Re: [Gen-art] Gen-art LC Review of draft-ietf-anima-autonomic-control-plane-13
Toerless Eckert <tte@cs.fau.de> Thu, 01 March 2018 03:09 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2575112DDD2; Wed, 28 Feb 2018 19:09:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.959
X-Spam-Level:
X-Spam-Status: No, score=-3.959 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWFsYmO0ogh4; Wed, 28 Feb 2018 19:09:30 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 644CD12DB6E; Wed, 28 Feb 2018 19:09:30 -0800 (PST)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 89B4A58C4B3; Thu, 1 Mar 2018 04:09:24 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 66403B0DBCF; Thu, 1 Mar 2018 04:09:24 +0100 (CET)
Date: Thu, 01 Mar 2018 04:09:24 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Elwyn Davies <elwynd@dial.pipex.com>, "gen-art@ietf.org" <gen-art@ietf.org>, draft-ietf-anima-autonomic-control-plane.all@ietf.org
Message-ID: <20180301030924.GD29300@faui40p.informatik.uni-erlangen.de>
References: <a6351b48-ae97-5212-58cb-40a1f242fafb@dial.pipex.com> <59154ae1-b818-ad36-cafa-0e91faab3dac@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <59154ae1-b818-ad36-cafa-0e91faab3dac@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/hHH378Oqczrgv6hNEoDN-LzcJ5Q>
Subject: Re: [Gen-art] Gen-art LC Review of draft-ietf-anima-autonomic-control-plane-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 03:09:33 -0000
Elwyn, Brian, *: Just quickly:
Thank a lot. there is this looming deadline called March 5th for other work,
so will only be able to get back and seriously work on your review afterwards.
Cheers
Toerless
On Thu, Mar 01, 2018 at 02:45:36PM +1300, Brian E Carpenter wrote:
> Replying as a protagonist -
>
> First thanks for the really thorough review with many good points.
>
> Now a few replies in-line:
>
> On 28/02/2018 15:24, Elwyn Davies wrote:
> > I am the assigned Gen-ART reviewer for this draft. The General Area
> > Review Team (Gen-ART) reviews all IETF documents being processed
> > by the IESG for the IETF Chair. Please treat these comments just
> > like any other last call comments.
> >
> > For more information, please see the FAQ at
> >
> > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> >
> > Document: draft-ietf-anima-autonomic-control-plane-13.txt
> > Reviewer: Elwyn Davies
> > Review Date: 2016/02/27
> > IETF LC End Date: 2016/02/26
> > IESG Telechat date: (if known) -
> >
> > Summary: Not ready. There are a number of minor issues and a host of nits and editorial fixes needed. I would also consider that the expected status (expeimental vs standards track) ought to be discussed on account of the areas where it is incomplete (e.g., incompleteness of the key Intent mechanism).
>
> An Intent mechanism is not required to build and operate the ACP, and if
> the draft gives that impression, it needs to be fixed.
>
> >
> > Major issues:
> > I am sure this has been considered elsewhere, but the amount of future work and areas where operation might discover problems indicates to me that maybe this should be an experimental proposal rather than standards track.
>
> It's chartered as standards track and other drafts have a normative
> dependency on it. So changing the intended status would be very
> problematic. Of course it's a judgment call, but there's nothing
> dubious that it depends on - ULAs, IPSEC, RPL, VRF functionality,
> in fact all the normative references except GRASP and BRSKI are well
> established. (GRASP has a mutual normative reference to this document,
> and is already in the RFC Editor queue; BRSKI is not out of the
> WG yet, so is likely to become a MISSREF.)
>
> Yes, I'd be happier if I had running code for the ACP, but as far as
> I know that isn't a requirement for Proposed Standard.
>
> > Minor issues:
> > Clarity regarding limitations of the ACP approach:The document is relentlessly positive about the ACP approach. Clearly certain problems will not allow the ACP to function. For example it implies that the physical network and interfaces are a shared resource: low level failures or misconfiguration at (say) Level 2, may still knockout the ACP as well as the data-plane. Some brief words on this would not go amiss. This could well be in s4.
