Skip to main content

Last Call Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03-00

Request Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2020-09-04
Requested 2020-08-21
Authors Rafael Marin-Lopez , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia
Draft last updated 2020-09-03
Completed reviews Yangdoctors Early review of -04 by Martin Björklund (diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff)
Opsdir Last Call review of -08 by Menachem Dodge (diff)
Secdir Last Call review of -08 by Derek Atkins (diff)
Genart Last Call review of -08 by Mohit Sethi (diff)
Secdir Telechat review of -12 by Derek Atkins (diff)
Assignment Reviewer Menachem Dodge
State Completed
Review review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/VxkqJwuDkE6a8dgQYrd4GI7ognc
Reviewed revision 08 (document currently at 14)
Result Has Nits
Completed 2020-09-03
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03-00
This document is well written and very readable.

Nits
----
Section 5.3:  The first paragraph appears to be repeated. It appears at the end
of page 11 and also at the start of page 12.

Section 5.4 first paragraph:
 OLD --> "This information is incorporated to a list of NSFs under its control"
Suggest --> This information is incorporated in a list of NSFs under its
control"

Section 8: Security Considerations:

OLD --> In particular, the I2NSF Controller will handle cryptographic material
so that the attacker may try to access this information.  Although we can
assume this attack will not likely
   to happen due to the assumed security measurements to protect the I2NSF
   Controller, it deserves some analysis in the hypothetical case the attack
   occurs.

Suggest --> In particular, the I2NSF Controller will handle cryptographic
material thus the attacker may try to access this information.  Although we can
assume this attack is not likely
   to happen due to the assumed security measurements to protect the I2NSF
   Controller, it still deserves some analysis in the hypothetical case that
   the attack occurs.

Section 8.1 last bullet

OLD --> If certificates are used, the NSF MAY generate the private key and
exports the public key for certification to the I2NSF Controller. How the NSF
generates these cryptographic material (public key/ private keys) and exports
the public key it is out of scope of this document.

Suggest --> If certificates are used, the NSF MAY generate the private key and
export the public key for certification to the I2NSF Controller. How the NSF
generates these cryptographic material (public key/ private keys) and exports
the public key, is out of scope of this document.