On 9/26/13 8:41 AM, Zu Qiang wrote: > Hello, The draft submission is just a follow-up of the discussion > with Dacheng. Here is the response I received from Dacheng a few > days ago " I think It could be a good idea that you do some analysis > work in your draft as well. If the work is solid, then we can ask the > WG whether they would like to combine the work together. "
As an IETF old-timer, as a working group chair, and as someone who really wants to see work moving forward I have to say that I'd prefer to see more cooperation and less competition. There's nothing wrong with proposing text on the mailing list - in fact, it's probably a sounder approach in terms of actually moving work forward. That said, I'm not in love with some of what's in your document. Some of the issues I see are with underspecification and others are with lack of explanation. To wit: Right off the bat you've got a problem with R1. "High availability" is one of those terms, like "simple," "scalable," "reliable," "secure," and so on that can mean a variety of things and should probably be either avoided or explained in detail if it can't be avoided. In this case I'm pretty sure that HA mechanisms for NVO3 would have to be out of scope for this version of the charter. Similarly, I wouldn't call R2 a requirement but rather a design consideration. Either describe in detail what you mean, or drop it. R4 and R5, explain what would happen if an attacker impersonated an endpoint. What's the relationship between those two requirements and R6 - is the concern a flooding attack, or what? Requirements 7 and 8 - why confidentiality? What information are you concerned might be exposed, and what are the issues with exposing it? As a side issue, I think you're conflating authentication and integrity - one is applied to a network entity and the other to traffic. Isn't R13 an implementation issue? Don't really understand R17. But more generally, when you say "security policies" do you mean things like IPSec policies, or do you mean device-specific filtering rules? R23: out of scope R25: tautological R27: why? Isn't this out of scope, anyway? R28 and R29 are out of scope. R30 is marketing-speak. And so on. Your requirements would benefit from a lot more explanation, specification, etc. Dacheng is correct in asking for some analysis, as there's not a lot in what you've written. Drop anything that looks like marketing recommendations. But most of all, cooperation rather than competition. Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
