[conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Thu, 01 October 2015 00:06 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED7DD1AC405; Wed, 30 Sep 2015 17:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFgrr3BJAx1v; Wed, 30 Sep 2015 17:06:55 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6145A1ACD53; Wed, 30 Sep 2015 17:06:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20151001000655.11590.32411.idtracker@ietfa.amsl.com>
Date: Wed, 30 Sep 2015 17:06:55 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/conex/cViuIKeQoKqSrIrc01PBXXFRV2Q>
Cc: draft-ietf-conex-destopt.ad@ietf.org, conex-chairs@ietf.org, conex@ietf.org, draft-ietf-conex-destopt@ietf.org
Subject: [conex] Stephen Farrell's No Objection on draft-ietf-conex-destopt-09: (with COMMENT)
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2015 00:06:57 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-conex-destopt-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-conex-destopt/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- section 7: "If the transport network cannot be trusted, IPsec
Authentication should be used to ensure integrity of the ConEx
information." Hmm. Transport networks cannot be trusted so the
first condition is always met. That means you are saying IPsec
should be used. I don't see how the key management required is
going to happen and even if it did, would that affect conex
calculations? I'm ok with an experiment on that basis though, 
but it'd be better if the real relationship between this and IPsec
were more fully fleshed out somewhere as part of the experiment.

- The secdir review [1] touches on similar issues. I'm not sure if
that got a response, but it raises a good point that seems to me to
deserve a response.

   [1] https://www.ietf.org/mail-archive/web/secdir/current/msg05957.html