Skip to main content

Last Call Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-secdir-lc-atkins-2020-09-03-00

Request Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection
Requested revision No specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-09-04
Requested 2020-08-21
Authors Rafael Marin-Lopez , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia
I-D last updated 2020-09-03
Completed reviews Yangdoctors Early review of -04 by Martin Björklund (diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff)
Opsdir Last Call review of -08 by Menachem Dodge (diff)
Secdir Last Call review of -08 by Derek Atkins (diff)
Genart Last Call review of -08 by Mohit Sethi (diff)
Secdir Telechat review of -12 by Derek Atkins (diff)
Assignment Reviewer Derek Atkins
State Completed
Request Last Call review on draft-ietf-i2nsf-sdn-ipsec-flow-protection by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/TqIqtTTgROiKqFuvDQnXdB5xXPY
Reviewed revision 08 (document currently at 14)
Result Has nits
Completed 2020-09-03
review-ietf-i2nsf-sdn-ipsec-flow-protection-08-secdir-lc-atkins-2020-09-03-00
Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary:

* With Nits

Details:

* NB: I did not review the Yang Models or Appendices

* Awkward sentence in section 8, top of page 21:

                              Moreover, the startup configuration
    datastore MUST be also pre-configured with the required ALLOW
    policies that allow to communicate the NSF with the I2NSF Controller
    once the NSF is deployed.

  Specifically "that allow to communicate the NSF with ..." should be
  changed, possibly to read "that allow the NSF to communicate with ..."

* at the end of 8.3 at the bottom of page 23 there is a space for "the
  subtrees and data nodes and their sensitivity/vulnerability:" but
  there is no list, it just goes onto the next paragraph at the top of
  the next page.

-derek