Hi Chris, Thanks again for the review of the LISP PubSub document, it was most helpful! We brought the SECDIR comments to the attention of the LISP WG during the last IETF in November and gathered some consensus from the WG on how to move forward.
Regarding the use of the term "nonce", the opinion of the WG was to keep the term for consistency with the rest of the LISP documents. The term nonce has been used this way in the LISP literature for so long that the WG believes it would be very challenging to change it now. As per what happens when the nonce fields exceeds the field space, we have submitted a new version of the draft (-07) with a note to clarify that it is not expected to happen during normal operation of the protocol due to the large field size. Please feel free to take a look at the new version of the document and kindly let us know if you have any further comment. https://tools.ietf.org/html/draft-ietf-lisp-pubsub-07 Thanks again for your time and great feedback! Alberto On 10/1/20, 6:15 PM, "Alberto Rodriguez Natal (natal)" <[email protected]> wrote: Thanks a lot for the review Chris, this is much appreciated feedback. We will submit a new iteration of the document addressing your comments. Thanks also Joel for facilitating the review. Best, Alberto On 10/1/20, 12:06 PM, "Joel M. Halpern" <[email protected]> wrote: Thank you Chris. That is helpful, and I am confident the authors will clean up the terminology. Yours, Joel On 10/1/2020 8:34 AM, Chris Lonvick wrote: > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This is an "Early Review Request" so I'm going to mark the draft as > READY WITH NITS. > > It appears that there's a raft of drafts of LISP documents progressing > together through the WG that cross-reference each other in that they all > provide foundation and support for their collective features. (I'll > admit that I haven't been keeping up.) So if my nits have been addressed > in another document, that just means that I didn't dig far or deep > enough so please consider giving a pointer in the Security > Considerations of this document so others won't similarly be left adrift. > > In this document, and the associated others that I peered into, the term > "nonce" seems to be used more as a "token" than, well, what I consider > to be a nonce. In one case it may be a random value, but in several > others the value is stored, compared, and reused. This is inconsistent > with the IETF's Security Glossary RFC 4949. > > Also, there is a reference to increasing the nonce for a particular use. > However, I saw no discussion of what to do when the value exceeds the > field space. > > Other than that, the document appears to be well written and well > thought out. > > Best regards, > > Chris > _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
