Last Call Review of draft-ietf-nfsv4-scsi-layout-nvme-05
review-ietf-nfsv4-scsi-layout-nvme-05-artart-lc-gruessing-2023-10-26-00

Request Review of draft-ietf-nfsv4-scsi-layout-nvme
Requested revision No specific revision (document currently at 07)
Type IETF Last Call Review
Team ART Area Review Team (artart)
Deadline 2023-11-01
Requested 2023-10-18
Authors Christoph Hellwig , Chuck Lever , Sorin Faibish , David L. Black
I-D last updated 2024-04-03 (Latest revision 2024-01-10)
Completed reviews Secdir IETF Last Call review of -05 by Deb Cooley (diff)
Artart IETF Last Call review of -05 by James Gruessing (diff)
Genart IETF Last Call review of -05 by Roni Even (diff)
Assignment Reviewer James Gruessing
State Completed
Request IETF Last Call review on draft-ietf-nfsv4-scsi-layout-nvme by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/Dg5O0z3P2i2aNneg9EYcfui9lHY
Reviewed revision 05 (document currently at 07)
Result Ready
Completed 2023-10-26
review-ietf-nfsv4-scsi-layout-nvme-05-artart-lc-gruessing-2023-10-26-00
This is my review of draft-ietf-nfsv4-scsi-layout-nvme-05 as part of ARTART Last Call review.

Overall this a short and clear document which I think is ready, however I have
only one question:

In your security considerations there are two normative statements:

>  Physical security is a common means for protocols not based on IP.
>  In environments where the security requirements for the storage
>  protocol cannot be met, pNFS with an NVMe layout SHOULD NOT be
>  deployed.
>   ...
>  In environments where the security requirements are such that client-
>  side protection from access to storage outside of the layout is not
>  sufficient, pNFS with a SCSI layout on a NVMe namespace SHOULD NOT be
>  deployed.

These appear repetitious to RFC 8154, and further are normative statements
required here? Whilst physical security considerations are important, do such
deployment guidance require it?