Stephen Farrell has entered the following ballot position for draft-ietf-lisp-lcaf-17: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I basically support Alexey's discuss position and Ben's comment but with a bit more detail below. - section 3: I don't see how you can produce a canonical order of the LCAF encodings if two can contain e.g. the same values other than different URLs, since there is no canonical way to order URLs (or JSON structures etc.) without a lot more specification. - 4.3: I agree with Ben's comment. You ought include some text here to the effect that this information can be privacy senseitive and to recommend not sending or storing it in such cases. - 4.4: there are also potential privacy issues here if this could be used to identify traffic that is from one specific host behind a NAT. A similar privacy warning should be included. - 4.7: Sorry, when is key material sent in a message? How is that protected? (Key ids are fine, but not key values) - 4.10.2: The same privacy issues apply here as for 4.3 and 4.4, if the MAC address maps to e.g. a portable device carried by a person. - 4.10.3 and all of section 5: What are these for? I don't see the sense in defining these if there is no well defined way to use them. Any of these might have undesirable security and/or privacy characteristics. - Section 6: There are security considerations. See above. _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
