Re: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04

Linda Dunbar <dunbar.ll@gmail.com> Tue, 21 May 2019 22:06 UTC

Return-Path: <dunbar.ll@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C25D120096; Tue, 21 May 2019 15:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P9xEV6mbGHEC; Tue, 21 May 2019 15:06:31 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D876120086; Tue, 21 May 2019 15:06:30 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id b8so560604edm.11; Tue, 21 May 2019 15:06:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c9bZfPWArJfhNSyxMbGTgfXxNX+GXDj5sXZkLilGk64=; b=S4Cs3RGPUNL8XV4SqVwtWG3e4ksvAKLiULGuk7hJ6l3O4vxgPmD0TY2K5b2oLOyScL iHYeJzBVuirNuIBvL+njGvoMxD69fCdwM30V75q7cvXreuaT1YyTn/dUf+hW6p9+VsU/ QWHOgnognFqAVjvMBLGexC1FrNvRGWX1OAF/+sLUxolIX47/lo4DIdsPlbdDwsIWUKsK md/0P2ifxTVzEIBqn9ctmZpKsHERqb+I1ATP77AIc+xvFkA8CIRdr47vhE4zXtAFS7Xq 9kaLOapjMXpX+ylk7l6NmoH635DkQU2Vy/7DtEheBi5ZTA6S0T+ruRaZ5uFbCBnC3YKS BWGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c9bZfPWArJfhNSyxMbGTgfXxNX+GXDj5sXZkLilGk64=; b=imjgWbcwFgfGwLEfew+eenjknB3XSCYc+TyyKNl3bo00q2EsAwyfkwohOLeoTdURcE RGBFuDNFrHRB1RWV9uyDhJjSpICiMu978n1l0EQPfwGMwGVt39o2VpBi6x2zVX7sqcnb WinzjOlHA39v+SJTXwNlNrCBr1ncnop/ikpiDH8DY4fELziC9V3ZaoVegohSKocYdtww C7PHiT2GAKF7mrFrQqHBi6+ZcBxLv8FiNWLXAEMn8cuQwjn6z7TlKKjr4GgATVcQBmsP 2/JjFSvG93+evfr3ZNNrWH+tPUo4Gd5rbJmgB0bD1SGFju761Zogp2TNqxejzNGw08Fj Tfzw==
X-Gm-Message-State: APjAAAU86Cc8RsHYf5QQf+Br5sgqbVbQa7JxFG454Uul/SPW64Bqwio8 /lrb9lHnyoGq0INv/lTYLZTTSiRjZLmPJzFhI2o=
X-Google-Smtp-Source: APXvYqxOpzi2W5MkkqhLKCX5Ln4tPFyQlmyHEPWrUw7HF+ldy970WaRkgjqAOUD3Nf9KHnkzkqcqB7diWIZbXWvoH7M=
X-Received: by 2002:a17:906:73cb:: with SMTP id n11mr27880123ejl.134.1558476388917; Tue, 21 May 2019 15:06:28 -0700 (PDT)
MIME-Version: 1.0
References: <4A95BA014132FF49AE685FAB4B9F17F66B3869DE@sjceml521-mbs.china.huawei.com> <7579E254-EA40-4078-B1C6-26167899D72C@um.es> <4A95BA014132FF49AE685FAB4B9F17F66B3D446D@sjceml521-mbs.china.huawei.com> <78138CE9-9087-41CA-B84F-D83436D5396B@um.es> <4A95BA014132FF49AE685FAB4B9F17F66B3DCD63@sjceml521-mbs.china.huawei.com> <AB29FD98-C0C1-44E7-8D41-D6BAEF6A3162@um.es>
In-Reply-To: <AB29FD98-C0C1-44E7-8D41-D6BAEF6A3162@um.es>
From: Linda Dunbar <dunbar.ll@gmail.com>
Date: Tue, 21 May 2019 17:06:16 -0500
Message-ID: <CAP_bo1bPP=7CghZ6KBMH3JPkm6LDo1KZJVd4p5twxAiJPC=G8g@mail.gmail.com>
To: Rafa Marin-Lopez <rafa@um.es>
Cc: Linda Dunbar <linda.dunbar@huawei.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, Gabriel Lopez <gabilm@um.es>, Yoav Nir <ynir.ietf@gmail.com>, "fernando.pereniguez@cud.upct.es" <fernando.pereniguez@cud.upct.es>, "i2nsf-chairs@ietf.org" <i2nsf-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008d67a405896d0f3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/gVctQYH1WlY6IeA9YXoTG91Kqys>
Subject: Re: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 22:06:35 -0000

Rafa and Gabriel:

How about reference the module ietf-access-control-list specified in
RFC8519 to avoid enumerating all the L4 protocols listed in IANA?

