authentication document. Overall, I am a bit confused which
problem this document tries to solve. There are a few bits of
implementation advice, perhaps this document could be the beginning
of an implementation guidelines document.
c) The discussion of communication requirements between an I2RS Client
and its Applications seems a bit out of scope since I understand
this is not something I2RS actively works on. The I2RS architecture
document says:
The details of how applications communicate with a remote client
is out of scope for I2RS.
Similarly, the authentication requirements document says:
Please note the security of the application to I2RS client connection
is outside of the I2RS protocol or I2RS interface.
/js
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
_______________________________________________
i2rs mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2rs
