IETF Logo Mail Archive

Re: [I2nsf] Last Call: <draft-ietf-i2nsf-capability-data-model-08.txt> (I2NSF Capability YANG Data Model) to Proposed Standard

tom petch <daedulus@btconnect.com> Mon, 31 August 2020 10:05 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 602A63A11C5; Mon, 31 Aug 2020 03:05:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_ILLEGAL_IP=1.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kpaPew2edgtN; Mon, 31 Aug 2020 03:05:33 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00115.outbound.protection.outlook.com [40.107.0.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2AB63A11C1; Mon, 31 Aug 2020 03:05:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=arGgQ6lU6A36PXu75EM0CpCEx8wWWrmgO8RPrY+99cR2/kHCHT3YPDAtsISE1tLgGmshPF102PZZ6U8OvT9qP3Xz8o5jpAoQuX2KwqcQ3TDVAptD4RTtwVYWdZNFDeMfk3h1f+L7QFtcRFkzfJUTfhUqXRRTiVlnh4hAkvGPoTZPpnYuOy+VDt/D/8mpiUOVK8vRcn6ey/FrjpphJCBXcYVq7Dn0VgEUB9DAJhr6oJ3+2oF9TrNz+x2Xsj98VzmVifzMM751eCJ0QCKauSF0bcauJagwfDKmFbCh0/uIHaXN+a/ppw1aYLCJKNkSSBhvdxFjXOr+gUtSWBdUGXftRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MZkMQ6B5S2HCvrobqc0FeXNWJt3QVCYVkH3k2rw543g=; b=jXJehUPeCbMVI+JkWUJ/VK1o341/Q4IPq8rdFvqy1X8Ut7s5CPR4R60lIeI3x9nABE2Bl+WihidOaBXsrSk6+SJ7ZfSzPPdLHTKk8TLakMJi/lJnfYXVazjvdcyJBNSCO0fxf60+vkK6hHUeYdCE3YJA0l10BqxSCyvxi/1AWpfdFbP9715LCSvk28wDcrwCIMR/gmTJ3HxXUs42On/4QMmwABuuQYaqzX8dkkkNgnvZuqKfiHO1A7XLgjiKpUy5+qSHPMNr4HZDLMc9KcJ7FLoP5c4QWk6qzQ6D76mtE69Er7KCh03FS7D4K8hs3jSqkwlZgvw3Wcp8lWp4zifHkA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MZkMQ6B5S2HCvrobqc0FeXNWJt3QVCYVkH3k2rw543g=; b=gDJKgohlnVZaZxukyhMijWartcpKCBR1gg+tvkUOYqOOs0I1sjp/NTi40vj057/XqU8xtEfLc7WuQLsK4bTmcVtwlDVLNQ2XebVv3selO0GK3T3Gj01bbExbnrU8Wj+kG5xyCFB1Qw1XRs6H3yo+lO9mONg7O3hmu4VxladkXXM=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB4111.eurprd07.prod.outlook.com (2603:10a6:803:2c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.5; Mon, 31 Aug 2020 10:05:30 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::6165:9c1c:e5b1:15db%4]) with mapi id 15.20.3348.013; Mon, 31 Aug 2020 10:05:30 +0000
From: tom petch <daedulus@btconnect.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Cc: Last Call <last-call@ietf.org>, Roman Danyliw <rdd@cert.org>, i2nsf@ietf.org
Message-ID: <5F4CCB61.3070803@btconnect.com>
Date: Mon, 31 Aug 2020 11:05:21 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LNXP265CA0051.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5d::15) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from 255.255.255.255 (255.255.255.255) by LNXP265CA0051.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3326.20 via Frontend Transport; Mon, 31 Aug 2020 10:05:30 +0000
