Last Call Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03-00
| Request | Review of | draft-ietf-i2nsf-sdn-ipsec-flow-protection |
|---|---|---|
| Requested revision | No specific revision (document currently at 14) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2020-09-04 | |
| Requested | 2020-08-21 | |
| Authors | Rafael Marin-Lopez , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia | |
| Draft last updated | 2020-09-03 | |
| Completed reviews |
Yangdoctors Early review of -04
by
Martin Björklund
(diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff) Opsdir Last Call review of -08 by Menachem Dodge (diff) Secdir Last Call review of -08 by Derek Atkins (diff) Genart Last Call review of -08 by Mohit Sethi (diff) Secdir Telechat review of -12 by Derek Atkins (diff) |
|
| Assignment | Reviewer | Menachem Dodge |
| State | Completed | |
| Review |
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03
|
|
| Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/VxkqJwuDkE6a8dgQYrd4GI7ognc | |
| Reviewed revision | 08 (document currently at 14) | |
| Result | Has Nits | |
| Completed | 2020-09-03 |
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-opsdir-lc-dodge-2020-09-03-00
This document is well written and very readable. Nits ---- Section 5.3: The first paragraph appears to be repeated. It appears at the end of page 11 and also at the start of page 12. Section 5.4 first paragraph: OLD --> "This information is incorporated to a list of NSFs under its control" Suggest --> This information is incorporated in a list of NSFs under its control" Section 8: Security Considerations: OLD --> In particular, the I2NSF Controller will handle cryptographic material so that the attacker may try to access this information. Although we can assume this attack will not likely to happen due to the assumed security measurements to protect the I2NSF Controller, it deserves some analysis in the hypothetical case the attack occurs. Suggest --> In particular, the I2NSF Controller will handle cryptographic material thus the attacker may try to access this information. Although we can assume this attack is not likely to happen due to the assumed security measurements to protect the I2NSF Controller, it still deserves some analysis in the hypothetical case that the attack occurs. Section 8.1 last bullet OLD --> If certificates are used, the NSF MAY generate the private key and exports the public key for certification to the I2NSF Controller. How the NSF generates these cryptographic material (public key/ private keys) and exports the public key it is out of scope of this document. Suggest --> If certificates are used, the NSF MAY generate the private key and export the public key for certification to the I2NSF Controller. How the NSF generates these cryptographic material (public key/ private keys) and exports the public key, is out of scope of this document.