Stephen: Thank you for your comments. I'm responding a WG chair. Alia Atlas will probably respond for the authors. Comments are below. Sue =======================
- section 1: "different vendors' routing systems" seems like it's assuming that there is only one vendor involved in each box. I don't think that's consistent with what's behind i2rs so re-wording there might be better. Sue: At this point, the WG considers "routing" system to be a set of software running on some hardware, and not a box. In a server box, you can lots (10s or 100s) of different routing systems. Is there something in that paragraph that caused you to think it was a box? If so, please let the authors know. - figure 1: I'm sure you'll fix the page break Sue: Yes - it will get fix - confidentiality for i2rs protocol: if I can watch i2rs traffic I can probably infer what policies are being used and use that to better attack networks. I think you could easily strengthen the wording there and that'd be better. If one has a way to securely authenticate endpoints, then you can almost as easily ensure confidentiality. Sue: The protocol requirement document specifies confidential (encrypted) transport and securely authenticated endpoints (mutual authenticated identities, passed out of band - in AAA protocol) as the default. For a few data models, we may propose that the data reported (not the configuration or the set-up of the notification) to be in the clear. We hope the security directorate will work with us on these few models to minimize any potential security attacks or issues. - general question: We know that govts target network admins. What are we doing to make i2rs traffic less easily used as a selector? (e.g. make sure it could work over Tor?) Sue: Not sure I grok this comment. I2RS traffic will use existing transports (NETCONF/RESTCONF for config, IPFix/RESTCONF/NETCONF for data transfer). These work in virtual environments (see ODL). - the secdir review [1] called out some nits you may want to consider (if you did already thanks, I didn't check in detail) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06342.html Sue: We'll work on fixing nits in the next version. Alia Atlas whose got the editor pen should take care of that in a week.
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