X-Priority: Normal
X-Originating-IP: [86.148.49.170]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9fb4b53c-205f-4d25-f246-08d84d95647e
X-MS-TrafficTypeDiagnostic: VI1PR07MB4111:
X-Microsoft-Antispam-PRVS: <VI1PR07MB41111A59313619636F202C10C6510@VI1PR07MB4111.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9F6GEcYAOgTszMJMBrIvgsap2kwxhDWVGJJ5X69YcK97OQghUoQpM44Mt2u0hIshR5WtF4P5ZKDhEC3+CeE23Z/97WbUjWqJNrlc6Ww7/64lzkaXppgk8J0+XHy1yevjyHSbbvZPTYdFMppnn8WY2Ol7vHOU72Q35kKhH0XdF/j1YICM0bQ22Kxh20wWH24Xa1N9nqRh46EMmJiOrkaZmKaVXL9A48SNs0Abyj3Qk1JxlPdfTTr3QACZ25S60GkqYMTDH7p6otdiq9p8RiaCTq37wlrWDArJSDfpgWlRhib1cX1gY3t9/Ovqiv1+DPLOAE+FC/ZdR8Rx9Ur0qjJ8udfzeo4ZYGjC/6eedCR9T/vfGPNfwCR/rrpL8FyqSTRf/i1B3nH7KQfbtfxYJVZYTA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(366004)(136003)(396003)(39860400002)(966005)(15188155005)(87266011)(2906002)(86362001)(53546011)(66556008)(66476007)(956004)(52116002)(16576012)(186003)(36756003)(66946007)(478600001)(5660300002)(33656002)(4326008)(16799955002)(2616005)(6666004)(83380400001)(54906003)(26005)(6916009)(6486002)(8936002)(8676002)(316002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: ljAq6b0SDli4u2cJLiWqNvE9QjmvlI4lV7QFJHL80YzRll7BzINNKpGgRar5+bTdY19jGx4pcVsBB3Xph8mFY7K/3bmZQQcwecR2ku5Lr5Lqz8JiRhGBtYam6XukUthX43+aFiIvZWL27jxRTy3f/ciErIRUi19F0QFGbFevVSC+4umXlGqmAJ18FRyoYdfQwXbm9QKNpR3AqZnYDzORjpaW6yqtmHzEus10xIHlsxspU3wTf3lYHY0CCAuJjqP8YLF2tdqOzBnZJzfvzwEjzl3m6DyF+BeczkXdUy7UgYhmjBd4hO7G7E672QS+LaPRZznV6D/c8M9A09pcNiBohmVMGDtsHg80S0yfLsOsHC7jFA8YNwyQkKiZBnZU6Ih1jNN+8r8a1/rxULLxFGeQdVo2gn3ur3TsZeeqo46eecJUNXj6xk+ZuNKipG3smnvdF/Wghs5qGTXPiRoWp4AyaWXw3Km8HiVAQr/wvmbgoOuYAWCLMTWFbLtzTcSayfhVIePZcSh1kY2GRWbi6C/YDIEetP/r3RpfgZGKN+sBujwxpwnLn3lCS7lR8kHX8KFsGzuazm8D3Y32+SUpNA5vBWWqNTff0QUWMTOdPHV5EZ2UPytZJkwq4qYmUYNBko+bYR3e79881n36xbgdAp9sjw==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9fb4b53c-205f-4d25-f246-08d84d95647e
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Aug 2020 10:05:30.6264 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 15ODek6Ogkbvj6cf2qUFoX5LIk0yydcNHfjEDSjrLhMNLIu68hxzYOnGz9nvGPKrJnLwIzPJ7Q6XjMecJx7vbw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4111
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/ZNFhb-wRJb9SxP4i0TQljgu89VE>
Subject: Re: [I2nsf] Last Call: <draft-ietf-i2nsf-capability-data-model-08.txt> (I2NSF Capability YANG Data Model) to Proposed Standard
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 10:05:36 -0000

