Skip to main content

Early Review of draft-ietf-i2nsf-consumer-facing-interface-dm-20
review-ietf-i2nsf-consumer-facing-interface-dm-20-secdir-early-kaufman-2022-06-12-00

Request Review of draft-ietf-i2nsf-consumer-facing-interface-dm-19
Requested revision 19 (document currently at 31)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2022-06-17
Requested 2022-05-18
Requested by Linda Dunbar
Authors Jaehoon Paul Jeong , Chaehong Chung , Tae-Jin Ahn , Rakesh Kumar , Susan Hares
I-D last updated 2022-06-12
Completed reviews Yangdoctors Last Call review of -05 by Jan Lindblad (diff)
Yangdoctors Last Call review of -07 by Jan Lindblad (diff)
Secdir Early review of -20 by Charlie Kaufman (diff)
Genart Last Call review of -26 by Roni Even (diff)
Tsvart Last Call review of -26 by Dr. Joseph D. Touch (diff)
Secdir Last Call review of -26 by Charlie Kaufman (diff)
Intdir Telechat review of -27 by Dirk Von Hugo (diff)
Comments
Appreciate SEC Area and Ops Area Directorate's early review before issuing the WGLC. 

Thanks, Linda Dunbar
Assignment Reviewer Charlie Kaufman
State Completed
Request Early review on draft-ietf-i2nsf-consumer-facing-interface-dm by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/imMiEfZJNuXSt-fzcDd5gdo-wwQ/
Reviewed revision 20 (document currently at 31)
Result Has nits
Completed 2022-06-11
review-ietf-i2nsf-consumer-facing-interface-dm-20-secdir-early-kaufman-2022-06-12-00
Reviewer: Charlie Kaufman
Review result: Has nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document specifies a syntax for specifying security policies that apply in
a networked environment. It is intended that general policies would be fed into
the system in this syntax and then some policy engine would determine which
policies need to be enforced by which nodes in the system and appropriate
subsets would be distributed. The syntax takes the form of a YANG data model.

The review result I wanted to give was "Mostly Harmless". I am skeptical as to
whether the collection of policies specifiable is flexible enough to be usable
to manage a real network, but the syntax is easily extensible and this seems as
good a place to start as any. If it encourages experimentation with management
systems that distribute policies this way, that would be a good thing, and any
deficiencies found could be fixed later. I could imagine other groups having
very different visions as to how to manage this information, but I would not
expect the presence of this document as an RFC would discourage them from
experimenting with those visions.

I'm not sufficiently familiar with YANG or with Network Functions
Virtualization to have a useful opinion as to how good this design is.

I noticed one nit, which suggests they might want to run the document through a
spelling checker. The nit is not worth holding the document up if no one finds
anything else.

Nits:

Page 8: interuption -> interruption

--Charlie