Early Review of draft-ietf-nmop-terminology-07
review-ietf-nmop-terminology-07-secdir-early-orman-2024-11-13-00
Request | Review of | draft-ietf-nmop-terminology |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Early Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-11-22 | |
Requested | 2024-10-17 | |
Requested by | Mohamed Boucadair | |
Authors | Nigel Davis , Adrian Farrel , Thomas Graf , Qin Wu , Chaode Yu | |
I-D last updated | 2024-11-13 | |
Completed reviews |
Secdir Early review of -07
by Hilarie Orman
(diff)
Genart Early review of -07 by Paul Kyzivat (diff) Opsdir Early review of -07 by Jouni Korhonen (diff) Rtgdir Early review of -07 by Stewart Bryant (diff) Iotdir Early review of -07 by Carsten Bormann (diff) Intdir Early review of -07 by Dirk Von Hugo (diff) |
|
Comments |
The document establishes foundational terms and concepts for anomaly, incident, and fault management. Coining carefully these terms is thus important for adoption within the IETF at large (but also in discussion with other SDOs). Some of these terms may have more contextualized meaning in areas such as "incident" in security. We do appreciate your review on the scope, clarity, articulation of various concepts in the document. Of course, the WG and the authors welcome other comments. Thank you. |
|
Assignment | Reviewer | Hilarie Orman |
State | Completed | |
Request | Early review on draft-ietf-nmop-terminology by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/XskV_1SqS-ENeDyPxE4Q7OllU58 | |
Reviewed revision | 07 (document currently at 09) | |
Result | Has issues | |
Completed | 2024-11-13 |
review-ietf-nmop-terminology-07-secdir-early-orman-2024-11-13-00
To: iesg@ietf.org, secdir@ietf.org Cc: draft-ietf-nmop-terminology.all@ietf.org Subject: Security directorate review of draft-ietf-nmop-terminology-06 --text follows this line-- Security review of Some Key Terms for Network Fault and Problem Management draft-ietf-nmop-terminology-06 Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other early review comments. The selection of the "key terms" for definition was mysterious to me as I read the draft. Reading over the mailing list, I've come to see that it is conceived as a companion document for all the NMOP documents, and the terms were derived from that collection. The definitions help ensure that the document collection has consistent terminology. That, however, is undermined by the awkwardness of the definitions. This is a laudable effort to facilitate communication by acting on the adage "define your terms". Those definitions have to shine with clarity if they are to be useful. But if instead, the definitions are per se confusing, then there is no advantage, and it would be better to proceed on the assumption that the words have their ordinary dictionary meanings. Much of this document lacks clarity, as illustrated by the following samples. "A characteristic may be considered with respect to the concept of dimensional that is built on facts (see 'value', below) and dimensions (the contexts and descriptors that identify and give meaning to the facts)." I cannot interpret that sentence. "Dimensional analysis", perhaps? Still, it is opaque, and I recommend deleting it. The next sentence says that "metric" is a synonym for "characteristic". Amend the preceding sentence "Characteristic: Observable or measurable aspect or behavior associated with a resource." to "Characteristic: Observable or measurable aspect or behavior associated with a resource. I.e., a metric." "Value: A measurable amount which may be in the form of an integer (e.g., a count) or on a continuous variable (e.g., an analogue measurement) associated with a characteristic." Awkward phrasing. A value is a measured amount that can be integer or rational. A value is the measurement of a resource. That resource might be associated with a characteristic, or it might not, or it might be associated with many characteristics. Must a value be a number? Could it be one of "{low, medium, high}", for example? That might happen if a vendor supplies a "measurement" with those values. "Resource: A component, commodity, service, or capability that can be used to support the delivery of some function." What does the "delivery of some function" mean? "Function" is not a defined term. I suspect that a "resource" is more succinctly defined as a "component of a system". Further definitions suggest that a resource must have at least one "characteristic" (i.e., metric), so a resource is a system component with one or more metrics. Are there system components without metrics? Are they resources? I'm not sure. "Change: In the context of monitoring network resources, the variation in values associated with a characteristic of a resource at a specific time or over time. * Most changes are not noteworthy (i.e., are not relevant). * Perception of change depends upon detection, the sampling rate/accuracy/detail, and perspective." First, it's not a good idea to redefine an ordinary, simple word ("change") to have a particular meaning. It results in people having to say "I mean 'change' in the sense of terminology document, not in the sense of ordinary English" or vice versa. Beyond that, the definition is awkward. You can just say "a variation in a value or a history of those variations." A value is associated with a time, so there's no need to use "time" as part of the definition of "change". Why is the statement that "most changes are not noteworthy" part of the *definition*?? "Perception of change" sounds like "if a tree falls in the forest" conundrum. The text is redundant and unhelpful. "Event: The change in value (of a characteristic of a resource)" "Compared with a change, which is over a period of time, an event happens at a measurable instant." But an event is here *defined* as a "change". It's a change but not a change? What is a "measurable instant"? It's not the instant that's being measured, it's the value at a time. Etc.