[I2nsf] John Scudder's No Objection on draft-ietf-i2nsf-consumer-facing-interface-dm-27: (with COMMENT)
John Scudder via Datatracker <noreply@ietf.org> Thu, 06 April 2023 15:25 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: i2nsf@ietf.org
Delivered-To: i2nsf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F315C151B2D; Thu, 6 Apr 2023 08:25:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: John Scudder via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-i2nsf-consumer-facing-interface-dm@ietf.org, i2nsf-chairs@ietf.org, i2nsf@ietf.org, dunbar.ll@gmail.com, dunbar.ll@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.15.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: John Scudder <jgs@juniper.net>
Message-ID: <168079474518.16024.16402385599083557372@ietfa.amsl.com>
Date: Thu, 06 Apr 2023 08:25:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/rFdqSbP4VcbUK8KXIt1rf8zK5sI>
Subject: [I2nsf] John Scudder's No Objection on draft-ietf-i2nsf-consumer-facing-interface-dm-27: (with COMMENT)
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2023 15:25:45 -0000
John Scudder has entered the following ballot position for draft-ietf-i2nsf-consumer-facing-interface-dm-27: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # John Scudder, RTG AD, comments draft-ietf-i2nsf-consumer-facing-interface-dm-27 CC @jgscudder Thanks for this work. Since my expertise with YANG is rudimentary at best, my review was necessarily pretty limited. I did note a few things that seem underspecified or ambiguous, although for all I know some of my comments would be trivially answered by reference to the YANG module if I were better at reading it. For that reason, I haven't chosen to make any of these DISCUSSes, although otherwise I might have done so for the first comment. ## COMMENTS ### Section 3, Priority I don't see any explanation of what the semantics of "priority" are, other than the tautological definition given here (essentially, it says "the priority is the priority"). Is "priority" explained in one of the normative references? I did spend a little while looking and didn't find anything. If not, it seems as though its semantics need to be explained here. My guess is that rules are matched in priority order, with lower priorities being matched first, and that matching terminates after the first match occurs. I would also guess that order is undefined among rules with equal priorities. But none of this is stated, and I think it needs to be. There is also no example that uses 'priority' which might otherwise have helped (although the definition should be able to stand without reference to examples in any case). ### Section 3.1, what is a security event? This is a little bit of a nit perhaps, but based on a security event (i.e., system event and system alarm). Parsing the parenthetical closely, I would conclude that a security event is defined as the concatenation of both a system event and a system alarm, in other words, both must be present, which seems a little surprising. Maybe that's what you mean, or maybe you mean "or" instead of "and"? I might have been able to work this out for myself if an example were provided that used 'event', but unfortunately, there isn't one. ### Section 5.2, multiple instances I can't make out what this sentence means: "If multiple instances of content are defined, it should match all contents somewhere in the session stream." One problem is the disagreement in number -- "multiple instances of content" is plural, and "it" is singular. I wouldn't pick on the grammar nit, except the disagreement in number makes it hard for me to work out what the referent of "it" is. In general, I can't work out exactly what this paragraph is telling me to do. Maybe an implementor working in this area wouldn't have problems, but on the face of it, it seems like it should be made clearer. ### Section 6.1, time typedef I was a little surprised you had to typedef time and day for yourself, I would have imagined there would be some well-known base types for these you could reference... but see my disclaimer. :-/ But since you did define your own time, I am curious if you think the definition is clear enough. Your description says, "The time type represents an instance of time of zero-duration in the specified timezone that recurs every day."; It would seem desirable to provide a reference for the semantics instead of just relying on the reader to guess (through familiar usage, I suppose). Your regex looks close to, but not quite the same as, RFC 3339 §5.6's 'full-time'. The differences I can see offhand are that you don't permit lower-case 'z', you restrict the range on the time-offset to +/- 14:00 whereas 3339 looks to permit the full +/- 23:59 range, and you make the TZ optional. The latter point means your current description doesn't really cover the possible range of inputs. I presume UTC is the default if TZ isn't specified, but you don't state this, and it's not the only imaginable option, e.g. I suppose an implementor might choose to use the local time zone if you leave it to their imagination. ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments
- [I2nsf] John Scudder's No Objection on draft-ietf… John Scudder via Datatracker