[I2nsf] Last Call: <draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt> (Software-Defined Networking (SDN)-based IPsec Flow Protection) to Proposed Standard
tom petch <daedulus@btconnect.com> Tue, 25 August 2020 10:22 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994EA3A0C1E; Tue, 25 Aug 2020 03:22:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPXIt2s6qV_U; Tue, 25 Aug 2020 03:22:46 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70108.outbound.protection.outlook.com [40.107.7.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5481C3A0C1D; Tue, 25 Aug 2020 03:22:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RUvvmljTu9hIz9CHuB7U/iZ6llfpqchiuieF/eYAYTN3t75FDrQtVQh9DLUR/mXovBdT5y4j9BiqrkybuA+ZAkI4x1Rt7ZzYA1d3Gvr03sVwE4kjG5Gva8eI3YxqWqrADa2nmr9RPmkAz5R3LixeUh5RSANCZFYOmKfQIs4mL4v5Ry4pU0Qpdd9O43cLkPJWdXVPV2SoMCwJGBqoVvWZIJLGW8uGPK26IPEEJFAAQNNEIWUeZ70E3S8KYISWwiJFBTwtnXpi/tF1wYygM0EUsepwBF6gTb35Om0oTlDcrvAh0vWrO0Br0hhnivncS74TZmni/eihOIMykPVnkjn9ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q+1wL0zByJqb/uh2lEYsX1gXS8pkn34V9aVSRIf3nS4=; b=QWt10SOS45/ZjOIKDAjLtDVWYYOA+S0jGuV2xs1Ij34Dptd/JMPbM7OLnm62uj+WbusMXucFFlC8W5Bmeu6l7D+zDw5lrUAYcXKnxKeM3vgdeWsuFjx1wa50cDtlnrtJ7Y1KFoPqTMBlpmLA7IYyH+1SwSgfq5VciHMHaKyi7wMZyNw3KIe1/RidiUnNqOSNdCJbliZBB5x7ztHcsvSk14LzAKvwr7mVVYFxKFG1v0w8y3Kxiv5n+3eGNIhW6mHq3As3/2vPJNacDfrPmpEdlslW8pC9O3elMzdFW6O5H8yhj5ghmF3/roIrYvYvww57JDPfwSWw0cMrcRY0ZMJ0jQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q+1wL0zByJqb/uh2lEYsX1gXS8pkn34V9aVSRIf3nS4=; b=SUOzJVAhJ3/6okAJFhgC0xQYBJQRcXB7Ul/fbrRNMigkMeaqvk0Wv6JwAJr6xpJFKUgKfPTsgHh10RahNEIqlO3RrHYUn/wHlV8lUHI3a+QpnIYDszqIhLm9MvYkvzWoQrKX5IkY8AcOilBKfCgVVxi0nXdUDkIO25vUgCEJdNU=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB4191.eurprd07.prod.outlook.com (2603:10a6:802:66::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.10; Tue, 25 Aug 2020 10:22:40 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db%4]) with mapi id 15.20.3326.017; Tue, 25 Aug 2020 10:22:40 +0000
From: tom petch <daedulus@btconnect.com>
To: LAST-CALL@ietf.org
Cc: i2nsf@ietf.org, rdd@cert.org, draft-ietf-i2nsf-sdn-ipsec-flow-protection@ietf.org, i2nsf-chairs@ietf.org, ipsec@ietf.org
Message-ID: <5F44E66D.6080408@btconnect.com>
Date: Tue, 25 Aug 2020 11:22:37 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO2P265CA0360.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:d::36) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.148.49.170) by LO2P265CA0360.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:d::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3305.25 via Frontend Transport; Tue, 25 Aug 2020 10:22:39 +0000
X-Originating-IP: [86.148.49.170]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 69bfb05e-9e60-489d-f105-08d848e0cbc5
X-MS-TrafficTypeDiagnostic: VI1PR07MB4191:
X-Microsoft-Antispam-PRVS: <VI1PR07MB419180DF3ADA73ACF4C7C3F5C6570@VI1PR07MB4191.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:5236;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: tVkyJipd6sMEeiUj5NGwZQvndIS39EFI4nsUqgd6N9lMDYlvNoIUQkMMzv+QzxsUgp4EIkxD3gxK/iVD++CH58FpfGHT1Nk2CsE/SQr/OX8Z2Lvv8JpawVQc9Fl5mcbnuMEy90lhWapsIBkGfDWQckvPlp1HRtkSLAEkg/yUIAOW391fD7O/VEJU4+AdDZF+SgTi2tW3a/7vCeMXOEdNmVLNQin5j2+UsqyWcyO9uIik5IkxISwSD/JDVrUEgLe9H+Uwdge/Hx7HP4WZtz2WfOoAsJyZxiPdH2NcX8wWOzcIs5K0v4JKR+khmJfAttSqufewC7zK4svfcKp+PauwNcH7rv16Oox4OdKbuZbUI22whbRtlNpr/lbMPVP9kmhH3gpjD803wNtFLty+azYH6w==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(136003)(346002)(376002)(39860400002)(52116002)(16576012)(478600001)(4326008)(2906002)(966005)(33656002)(8936002)(8676002)(66574015)(6486002)(86362001)(956004)(26005)(2616005)(186003)(5660300002)(36756003)(87266011)(316002)(83380400001)(66476007)(66946007)(66556008)(16526019)(6916009); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: 4kq3jj4HJgN0di8OruS0P+PVtK6+dBs4lpAQFWAOHpZNWjRZw5DYvhLF3LZz0J8TthehLJrhtniY/5N15OecijGGOThy2WqtZ9wmmxGOzlmq80s42ePpWOhfKH3j6ibQE8upiM0fD4OmaNqeZmsEvZPejH3PwID8IRZjw68LZF2xnzfOUm3+tJVM50oh2FStf0i2amkWg3Jtyq/3A9xiZNQhoEMAt4tsFjSXBrcQ4mYjNIJ1xI8RPtfHBCE0uTAmr/6Td0TG3kkAd9gel18bOee0do4f7CCUnDeYUWWUjBTmwzcxFKFlEuuS9Dv+77/u4GxPLodpyc2akgcNGuc0xFA2UdUtCExlt62HosLHWtQTvpYnl90EcvS1yVYzvsg8dCqF2+ez7chO4SU/W7difNpFv6Mdhm5xPKqbUedlONznH685fNV2Lkv5rOrX0SGz7OI+db1EPCiuMkpCXr4qB5oAcdhHIixDQ8JvbTDo1vLfBVrSJrYRUutyBlUfUx1QpHla7AhmXJZLaLkDQoSf6MBme0/dkZdr13/V1Z/9M1UZWMkhw8TZ7ytDGX8adAqGaWEV1HSjORkPTfMzG1GMXxV3YYDGda5LO1lHVYaXuUGHHIWaZq/Jj21YvnaGDeql959vycoinm6dWxMdZwQIlg==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 69bfb05e-9e60-489d-f105-08d848e0cbc5
