Ben:
Something dropped your email - so I'm forwarding your comment on I2RS problem statement and my response to the WG. 1) I hope you will review my response to Alvaro. The document was written as broad-scope summary of industry trends. Could you confer with Alvaro on what body you feel constitutes a "valid" body to reference for these needs. For example, do you consider ETSI NFV NM, Cablelabs, or BBF as a reasonable body to refer to in validating these trends? 2) On the threat analysis, how do you have a threat analysis of problem statement or of a idea for an interface? I'm sure you have something useful in mind, but I am unable to parse your meaning. The I2RS protocol security requirement document and I2RS protocol security environment have requirement for security for the protocol and the environment. These came from early 2015 review by security directorate, and we spent 8-10 months working through their suggestions. Perhaps you could look at these and see if this is what you wanted? Sue Hares Ben Campbell's comment. I am sympathetic to the argument that this doesn't need to be published as an RFC. But I'm not going to block or abstain about that this late in the process. I share Alvaro's other concern that there are a lot of assertions of "need" that do not seem to be supported by the text. They tend towards passive voice (e.g. "it is desirable", "is needed", "there is a need" ), which obscures who actually has these needs. I'd like to see more explanation of the "who" and the "why" for these needs. The security considerations seem to say "security is important", and that authentication an authorization are required. I'd like to see more actual threat analysis.
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