Paul

Picking out two points and top posting them

RFC790 was obsoleted in 1982 and the information that was in it is now
kept up-to-date as part of the IANA website so what I am saying is that
I expect that  you will be asked to change the reference to refer to
that part of the  IANA website.  Yes, it is technically possible to
include a reference to RFC790 in an I-D but that does not mean it will 
be allowed-)

On RFC8174, that is the current standard for defining the rules about
using MUST, MAY, SHALL and such like in capitals in an I-D so if you
want to use those words in capitals with the sense defined in RFC8174
then you MUST(!) reference RFC8174. Looking more closely, I see no such
usage of these words in capitals in this I-D so you could remove the
section entirely but if you are REQUIRED to include such usage at a
later date, perhaps as a result of a review such as a security review,
then you will need to include the paragraph from RFC8174 and include
references to RFC2119 and RFC8174. So what you had  in -08 was invalid
and what you have in -09 is invalid but as it stands you could remove
section 2 entirely.

HTH

Tom Petch

----- Original Message -----
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Sent: Friday, August 28, 2020 7:19 PM


> Hi Tom,
> I have reflected your comments with the revised draft:
> https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-09
>
> I put my answers inline below.
>
> On Thu, Aug 27, 2020 at 6:29 PM tom petch <daedulus@btconnect.com>
wrote:
>
> >> Looking at the YANG:
> >>
> >> RFC4443 is referenced and so must be in the I-D References
>
>  => This RFC4443 is included in the Normative References.
>
> >>
> >> RFC790 is referenced but this is now online under IANA - you can
see the
> >>
> => This RFC790 is included in the Normative References with its URL.
>
>
> >> IANA reference in
> >>               draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
> >> but that I-D needs to add it to the I-D references as this one will
need
> >> to; I note that this announcement flags it as a downref but think
that
> >> that is misguided -  it needs replacing.
> >>
>  => Could you clarify this question?
>       I put the reference to
draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
> in the draft.
>
> >>
> >> IPsec is the correct spelling - there are some IPSec in YANG
> >> description clauses
> >>
>  => IPsec is used instead of IPSec.
>
> >>
> >> Figure 8
> >>     2.  The location of the NSF is 221.159.112.140.
> >> This address does not appear in the XML, nor is it an address
reserved
> >> for use in documentation AFAICT; in fact, I cannot see any
ipaddress
> >> anywhere in this I-D
> >>
>  => I put the following text for an actual IPv4 address for
documentation
>       in Appendix 5:
>
>      The IPv4 address of the NSF is assumed to be 192.0.2.11
[RFC5737].
>      Also, the IPv6 address of the NSF is assumed to be
2001:DB8:0:1::11
> [RFC3849].
>
>      ---
>      In addition, I added the XML examples of IPv6 as well as those of
IPv4
> in Appendix A
>      with Figure 5 and Figure 7.
>
>
> >>
> >> s.2 correctly cites RFC8174 but does not use the text prescribed
there.
> >>
>   => I removed RFC8174 from the draft.
>
> >>
> >>   ' identity system-event-capability'
> >> references system-alarm - system event would seem more apt. More
> >> generally, these references for identity could be more specific,
e.g
> >>    identity access-violation
> >> could reference 'access-violation ' rather than the more generic
'system
> >> event'
> >>
> >>   => I tried to improve the descriptions of the events and alarms
above.
>
>        Thanks for your valuable comments.
>
>        Best Regards,
>        Paul
>
>
> >> Tom Petch
> >>
> >>
> >> ----- Original Message -----
> >> From: "The IESG" <iesg-secretary@ietf.org>
> >> To: "IETF-Announce" <ietf-announce@ietf.org>
> >> Cc: <rdd@cert.org>; <i2nsf@ietf.org>;
> >> <draft-ietf-i2nsf-capability-data-model@ietf.org>;
> >> <i2nsf-chairs@ietf.org>; "Linda Dunbar" <dunbar.ll@gmail.com>
> >> Sent: Tuesday, August 25, 2020 6:59 PM
> >>
> >>>> The IESG has received a request from the Interface to Network
Security
> >>>> Functions WG (i2nsf) to consider the following document: - 'I2NSF
> >> Capability
> >>>> YANG Data Model'
> >>>>   <draft-ietf-i2nsf-capability-data-model-08.txt> as Proposed
Standard
> >>>>
> >>>> The IESG plans to make a decision in the next few weeks, and
solicits
> >> final
> >>>> comments on this action. Please send substantive comments to the
> >>>> last-call@ietf.org mailing lists by 2020-09-08. Exceptionally,
> >> comments may
> >>>> be sent to iesg@ietf.org instead. In either case, please retain
the
> >> beginning
> >>>> of the Subject line to allow automated sorting.
> >>>>
> >>>> Abstract
> >>>>
> >>>>
> >>>>    This document defines a YANG data model for the capabilities
of
> >>>>    various Network Security Functions (NSFs) in the Interface to
> >> Network
> >>>>    Security Functions (I2NSF) framework to centrally manage the
> >>>>    capabilities of the various NSFs.
> >>>>
> >>>> The file can be obtained via
> >>>>
> >>
https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/
> >>>>
> >>>>
> >>>> The following IPR Declarations may be related to this I-D:
> >>>>
> >>>>    https://datatracker.ietf.org/ipr/3556/
> >>>>    https://datatracker.ietf.org/ipr/3606/
> >>>>
> >>>> The document contains these normative downward references.
> >>>> See RFC 3967 for additional information:
> >>>>     rfc8329: Framework for Interface to Network Security
Functions
> >> (Informational - IETF stream)
> >>>>     rfc8192: Interface to Network Security Functions (I2NSF):
Problem
> >> Statement and Use Cases (Informational - IETF stream)
> >>>>     rfc790: Assigned numbers (Historic - Legacy stream)
> >>>>     rfc3444: On the Difference between Information Models and
Data
> >> Models (Informational - IETF stream)
> >>>>     draft-ietf-i2nsf-nsf-monitoring-data-model: I2NSF NSF
Monitoring
> >> YANG Data Model (None - IETF stream)
> >>>>
>
> -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor Department of Computer Science and Engineering
Sungkyunkwan University Office: +82-31-299-4957 Email:
jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage:
http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>
>
>

v2.23.0 | Report a Bug | By Email