[I2nsf] AD Review follow-up on draft-ietf-i2nsf-capability-data-model-20
Roman Danyliw <rdd@cert.org> Mon, 01 November 2021 21:10 UTC
Return-Path: <rdd@cert.org>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 292053A2FA2 for <i2nsf@ietfa.amsl.com>; Mon, 1 Nov 2021 14:10:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9rSnMliVGMZ for <i2nsf@ietfa.amsl.com>; Mon, 1 Nov 2021 14:09:58 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0118.outbound.protection.office365.us [23.103.209.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEE923A2F96 for <i2nsf@ietf.org>; Mon, 1 Nov 2021 14:09:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=hgd9CKev+P3BGSTSfGyd0nlBuS0Opnzq3r13zuxZdoJs7XCPloZx3/0chRaGs01TM/p/JwhTspurjIRca7kto2B3IvgfW1DvMeE7VGoZXfuWURB3B2D7nHbwOoHzaDZHob4nTzsWqGyXe+C2QwWtxovR2VQN2jJqtGmgxoD0f/g5nN/J3+tRjUGSIrBd74uls/r1FCq3xCEMxUd5Q/TBFzKBf126ZD7xHwC5UpHy1d3AZH2UMvDWTSVmawlXDY7GiofadaEWqnHTEfELlIBlphHMEm8llr69dRw0y2re/kGUMU6iw0150dLM/s2m42ve5ZOKaIkWRrVzywhyPXCJYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=munGFU11DYXa9Mfecu6Lm/Cvd86CATkahV9fAytTSHE=; b=D2ZsMNukYYYnTe/9HixJxDR+nXGsBfmqqiIC4E9vJ9nuCdIGR1ZA3PCA0+woFkieTKOAPXs5W2yFpxs9uUUG9p2MBcHtyKhAYeKNb0DPdr6tMQs3Q4U+rQP4hp5+lSrrjrVY5sKz7WinX/B1+47IC7LiNQLCDSNFZXhsDY9hjPHMOKiEv5M1nit0YWE9pQdBKtYoKcz8y36EG89KRbpnj8xmoFXQhJ676ZyKxJV8du/przBtUaD85cJpWu4SHrcGSh8zVs1RLhN1PKjrVR/1OzA3BBg2MQGncVoV1tTt6TkT9vjUQyWag8zE1y+QX5bu8waoqqLt95DOnB1EJpIjyw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=munGFU11DYXa9Mfecu6Lm/Cvd86CATkahV9fAytTSHE=; b=EJF1fzRk78y8v3LChfuRs6U4FLwBrwG6OJeec35nwmHwHCbzoJZ8oqTFHhI1cHGqa/n9POSpR+R4ms3CQ/kR40xnhLS4lGo1std5yDbbnCwEtxjAMrpoWC0yZibTo/3k+UMMbjcC/7W7PIxnClPxCbEY6TYm98UFBwxEqFqmM5M=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0804.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.13; Mon, 1 Nov 2021 21:09:49 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Mon, 1 Nov 2021 21:09:49 +0000
From: Roman Danyliw <rdd@cert.org>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: AD Review follow-up on draft-ietf-i2nsf-capability-data-model-20
Thread-Index: AdfPYy8Iks8vr6D0QgG0hj8Vig/f7Q==
Date: Mon, 01 Nov 2021 21:09:49 +0000
Message-ID: <BN1P110MB09395461B4E46679EE235EADDC8A9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3087b8c8-7951-4c90-b728-08d99d7bf0a9
x-ms-traffictypediagnostic: BN1P110MB0804:
x-microsoft-antispam-prvs: <BN1P110MB0804A5EF29AA4146D7C1A7C5DC8A9@BN1P110MB0804.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OIsbc3QWKlJzPY2RmfyLtHmklfnJtFQIJWylWTCCArVJZe6mBuz8ElyogNwNlVjAVvksQFeCA59zYX4FK46IxAg8Vf3LgHXAUN/ychpI7uCbxhGG4XBATiFFX8mSjnqw4Qlww12F8oJbAU4vqfHWrEvv/9CwX9EICiLDUepVts1gPud8okFafiMiRJagO0WdBceXDuzgWnWQFK30p9d6F5gBU9hoiZrqmA7mrGYswX2QrA2M7MIu3M467imvhoHoy2Eu0x4KIdcpkD4KhbY1G1glquum2wJv2KLr06eibETpe/29kVP9wnXxvzg2kuJ1h9xRiWOhH5dh57I3e2bxkDQlliWXFB+qN9P8HuRlx/5wvyR1QR1KJC3LVkxpwXxDlKx/3e0wUObuvth1rPe/sbKVpaGjWR1All6cnvgER4qgMa46+qXPa7nwYX0iCabSjx7XH6PzJBWaCcDwRrbG2A4OnQf+9iy1xEjrRTa97OzFJZ/nd6Zbix4DL39Qe6UZM1L62SkgegHMZcBGWjzaop+w0c123Ra27OnVAEGUsZDv96pC4ws7Ghzn4Ei6cqQISy9kznMWsvPvHTY88qdWt2Ns3DFvK8Nl75UPzLLj7h1mGQiRzwdC7tjEQI7I5pyUBAmAaKn2Nz3Br/PlkKzQpO7oK1qiJL/sr3kAaEa1CSow/h1/2p0upZCfNcDNvvRjCRZvpsCCmyQoofvGN7cClA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(52536014)(38070700005)(64756008)(6506007)(2906002)(82960400001)(71200400001)(66476007)(186003)(66556008)(66446008)(9686003)(33656002)(8676002)(6916009)(55016002)(8936002)(5660300002)(66946007)(122000001)(38100700002)(26005)(83380400001)(86362001)(7696005)(498600001)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7ZHpy8q40ebSbhXFFFJFgMVV5z/yDQZoBflqkxSAIBNOzRPXm+/+z1XwknkX+hPOgfE5e2WInvoqzG0TjsSBD61u7XSIOxZWW0koY9cabE5aQpHYJi4b/Ejg5WThAM4hw/AmQyIzunB7Qls/obDclRv0KYOipr2PDK+x3XwjA3pqYjFI83JP3Bb9pBdFSFbhqGlz/uvVGB3ZWwbBVHbi8dxJKs6d+HrHFYXULwH7Kgvw2lzwwwx9ueHSjaXs6021BbIQJ0PpNNear7OuwqcsMTPYFOBxtKsDqd4FCLcd84rzlKi5bJSWJHtjWzRbTqS29W1P9e5391IrnKPz+0/DhBxXH3iA6hK6KRkwvnCkpW0SFUuifRdcNTXJgfnGi5qzKuJa9CEbOrznejNLsGe9wvHxHZMY2VO0tsGOGhF7tyOq7FdyoP0qAvR44Z+Naba2Y7AfGET/62jicDF6c94h5i+Eou8koPcGpjqNn0SayUqFLEWccS46G411I7vYI2ahbCSLg2ISq4iA8HVO6HpqQs40TFKwIC7nF3FHUPJ7WHQpjXNfkPWNFpUslOqxNfnn7QytjO4fsRwdfngxWw/Mu+y3nkq+HeirvnzwImqxpSdRNWPl8YfIsnxkHh05AP11fX/WpOGqwYDvxbXBGYsXIyqSKoikH1gTKym72ID2yi8mO6o7K0w6sP9BmNz/7fmV/1WOInMo3f+T/2dsM8EQWO0WJAF5VbR5dzmA0OWuB5w=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3087b8c8-7951-4c90-b728-08d99d7bf0a9