The Module ietf-access-control-list specified in RFC8519 only list TCP and
UDP and have ICMP defined using Type/Code (both uint8).

Maybe import the "grouping acl-icmp-header-fields", and augment the L4
protocol values that are not specified by the RFC8519?

Many protocols values listed in *https://www.iana.org/*
assignments/protocol-numbers/protocol-numbers.xhtml
<https://www.iana.org/assignments/protocol-numbers/protocol-numbers..xhtml> are
obsolete. There is no reason to enumerate them in your draft.

My two cents.

Linda


On Tue, May 21, 2019 at 3:02 AM Rafa Marin-Lopez <rafa@um.es>; wrote:

> Hi Linda:
>
> In order to see whether we are in the same page here I would like to ask a
> question.
>
> What Yoav and Paul (and us) suggested was something as simple as this one:
>
> typedef ike-integrity-algorithm-t
>
> {
> type uint32;
> description
> “The acceptable numbers are defined in IANA Registry - Internet
> Key Exchange Version 2 (IKEv2) Parameters - IKEv2  Transform Type 1 -
> Encryption Algorithm Transform IDs";
> }
>
> Following this approach we can solve easily Paul Wouters’ comment by
> replacing this with (for example):
>
> *Option 1)*
>
> typedef ipsec-upper-layer-proto {
>           type uint8;
> description “ The IPsec protection can be applied to specific IP
> traffic and layer 4 traffic (TCP, UDP, SCTP...) or
> ANY protocol in the IP packet payload.”;
> reference “IANA Registry Protocol Numbers”;
> }
>
>
> However if we have to include a type enumeration with one enum and the
> value in the IANA registry per enum we would have something like (in my
> opinion more complex)
>
> *Option 2)*
>
> typedef ipsec-upper-layer-proto {
>        type union {
>            type uint8;
>            type enumeration {
>                enum ICMP {
>                    value 1;
>                }
>                enum IGMP {
>                    value 2;
>                }
>                …
> *//And this enum per each value in
> https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
> <https://www.iana.org/assignments/protocol-numbers/protocol-numbers..xhtml>*
>            }
>        }
>    }
>
>
> So what option (1 or 2) are you referring to?
>
> Best Regards.
>
> El 17 may 2019, a las 17:39, Linda Dunbar <linda.dunbar@huawei.com>;
> escribió:
>
> Rafa,
>
> With regard to Paul Wouters’ related comment that would imply include
> every number from the IANA protocol registry:  "I think you mean what I
> would call the "inner protocol" so that it is every number from the IANA
> protocol registry.”
>
> I suggest we follow the IETF practices for YANG models:
> There are many YANG models RFCs literally listed the names of the data
> types defined by other RFCs. For example: draft-ietf-teas-yang-te-types-09
> which I just reviewed as a Gen-Art Directorate.
> None of those values are registered to IANA
>
> Those IETF practices tell us that it is not necessary to register those
> values registered to IANA.
> So I suggest you take the “reasonable approach proposed by Yoav (Paul
> Wouters agreed) and we are agreed”.
>
> There are also many YANG Model RFCs literally list down the protocol
> values registered in IANA (for example, use “Identity ...” to specify the
> value).
>
> By the way, if you do want to register to IANA, you can send the following
> request which can be easily done.
>
> https://www.iana.org/form/protocol-assignment
>
>
> Cheers,
>
> Linda
>
>
> *From:* Rafa Marin Lopez [mailto:rafa@um.es <rafa@um.es>]
> *Sent:* Friday, May 17, 2019 4:19 AM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>;
> *Cc:* Rafa Marin Lopez <rafa@um.es>;; Yoav Nir <ynir.ietf@gmail.com>;;
> i2nsf-chairs@ietf.org; Gabriel Lopez <gabilm@um.es>;;
> fernando.pereniguez@cud.upct.es
> *Subject:* Re: [I2nsf] WGLC and IPR poll for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
>
> Dear Linda, Yoav:
>
> Sorry for the delay in our answer (very busy weeks)
>
> The update is taking longer as expected for several reasons: 1) we have to
> add and extend many descriptions we have. 2) Moreover Paul Wouters' second
> review (we are preparing an e-mail for him as well) is long, deserves
> attention and implies to applies changes.
>
> Finally, 3) it is important to note that, under our point of view, there
> is no final resolution about what to do with the IANA Registry values
> related with crypto algorithms. In fact, there is a Paul Wouters’ related
> comment that would imply include every number from the IANA protocol
> registry:  "I think you mean what I would call the "inner protocol" so that
> it is every number from the IANA protocol registry.”
>
> Depending on the resolution of the IANA Registry part , it may imply to
> add each value in the IANA protocol registry. For us, this is pointless. We
> think the reasonable approach was proposed by Yoav (Paul Wouters agreed)
> and we are agreed. The only review we have received from the YANG doctor
> does not mention anything about this.
>
> Our hope is to have the updated version, assuming 3) takes a “reasonable”
> solution, at the end of this month (May)
>
> Best Regards.
>
>
>
> El 15 may 2019, a las 18:30, Linda Dunbar <linda.dunbar@huawei.com>;
> escribió:
>
> Rafa,
>
> Will you upload the revised draft soon? We would like to close the WGLC
> for this draft.
>
> Thanks, Linda
>
> *From:* Linda Dunbar
> *Sent:* Thursday, April 18, 2019 9:14 AM
> *To:* 'Rafa Marin-Lopez' <rafa@um.es>;; Yoav Nir <ynir.ietf@gmail.com>;;
> i2nsf-chairs@ietf.org
> *Cc:* Gabriel Lopez <gabilm@um.es>;; fernando.pereniguez@cud.upct.es
> *Subject:* RE: [I2nsf] WGLC and IPR poll for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
>
> Rafa, et al,
>
> Yes, please have the revision to address the comments from YANG doctors.
>
> Linda
>
> *From:* Rafa Marin-Lopez [mailto:rafa@um.es <rafa@um.es>]
> *Sent:* Thursday, April 18, 2019 1:56 AM
> *To:* Linda Dunbar <linda.dunbar@huawei.com>;; Yoav Nir <
> ynir.ietf@gmail.com>;; i2nsf-chairs@ietf.org
> *Cc:* Rafa Marin-Lopez <rafa@um.es>;; Gabriel Lopez <gabilm@um.es>;;
> fernando.pereniguez@cud.upct.es
> *Subject:* Fwd: [I2nsf] WGLC and IPR poll for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
>
> Dear Linda:
>
> Just a short comment. In a previous e-mail, we thought we agreed that we
> would prepare version 05 *before* the beginning of the WGLC. At least that
> was your positive answer to our question.
>
> In any case, I guess we can still prepare version 05 with pending comments
> we received from the last IETF and another aspects we have observed in the
> model, including YANG doctors’ comments. Correct?
>
> Best Regards
>
>
>
>
> Inicio del mensaje reenviado:
>
> *De: *Linda Dunbar <linda.dunbar@huawei.com>;
> *Asunto: [I2nsf] WGLC and IPR poll for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04*
> *Fecha: *17 de abril de 2019, 16:54:13 CEST
> *Para: *"i2nsf@ietf.org"; <i2nsf@ietf.org>;
>
> Hello Working Group,
>
> This email starts a four weeks Working Group Last Call on
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.
> This poll runs until May 15, 2019.
>
> Authors: please update the draft per the comments and suggestions from
> YANG Doctors.
>
> We are also polling for knowledge of any undisclosed IPR that applies to
> this Document, to ensure that IPR has been disclosed in compliance with
> IETF IPR rules (see RFCs 3979, 4879, 3669 and 5378 for more details).
> If you are listed as an Author or a Contributor of this Document please
> respond to this email and indicate whether or not you are aware of any
> relevant undisclosed IPR. The Document won't progress without answers from
> all the Authors and Contributors.
>
> If you are not listed as an Author or a Contributor, then please
> explicitly respond only if you are aware of any IPR that has not yet been
> disclosed in conformance with IETF rules.
>
>
> Thank you.
>
> Yoav & Linda
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
> -------------------------------------------------------
> Rafa Marin-Lopez, PhD
> Dept. Information and Communications Engineering (DIIC)
> Faculty of Computer Science-University of Murcia
> 30100 Murcia - Spain
> Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es <rafa@um.es>;
> -------------------------------------------------------
>
>
>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>