Secure Zero Touch Provisioning (SZTP)
draft-ietf-netconf-zerotouch-29
Yes
(Alvaro Retana)
(Ignas Bagdonas)
No Objection
(Deborah Brungard)
(Martin Vigoureux)
(Spencer Dawkins)
Note: This ballot was opened for revision 25 and is now closed.
Alvaro Retana Former IESG member
Yes
Yes
(for -25)
Not sent
Ignas Bagdonas Former IESG member
Yes
Yes
(for -25)
Unknown
Adam Roach Former IESG member
(was Discuss)
No Objection
No Objection
(2018-12-20 for -26)
Sent
Thanks for addressing my discuss point.
Alexey Melnikov Former IESG member
(was Discuss)
No Objection
No Objection
(2018-12-21 for -26)
Sent for earlier
Thank you for addressing my DISCUSS and comments! One nit remains: Also, "URI" deserve to be a Normative Reference, as it defines the generic syntax you are referring to.
Alissa Cooper Former IESG member
No Objection
No Objection
(2018-12-06 for -25)
Not sent
Unfortunately I ran out of time to review this document, so balloting no objection on the basis of the Gen-ART review.
Ben Campbell Former IESG member
No Objection
No Objection
(2018-12-05 for -25)
Sent
I support Adam's and Alexey's DISCUSS points. §1.2: I have a bit of discomfort in how the manufacturer/owner business model is encoded into this. In particular, is there any possibility of anonymous owners? How about secondary markets (i.e. transfer of a device between owners) without mediation by the manufacturer.)? But I see this is actually mentioned in the security considerations, so I don't really expect a change. §3.1, 4th paragraph: The first sentence is convoluted; please consider breaking it into multiple simpler sentences. - 6th paragraph: The first sentence is even more convoluted. §5.6, 10th paragraph: I'm not sure how to interpret "MUST try". That doesn't seem verifiable. -- first bullet under "implementation notes": is "roll out of" the same things as "roll back"? §9.8: - 4th paragraph: Can the "best practices" be cited or described? Otherwise, the normative "RECOMMENDED" seems pretty vague. (Or are the next few sentences intended to define those practices? -5th paragraph: Paragraph is hard to parse.
Benjamin Kaduk Former IESG member
(was Discuss)
No Objection
No Objection
(2019-01-05 for -27)
Sent
Thank you for the good discussion and resolution on both my Discuss points and the Comments, as well as for this clear and considered document and design; it really lays out the scenario of applicability and the functionality quite well.
Deborah Brungard Former IESG member
No Objection
No Objection
(for -25)
Not sent
Martin Vigoureux Former IESG member
No Objection
No Objection
(for -25)
Not sent
Mirja Kühlewind Former IESG member
No Objection
No Objection
(2018-11-30 for -25)
Sent
Thanks for this well-written doc. One quick question which wasn't fully clear to me from the text in the doc: If onboarding fails at some point, is the device supposed to iterate over another bootstrapping source or stop completely? One minor comment: Maybe spell out TPM and provide a reference.
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -25)
Not sent
Suresh Krishnan Former IESG member
(was Discuss)
No Objection
No Objection
(2018-12-21 for -26)
Sent
Thanks for addressing my DISCUSS and comments.