IETF Logo Mail Archive

Re: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 25 July 2019 14:10 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3C6120296; Thu, 25 Jul 2019 07:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.488
X-Spam-Level:
X-Spam-Status: No, score=-0.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=1.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJ9sM8n44i2C; Thu, 25 Jul 2019 07:10:37 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 187821201DB; Thu, 25 Jul 2019 07:10:33 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id 31so51005907wrm.1; Thu, 25 Jul 2019 07:10:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6CKqMDz/s/T08Oh9/wY1FmblGfsL8pF6BW4fgA2FPi0=; b=iKtttHDnMhLfFDRM1Z5u8ozkQDWbe62bzB27UehlwUAhX+mji+KUnzpDoRavOQQqJ1 MXGYeeWpOM4YQcDCIXZFqwt3J26MqzoHDLLpfipfWoeN9VbCALDD3flMGXLBsBfZOT7l kWopdGPbIz3DjWtuWjwbGEQ8rQW6DqtL9LgYnntrewwGNEELGSFn2xzxhbDPOO+godMj t/FAuZjVzx9z+PJAUr/Np3ZYJG0MW0Iuqz5qJwnlm3Kf719QrZz3aJLm3ydbuwpgl7y6 hJgnmaN9eXZ+RQFOlXfqjdoXENmVB/kWZC38Las91OpJqbLUaLVepcrzYaDCcHNxR8vc PiYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6CKqMDz/s/T08Oh9/wY1FmblGfsL8pF6BW4fgA2FPi0=; b=rP7mtLBFCaxZ5zr+rRmM0QN98+/jSbY5x5Qap2n/Rf5DAoPGB87vhZldzGWKwoUTKN zbYF2DnqPnTv1EV1wadw5OSO1CCbeUDl8xJ3uXasPQJQHinCdLQqUmZ9xFMPXeOq2MJq 9Ur2D9MvcFPZ5AQ88/xOYXcTjzrjWOClX+Wrj6bDpFsQXP20+gfTLNVxqEVWOKnkjnj3 7rB7y8xhnQW+katkdGRWMI5d6IRBh3JV2liaZUTE6Ml+SyXFuwWqKmsmwF18G0t0Rn1l jwD8qI/hGkyptJWt9ZHGQRyGVYjRzuPGywzIhRPA65TiY8FzImtLhtXTrpvFAbtuOuDk 5lkw==
X-Gm-Message-State: APjAAAXkmMKtDOZeIQQ0yz76x0koUnGLLtDR+Np3NLJXfYjSzTsW89Ri AfZTFdQaT7Z1TP0Uwvv/S8+6vCp99uLDLlhI53U=
X-Google-Smtp-Source: APXvYqzy3NFQFurqM/kYnIjGEpMOFxa6A0RgJsyD+xUVZriFXc4Jb1LxMoOoh1uSJwH9107KhOaSqW6P1DsaWD25pxw=
X-Received: by 2002:adf:e790:: with SMTP id n16mr78577631wrm.120.1564063831083; Thu, 25 Jul 2019 07:10:31 -0700 (PDT)
MIME-Version: 1.0
References: <E650398F-D50C-486D-9717-90BA617BA0A1@cisco.com>
In-Reply-To: <E650398F-D50C-486D-9717-90BA617BA0A1@cisco.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 25 Jul 2019 10:09:50 -0400
Message-ID: <CAPK2DezLmpQtkWRd5aN2zWDSz=UZLjvbd1+tMW=gZ2HJHVGj3g@mail.gmail.com>
To: "Acee Lindem (acee)" <acee@cisco.com>
Cc: "draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org" <draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org>, "i2nsf-ads@ietf.org" <i2nsf-ads@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, YANG Doctors <yang-doctors@ietf.org>, skku_secu-brain_all@googlegroups.com
Content-Type: multipart/mixed; boundary="0000000000000ef0aa058e81fd53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/V1vsMiC86Zzecq2ykG_W1ke575k>
Subject: Re: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 14:10:44 -0000

Hi Acee,
Here is the revision letter for the revised draft, reflecting your comments
along with the revised draft:
https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-07

The following things have not been addressed yet due to the time limitation.
- The leveraging of the definitions in RFC 8519 for packet matching.
- The factoring of common types and identities into a common I2NSF types
module.

These two will be reflected in the next revision.

If you have further comments and questions, please let me know.

Thanks.

Best Regards,
Paul

On Sat, Jun 22, 2019 at 2:03 PM Acee Lindem (acee) <acee@cisco.com> wrote:

> I have reviewed this document as part of the YANG doctors directorate's
>
> ongoing effort to review all IETF documents being processed by the IESG.
> These
>
> comments were written with the intent of improving the operational aspects
> of the
>
> IETF drafts. Comments that are not addressed in last call may be included
> in AD reviews
>
> during the IESG review.  Document editors and WG chairs should treat these
> comments
>
> just like any other early review comments.
>
>
>
>
>
> Document: draft-ietf-i2nsf-nsf-facing-interface-dm-06
>
> Reviewer: Acee Lindem
>
> Review Date: June 22, 2019
>
> Review Type: Working Group Last Call
>
> Intended Status: Standards Track
>
> Summary: Needs to go back to Working Group for rework and another WGLC
>
>
>
> Modules: "ietf-i2nsf-policy-rule-for-nsf@2019-06-12.yang"
>
>
>
> Tech Summary: The model defines different types of I2NSF security policy.
> Each
>
>                              is comprised of an event, a condition, and an
> action. There is
>
>                              significant overlap with other IETF models.
> Within I2NSF, there
>
>                              is repetition of definitions which needs to
> go into a common
>
>                              I2NSF types module.  Additionally, the data
> descriptions were
>
>                               were done quickly and never reviewed or
> edited. I believe
>
>                              it needs to go back to the working group for
> another revision and
>
>                              working group last call.
>
> .
>
>
>
> Major Comments:
>
>
>
>  1. Why don't you leverage the definitions in RFC 8519 for packet matching?
>
>     We don't need all this defined again.
>
>
>
>  2. Date and time are defined in RFC 6991. Why don't those suffice?
>
>
>
>  3. Refer to the intervals as "time-intervals" rather than "time-zones".
>
>     The term "time-zone" has a completely different connotation.
>
>
>
>  4. What the "acl-number"? Also, ACLs are named (RFC 8519). Also, why
>
>     define all the packet matching and then reference an ACL.
>
>
>
>  5. The descriptions are very awkwardly worded and in many cases simply
>
>     repeat the data node or identify description without hyphens. I
>
>     started trying to fix this but it was too much. I'll pass for on
>
>     for some examples. There are enough co-authors and contributors that
>
>     one would expect much better.
>
>
>
>  6. There is overlap of definitions with the I2NSF capabilities draft.
>
>     The common types and identities should be factored into a common
>
>     I2NSF types module.
>
>
>
>  7. The "Security Considerations" in section 8 do not conform to the
>
>     recommended template in
> https://trac.ietf.org/trac/ops/wiki/yang-security-
>
>     guidelines>
>
>
>
>
>
> Minor Comments:
>
>
>
>  1. Section 3.1 should reference RFC8340 rather than attempting to
>
>     include tree diagram formatting semantics.
>
>
>
>  2. "iiprfn" is a poor choice for default model prefix - I suggest
>
>     "nsfintf". It is only one character longer and actually is expands
>
>      to something meaningful.
>
>
>
>  3. RFC 2460 is obsoleted by RFC 8200.
>
>
>
>  4. RFC 791 is the wrong reference for IPv4 TOS. It should be RFC 1394.
>
>
>
>  5. What is the IGRP protocol? I'm familiar with EIGRP but not IGRP.
>
>
>
>  6. What is the skip protocol? Is this about skipping the check? If so,
>
>     why is it needed.
>
>
>
>  7. Reference for IPv6 ICMP should be RFC 2463.
>
>
>
>  8. Why do you include Photuris definitions? Nobody uses this.
>
>
>
>  9. Note that all the keys for all 'config true' lists must be
>
>     unique so your specification in the description as well as
>
>     'mandatory true' are redundant for the 'rules' list. This
>
>     mistake is in other lists as well.
>
>
>
> 10. What is 'during' time?
>
>
>
> 11. What is a "security-grp"? Is this a security-group?
>
>
>
> 12. The module prologue doesn't match the example in Appendix B of
>
>     RFC 8407.
>
>
>
> 13. There needs to be a good definition of absolute and periodic
>
>        time in the descriptions.
>
>
>
> 14. The References do not include all the RFCs referenced by YANG
>
>     model reference statements.
>
>
>
> Nits: Will send diff to authors and i2nsf chairs as example of review that
> should be done on YANG documents prior to sending to YANG doctors.
>
>
>
> Thanks,
> Acee
>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>


-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email