Hi Dan, thank you for your review and comments. See below.
Cheers, Mehmet > -----Original Message----- > From: OPSAWG [mailto:[email protected]] On Behalf Of ext Romascanu, Dan > (Dan) > Sent: Thursday, December 12, 2013 2:23 PM > To: Warren Kumari; [email protected] > Subject: Re: [OPSAWG] Call for reviewers of draft-ersue-opsawg-coman-* > > Hi, > > I do not know if I really should be included in the reviewers count, as I am > a participant > in the coman work since it started, and my name shows up on the list of > authors, > although in all sincerity most of the credits go to Mehmet, who hold the pen > for most > of the time, including this latest wound which split the original document > into two > separate documents - one for use cases, the other for problem statement and > requirements. Anyway, FWIW I obviously believe this work is useful and I > support > doing it in the OPSAWG. I have a few comments recorded below: > > draft-ersue-opsawg-coman-use-cases > > 1. I do not believe that we can get away with a zero-content security > considerations > section. The described use cases mention the need to secure information > collected by > constrained devices, some other (like security cameras) carry information > related to > personal or public security that needs to be protected by robust mechanisms. > These > kind of threats need to be mentioned IMO. You are right a dummy security considerations section is not sufficient. Coman was not planning to address security exhaustively. Solace, now ACE, has been started where security for constrained devices will be discussed. We discussed the security requirements in section 3.6 of the problem statement draft. I agree, a discussion of the security threads should be provided in a security considerations section. > draft-ersue-opsawg-coman-probstate-reqs > > 1. The draft uses the 'adjective' small device in association with > constrained device in a > few place. I suggest to remove this. There is no automatic association of a > device > being small implying that it is also constrained. Nor are all constrained > devices small in > size. Agree. We should be more precise with the terminology. > 2. We have made an effort in the last few versions and especially in this one > to > distinguish between the constrained devices and constrained networks, but the > clean-up > on this issue is not complete. For example section 1.6 still has text about > constrained > networks - this section and other in which constrained networks are mentioned > should > be carefully examined to make sure that the focus of the document stays with > constrained devices, and that if constrained networks are mentioned at all > this is in the > context of their relationship with the constrained devices. Why strictly devices? We also have requirements discussing the organization of constrained networks from management pov. in section 3.1. > 3. I do not believe that we can get away with a zero-content security > considerations > section here either. The document even says: > > If specific requirements for > security will be identified, they will be described in future > versions of this document. > > This is not accurate - section 3.6 already speaks about requirments for > security and > access control, and section 1.6 mentions limitations that would prevent the > implementation of strong scryptographic algorythms. The text needs to be > reviewed > and revised from this perspective. I think the "future" is now and the current text in the security considerations section needs to be replaced. I would suggest to provide a security considerations section by listing and discussing threads in the problem statement draft and refer to it from the use cases draft. Comments? > > Regards, > > Dan > > > -----Original Message----- > > From: OPSAWG [mailto:[email protected]] On Behalf Of Warren Kumari > > Sent: Wednesday, December 04, 2013 6:49 PM > > To: [email protected] > > Subject: [OPSAWG] Call for reviewers of draft-ersue-opsawg-coman-* > > > > Hi all, > > > > Hopefully you all had a good Thanksgiving -- if you are in the US, > > hopefully you had good turkey, stuffing / whatever. > > If you are not US based, hopefully you enjoyed the decrease in email > > volume while everyone recovered form eating too much. :-) > > > > One of the action items from Vancouver was for us to call for reviewers > > for: > > http://datatracker.ietf.org/doc/draft-ersue-opsawg-coman-probstate-reqs/ > > and > > http://datatracker.ietf.org/doc/draft-ersue-opsawg-coman-use-cases/ > > > > So, can we get some volunteers please? According to our new guidelines > > we require sufficient reviewers before adopting new work. > > > > The documents are (IMO) interesting and easy to read. Constrained > > devices have some interesting requirements and limitations. > > If you would like a quick reminder / refresher from the meeting, slides > > are here: http://tools.ietf.org/agenda/88/slides/slides-88-opsawg-11.pdf > > > > Juergen Schoenwaelder <[email protected]> indicated > > that one of his Ph.D. students had read the draft a couple of weeks ago. > > So they just have to review the changes to the latest version. > > > > > > W > > -- > > "I think it would be a good idea." > > - Mahatma Ghandi, when asked what he thought of Western civilization > > > > > > > > _______________________________________________ > > OPSAWG mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
