Skip to main content

Secure Zero Touch Provisioning (SZTP)
draft-ietf-netconf-zerotouch-29

Yes

(Alvaro Retana)
(Ignas Bagdonas)

No Objection

(Deborah Brungard)
(Martin Vigoureux)
(Spencer Dawkins)

Note: This ballot was opened for revision 25 and is now closed.

Alvaro Retana Former IESG member
Yes
Yes (for -25) Not sent

                            
Ignas Bagdonas Former IESG member
Yes
Yes (for -25) Unknown

                            
Adam Roach Former IESG member
(was Discuss) No Objection
No Objection (2018-12-20 for -26) Sent
Thanks for addressing my discuss point.
Alexey Melnikov Former IESG member
(was Discuss) No Objection
No Objection (2018-12-21 for -26) Sent for earlier
Thank you for addressing my DISCUSS and comments!

One nit remains:
Also, "URI" deserve to be a Normative Reference, as it defines the generic syntax you are referring to.
Alissa Cooper Former IESG member
No Objection
No Objection (2018-12-06 for -25) Not sent
Unfortunately I ran out of time to review this document, so balloting no objection on the basis of the Gen-ART review.
Ben Campbell Former IESG member
No Objection
No Objection (2018-12-05 for -25) Sent
I support Adam's and Alexey's DISCUSS points.

§1.2: I have a bit of discomfort in how the manufacturer/owner business model is encoded into this. In particular, is there any possibility of anonymous owners? How about secondary markets (i.e. transfer of a device between owners) without mediation by the manufacturer.)? But I see this is actually mentioned in the security considerations, so I don't really expect a change.

§3.1, 4th paragraph: The first sentence is convoluted; please consider breaking it into multiple simpler sentences.

- 6th paragraph: The first sentence is even more convoluted.

§5.6, 10th paragraph: I'm not sure how to interpret "MUST try". That doesn't seem verifiable.
-- first bullet under "implementation notes": is "roll out of" the same things as "roll back"?

§9.8:
- 4th paragraph: Can the "best practices" be cited or described? Otherwise, the normative "RECOMMENDED" seems pretty vague. (Or are the next few sentences intended to define those practices?

-5th paragraph: Paragraph is hard to parse.
Benjamin Kaduk Former IESG member
(was Discuss) No Objection
No Objection (2019-01-05 for -27) Sent
Thank you for the good discussion and resolution on both my Discuss points and the Comments,
as well as for this clear and considered document and design; it
really lays out the scenario of applicability and the functionality quite
well.
Deborah Brungard Former IESG member
No Objection
No Objection (for -25) Not sent

                            
Martin Vigoureux Former IESG member
No Objection
No Objection (for -25) Not sent

                            
Mirja Kühlewind Former IESG member
No Objection
No Objection (2018-11-30 for -25) Sent
Thanks for this well-written doc.

One quick question which wasn't fully clear to me from the text in the doc: 
If onboarding fails at some point, is the device supposed to iterate over another bootstrapping source or stop completely?

One minor comment:
Maybe spell out TPM and provide a reference.
Spencer Dawkins Former IESG member
No Objection
No Objection (for -25) Not sent

                            
Suresh Krishnan Former IESG member
(was Discuss) No Objection
No Objection (2018-12-21 for -26) Sent
Thanks for addressing my DISCUSS and comments.