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Aug 2020 10:22:40.3109 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4tON04vl9pCz0siuCwXiRpRL1DqRIGllb1xEO9mcXgp/3RObx29Tu6KAMprvi2XsQlR0uBhsqwrHHYrviKkr3g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4191
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/NQVg3k-kkZ-1uFDW0cqrL5H7JJo>
Subject: [I2nsf] Last Call: <draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt> (Software-Defined Networking (SDN)-based IPsec Flow Protection) to Proposed Standard
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2020 10:22:50 -0000
Looking at the YANG module from a different perspective from that of a YANG Doctor or a IPsec WG Chair, there is quite a lot of editing needed. '2019' appears 10 times and I suspect most should be 2020; one is an import by revision which is uncommon because of potential, future, compatibility problems. Conventionally, Appendices are Informative and YANG modules are Normative so if you want the modules to be Normative,I suggest adding to Appendices A, B, C 'This Appendix is Normative.' YANG is version 1.1 so RFC7950 is required. I suggest adding [RFC7950] to YANG in the Introduction. For IANA considerations, RFC6020 is the better reference. NMDA[RFC8342] conformance should be stated as appropriate YANG'import' need a reference; I see five without Tree Diagrams need explaining - RFC8340 does that 'revision' should be 'Initial version' at this stage with a reference to this I-D's title Lots of references - good - but they need to appear in the I-D References, mostly, probably, Normative. I see no I-D Reference for 822 - ood 2821? 2247 - 3280 - ood 5280? 3947 - 4303 - 5280 - 5915 - 7383 - 7427 - 7619 - 8017 - 8174 - 8221 - X.690 I-D Common YANG Data Types for Cryptography IANA Registry Internet Key Exchange Version 2 Parameters IANA Registry- Transform Type 1 IANA Registry- Transform Type 3 IANA Registry Protocol Numbers and they will each need a reference from the body of the I-D such as 'The YANG modules make reference to [RFC2247], .... I note that RFC822 and RFC3280 are Obsoleted which makes their use problematic. s.8.3 /The YANG module/The YANG modules/ IANA Considerations The Registrant contact is usually the IESG The prefix registered for ipsec-common is not the same as appears in Appendix A For the Web address, it is unusual to have '/about' grouping port-range with a range, it is usual to specify how a single address is specified, e.g. the absence of 'end' or 'start'='end' and for a YANG must to require end>start or end>=start as appropriate. The use of key 'start end' implies that 'start' and 'end' must both be present. Tom Petch The IESG has received a request from the Interface to Network Security Functions WG (i2nsf) to consider the following document: - 'Software-Defined Networking (SDN)-based IPsec Flow Protection' <draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2020-09-04. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an I2NSF Controller. It considers two main well-known scenarios in IPsec: (i) gateway-to- gateway and (ii) host-to-host. The service described in this document allows the configuration and monitoring of IPsec information from a I2NSF Controller to one or several flow-based Network Security Function (NSF) that implement IPsec to protect data traffic. The document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuration and state data required to allow the I2NSF Controller to configure the IPsec databases (SPD, SAD, PAD) and IKEv2 to establish IPsec Security Associations with a reduced intervention of the network administrator. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-protection/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce .
- [I2nsf] Last Call: <draft-ietf-i2nsf-sdn-ipsec-fl… tom petch
- Re: [I2nsf] Last Call: <draft-ietf-i2nsf-sdn-ipse… Fernando Pereñíguez García
- Re: [I2nsf] [IPsec] Last Call: <draft-ietf-i2nsf-… Tero Kivinen
- Re: [I2nsf] [IPsec] Last Call: <draft-ietf-i2nsf-… Fernando Pereñíguez García
- Re: [I2nsf] [IPsec] Last Call: <draft-ietf-i2nsf-… tom petch
- Re: [I2nsf] [IPsec] Last Call: <draft-ietf-i2nsf-… Fernando Pereñíguez García