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2021 21:09:49.3118 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0804
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/O06Yf_HCJhA9dvdHJQM1Ae5l22o>
Subject: [I2nsf] AD Review follow-up on draft-ietf-i2nsf-capability-data-model-20
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 21:10:03 -0000
Hi! Thanks for all of the work on draft versions -17 to -20. To make thing easier to track, I'm starting a new thread on the -20 version of the document to comment on my AD review of -16 (https://mailarchive.ietf.org/arch/msg/i2nsf/BJ4GUttBVZRvHGm3m2_bEycNQWI/) and the changes made to address the IESG review in September 2020 (https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/ballot/). Unless otherwise mentioned below, please consider any feedback as resolved: ** Section 1. We've polished this sentence a bit. Recommend: OLD Note that this YANG data model constructs the structure of the NSF Monitoring Interface YANG data model [I-D.ietf-i2nsf-nsf-monitoring-data-model] and the NSF-Facing Interface YANG Data Model [I-D.ietf-i2nsf-nsf-facing-interface-dm]. NEW Note that this YANG data model forms the basis of the NSF Monitoring Interface YANG data model [I-D.ietf-i2nsf-nsf-monitoring-data-model] and the NSF-Facing Interface YANG Data Model [I-D.ietf-i2nsf-nsf-facing-interface-dm]. ** Section 8. This YANG module specifies the capabilities for NSFs. Some of the capabilities in this document MAY require highly sensitive private data to operate properly. The usage of such capability MUST be reported to the users and permitted before using the private information related to the capability. Using any of the capabilities that require private data MUST preserve the privacy by preventing any leakage or unauthorized disclosure of the private data. I appreciate the inclusion of this new section in response to the original IESG telechat (per Ben Kaduk's discuss position). The current text is right in spirit, but I see the use of all of this normative language as risky. It will likely invite the need for further clarifying text which will be difficult (and unnecessary) to produce. Consider the following alternative to the above. NEW This YANG module specifies the capabilities of NSFs. These capabilities are consistent with the diverse set of network security function in common use in enterprise security operations. The configuration of the capabilities may entail privacy sensitive information as explicitly outlines in Section 9. The NSFs implementing these capabilities may inspect, alter or drop user traffic; and be capable of attributing user traffic to individual users. Due to the sensitivity of these capabilities, notice must be provided to and consent must be received from the users of the network. Additionally, the collected data and associated infrastructure must be secured to prevent the leakage or unauthorized disclosure of this private data. ** References -- RFC8805 should be a normative reference -- idnits says: Obsolete normative reference: RFC 3501 (Obsoleted by RFC 9051) -- (needs to be done before the IESG review) Can the shepherd write-up please be updated to reflect that there is a downref with RFC8805 Regards, Roman
- [I2nsf] AD Review follow-up on draft-ietf-i2nsf-c… Roman Danyliw
- Re: [I2nsf] AD Review follow-up on draft-ietf-i2n… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] AD Review follow-up on draft-ietf-i2n… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] AD Review follow-up on draft-ietf-i2n… Roman Danyliw