Mirja Kühlewind has entered the following ballot position for draft-mm-wg-effect-encrypt-17: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-mm-wg-effect-encrypt/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Really thanks a lot for all the work on this document! I changed my position from discuss to no objection with these edits now because I think there are still things that could be improved to make the document more useful. However, I also think that it is important to publish this document soonish and I don't think any additional delay would help the message significantly. ------------------------------- Old comment for the record: ------------------------------- I would be a 'Yes' because I think this document is very valuable, however, I think it could be structured better to provide more value. The document is rather long and has some redundancy due to the structure: while sections 2.-4. are split based on the type of network operator, sections 5. and 6. are split based on the protocol layer. Further I think section 2 could be further extended because there are more cases to cover, also see (section 3 of) https://tools.ietf.org/html/draft-dolson-plus-middlebox-benefits-03. See for more concrete and mostly editorial comments below: 1) sec 2.1.1: "The definition of a flow will be based on a combination of header fields, often as many as five for 5-tuple flows (including addresses and ports for source and destination, and one additional field such as the DSCP or other priority marking)." Usually the 5th field is the protocol number; I'm not aware of any load balancers that look at DSCP...? 2) sec 2.1.4 seems to cover two different cases: caching and differential treatment 3) sec 2.1.6. should probably be called "Content Filtering" and "Mobility Middlebox Content Filtering" should be an own subsection, as parental filtering is not specific to mobile networks. 4) I don't really understand why sec 2.1.7 "Access and Policy Enforcement" is a subsection of 2.1 "Middlebox Monitoring". Was that on purpose or an error? Actually I don't really understand the structure of section 2 at all. What's the difference between 2.1 and 2.2? I would group section 2.1.1, 2.1.2, and 2.1.3 under Traffic Monitoring and move all other subsections of 2.1 one level up... 5) sec 3 rather describes how encryption is already used and doesn't not really discuss any effects of increased use of encryption. 6) there is quite some overlap between section 2 and 4.1.3. as the problems on monitoring/troubleshoot are the same for enterprise network and other networks; the only difference is that in enterprises TLS interception may be acceptable while it's not for network operators. However, it would still be good to better align these sections. 7) section 6 only describes with information is visible but not how and if this information is used and what would happen if this information would go away. 8) section 7 should be integrated in the introduction because it sets the context for this document and it's not needed to have read the rest of the document to understand this section. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg