[Anima] Martin Duke's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Wed, 12 August 2020 23:01 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: anima@ietf.org
Delivered-To: anima@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0494A3A0C86; Wed, 12 Aug 2020 16:01:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-anima-autonomic-control-plane@ietf.org, anima-chairs@ietf.org, anima@ietf.org, Sheng Jiang <jiangsheng@huawei.com>, jiangsheng@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <159727331599.2318.15903520948321408950@ietfa.amsl.com>
Date: Wed, 12 Aug 2020 16:01:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/1AA1SMYUDZ6tQt38IEG0qDQPfcs>
Subject: [Anima] Martin Duke's No Objection on draft-ietf-anima-autonomic-control-plane-28: (with COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 23:01:56 -0000
Martin Duke has entered the following ballot position for draft-ietf-anima-autonomic-control-plane-28: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-anima-autonomic-control-plane/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I found significant parts of this document tough to follow, particularly because there are many deployment variations for almost every element of the architecture. But I trust that the Security ADs will catch any remaining security issues. I appreciate that this effort appears, refreshingly, to have security baked in from the start. Sec 6.1.1 "it is beneficial to copy the device identifying fields of the node's IDevID certificate into the ACP certificate,... and the "serialNumber" contains usually device type information that may help to faster determine working exploits/attacks against the device." I am not certain the 'beneficial' assertion is supportable, if the benefit is some diagnostic help but the drawback is a security vulnerability. sec 6.5. If both nodes have empty ACP address fields, they are both Bob. What happens then? sec 6.11.1.14. "As this requirement raises additional Data-Plane,..." I am not sure what this clause means to say.
- [Anima] Martin Duke's No Objection on draft-ietf-… Martin Duke via Datatracker