Hi Alvaro, Thank you very much for your detailed review.
Together with my co-authors, we have uploaded revision -27, which should address all your comments. The diff is at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-v6-27 Regards, KK On Mon, Apr 19, 2021 at 8:27 AM Alvaro Retana <[email protected]> wrote: > Enno: > > Hi! > > I looked at -26. > > I still find the applicability statement confusing, the the reasons I > described in 1.a/1.b (below). There is a contradiction about whether the > document applies to residential users (as mentioned in §1.1 and §5) or not > (as mentioned in the Abstract). Also, why does the "applicability > statement especially applies to Section 2.3 and Section 2.5.4” *only*? > > This is obviously a non-blocking comment, but I believe it is important > since the applicability statement may influence who reads and follows the > recommendations. > > Thanks! > > Alvaro. > > On April 10, 2021 at 2:36:26 PM, Enno Rey ([email protected]) wrote: > > Hi Alvaro, > > thanks for the detailed evaluation and for the valuable feedback. > > I went thru your COMMENTS and performed some related adaptions of the > draft. A new version has been uploaded. > > thank you again & have a great weekend > > Enno > > > > > On Mon, Apr 05, 2021 at 02:07:53PM -0700, Alvaro Retana via Datatracker > wrote: > > Alvaro Retana has entered the following ballot position for > > draft-ietf-opsec-v6-25: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > > > (1) The applicability statement in ??1.1 is confusing to me. > > > > a. The Abstract says that "this document are not applicable to > residential > > user cases", but that seems not to be true because this section says > that the > > contents do apply to "some knowledgeable-home-user-managed residential > > network[s]", and ??5 is specific to residential users. > > > > b. "This applicability statement especially applies to Section 2.3 and > Section > > 2.5.4." Those two sections represent a small part of the document; what > about > > the rest? It makes sense to me for the applicability statement to cover > most > > of the document. > > > > c. "For example, an exception to the generic recommendations of this > document > > is when a residential or enterprise network is multi-homed." I'm not > sure if > > this sentence is an example of the previous one (above) or if "for > example" is > > out of place. > > > > (2) ??5 mentions "early 2020" -- I assume that the statement is still > true now. > > > > (3) It caught my attention that there's only one Normative Reference > (besides > > rfc8200, of course). Why? What is special about the IPFIX registry? > > > > It seems that an argument could be made to the fact that to secure > OSPFv3, for > > example, an understanding of the protocol is necessary. This argument > could be > > extended to other protocols or mechanisms, including IPv6-specific > technology: > > ND, the addressing architecture, etc. Consider the classification of the > > references in light of [1]. > > > > [1] > > > https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/ > > > > > > > > -- > Enno Rey > > Cell: +49 173 6745902 > Twitter: @Enno_Insinuator > >
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