> >
> > s2, para 2: There are several instances in the terminology definitions that are confusing before the term has been fully introduced later (and in some cases even then, e.g., the cryptic reference to 'paragraph 21' in the ACP address definition.) This should be cleared up. Notes are given in the Nits/Editorial comments below,
> >
> > s4, "ACP4", also s6.8.2:
> >> Clients of the ACP MUST
> >> NOT be tied to a particular application or transport protocol.
> >
> > It may be that I don't understand the problem, but the communication between the ACP nodes seems to be tied to the secure channels.
>
> Yes, but those are IPv6-in-something channels, that being the nature of a VRF.
> So anything that runs over IPv6 is OK. (I'm not sure that this MUST NOT
> actually matters: once we know it's an IPv6 channel, do we care?)
>
> > I am not sure how this is compatible with the any transport protocol requirement. There doesn't seem to be any further explanation of how this requirement is fufilled. This is linked to he means that is not specified by which the ACP address TLS connections are connected to the secure channels. This may be because I don't understand the problem
> >
> > s6.1.1: RFC 5280 discusses the option of leaving the subjectName blank if the subjectAltName is present. What would we expect to find in the subjectName field of the ACP Domain cert?
> >
> > s6.1.1: I don't understand where the routing-subdomain element is
> > carried. routing-subdomain is a top level production in the ABNF that
> > isn't referenced in the rest of the ABNF and a separate example is
> > given. Is the intention that the subjectAltName would consist of a
> > sequence of two rfc822names as allowed by the X.509 syntax if the
> > routing-subdomain is required?
> >
> > s6.1.3: I don't understand why the EST renewal server address has to (or, at least, might) be configured into all ACP nodes when the EST server announces itself with M_FLOOD messages. For one thing it goes (further) against automicity.
> >
> > s6.7.x, Security algorithm agility?: Each of the options specifies a
> > MTI, minimum (in today's tems) capability set of cyypto algorithms. It
> > is not clear (to me) how this will be adapted if and when these
> > algorithms are no longer adequately secure. Some words on ths may be
> > necessary.
> >
> > s9.1, "Network Partition": I am not sure I believe the story on partition - It seems possinle that one of the segments could be left without an enrollment server after partition. Am I right and does it matter?
>
> Yes, that could happen, I think. We could perhaps have stand-by servers
> in every router, ready to leap into action after a partition (and be
> discoverable via GRASP), but if there is no server after partition, that
> part of the network is stuck. It's like emergency generators (in fact,
> I'd say that everywhere you need a stand-by generator, you need a stand-by
> enrollment server).
>
> <snip>
>
> > s15.2: I think some of these references are normative:
> > especially ietf-anima-reference-model,
>
> Definitely not, it's an informational document.
>
> Regards
> Brian
--
---
tte@cs.fau.de
- Re: [Gen-art] Gen-art LC Review of draft-ietf-ani… Toerless Eckert
- [Gen-art] Gen-art LC Review of draft-ietf-anima-a… Elwyn Davies
- Re: [Gen-art] Gen-art LC Review of draft-ietf-ani… Brian E Carpenter
- Re: [Gen-art] Gen-art LC Review of draft-ietf-ani… Toerless Eckert
- Re: [Gen-art] Gen-art LC Review of draft-ietf-ani… Elwyn Davies
- [Gen-art] Fwd: Re: Gen-art LC Review of draft-iet… Elwyn Davies
- Re: [Gen-art] Fwd: Re: Gen-art LC Review of? draf… Toerless Eckert
- Re: [Gen-art] Gen-art LC Review of? draft-ietf-an… Alissa Cooper
- Re: [Gen-art] [Anima] Gen-art LC Review of? draft… Brian E Carpenter
- Re: [Gen-art] [Anima] Gen-art LC Review of? draft… Toerless Eckert