Re: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06
"Acee Lindem (acee)" <acee@cisco.com> Mon, 25 November 2019 18:49 UTC
Return-Path: <acee@cisco.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24EF6120C2E; Mon, 25 Nov 2019 10:49:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JvHhKZYb; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mafpeLTi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHWUle4uerkA; Mon, 25 Nov 2019 10:48:57 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9093B120908; Mon, 25 Nov 2019 10:48:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=50761; q=dns/txt; s=iport; t=1574707736; x=1575917336; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=PBtB6OFfYHoAeVqz3msZPzCN1NweDrps/x01PlZ6NwU=; b=JvHhKZYbVdGXHhkRrPjw3ENXWfEHHMLIPkCKs/0u37CSYjrTrMMTIT13 MNSHOBVCx6bUHeoaUt8+h4FL4ZsJmiW4+k5TR3rxK6L6loMi2X4MGZIS6 tktAC1ktpiy0lxlP5s7nUbE426XFoFaMRbgX1bl9oE5kpqoMHYT2VGqAv 0=;
IronPort-PHdr: 9a23:ZS1uPBBenDdJqQ0xR4TGUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qgw3kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMdRXUgMdz8AfngguGsmAXETwIfPCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AMBAAbIdxd/5FdJa1LEAoaAQEBAQEBAQEBAwEBAQERAQEBAgIBAQEBgX6BHC8pJwVsWCAECyqEK4NGA4pvgl+JW44pgUKBEANQBAkBAQEMAQEYAQ4GAgEBgUyBPoE2AheCFyQ4EwIDDQEBBAEBAQIBBQRthTcMhVIBAQEBAwEBEBEdAQEsCwENAgIBCBEDAQIhAQIEAwICAhQLBgsUCQgCBA4FIoI1SwGBeU0DLgECDDqmMgKBOIhgdYEygn4BAQWBNQEDAgELAkABgwwNC4IXCQWBMYwWGoF/gREnIIFOUC4+ghtJAQEBAgGBLAEHCwE2CQ0Jgloyggoij145hUmHAYJHjk1BCoIrhxyKIIQYG4I/c4Z3j3OQCoUigVaCFI9CAgQCBAUCDgEBBYE/KiJncXAVOyoBgkEJRxEUhiQkOG8BCYJCaoQqhT90AQuBHIpygjEBAQ
X-IronPort-AV: E=Sophos;i="5.69,242,1571702400"; d="scan'208,217";a="388250939"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Nov 2019 18:48:55 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id xAPImtjw025191 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 25 Nov 2019 18:48:55 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 25 Nov 2019 12:48:54 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 25 Nov 2019 12:48:54 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 25 Nov 2019 13:48:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PC8qDptGU41RcKf4mu1ZXB8kTr2/xVgZUesOXuH3rVYfCY95sE3GJUUlNWUnjqhl9kPIQpY3y/WV66p4Qo19dFA94Pnf8547HvpAogmMQuzP8YBNZvUcabY2MOrTGhm774Ot53kClB7Of9NFq3fP+rEpdujrawzcKnSrdd66zVIM+FFARQDg3JIVQnQf4XeD7jmd4bRw/TjHL9Ks853fOER7NtwSe/+UygtMSdwiqIul1eR1/HGD7yuSxxSkE7Grw2S1LtmqZlh8Ax4gAOM1b83qh6SrF13QkLDosJMRZKprKB2voQ5v+O472jZlN5M5pGUzAKjFZr2WNk7laIbRpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PBtB6OFfYHoAeVqz3msZPzCN1NweDrps/x01PlZ6NwU=; b=j26j1W20Lt9kgVI8aPieJNMaSj3B5zVDlnXEzV8UjTdB8gpDcmhNF03O2eo62m+eaph62Yd5/W+0Qsr1pDEOiEdv4PJIYB8eLAc3ycEMXxdjvlDecBJSfAFb04lYSrpr4rEJyEa5hWhEgDTffCfR44JoeuJG2sOsRS7Rc8UJpnhgdSs68QWddiUES/oX+0ixIXYAdIxvZmdHkXyMjWoJpsU7SDYy5wFODaAGDA8IrhWCsHgRzMqA0c83K5aVpQiogZuVsXde7eyj93Ws3TNjERP6WfApFT6VoX1xel+fOd6qfzOpSK+Hjn2xna1rbd5lE77DeYfDm1FtH24QbQsFng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PBtB6OFfYHoAeVqz3msZPzCN1NweDrps/x01PlZ6NwU=; b=mafpeLTiikh1o7LOJRukE3XBd5XmQ3Frhnx7PcvsMud1dhrOySv2k6jTIaSPJoHqxZo7Dsisl3eZcEY4sZceBySl7HzfUf/xQWawDiPO2HULpIxFM8HuH9IufZKDKAkjrSfQ+mQuJ/hXKBgt5xJIl4BVO9afVScJU72gAq6cyfA=
Received: from MN2PR11MB4221.namprd11.prod.outlook.com (52.135.38.14) by MN2PR11MB4398.namprd11.prod.outlook.com (52.135.37.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Mon, 25 Nov 2019 18:48:41 +0000
Received: from MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::218b:2d04:e653:105]) by MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::218b:2d04:e653:105%7]) with mapi id 15.20.2474.023; Mon, 25 Nov 2019 18:48:41 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org" <draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org>, "i2nsf-ads@ietf.org" <i2nsf-ads@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, YANG Doctors <yang-doctors@ietf.org>, "skku-iotlab-members@googlegroups.com" <skku-iotlab-members@googlegroups.com>
Thread-Topic: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06
Thread-Index: AQHVKSTHKYQtMzvR+kSSqCB4rA4Jx6d7xuWAgAJ1AwCAHp/kAA==
Date: Mon, 25 Nov 2019 18:48:41 +0000
Message-ID: <FCB9CD3A-BFA3-46CD-A788-7024E329EB8C@cisco.com>
References: <E650398F-D50C-486D-9717-90BA617BA0A1@cisco.com> <CAPK2Dez5b4pL9+_UPxf77jcPQMygVG-=eaMEd+nMJoJ9Dg92vg@mail.gmail.com> <CAPK2Dey1_c48jqoG+vqUZOSBBEkfBCxo4R5iUbtaZR96Hi_dQg@mail.gmail.com>
In-Reply-To: <CAPK2Dey1_c48jqoG+vqUZOSBBEkfBCxo4R5iUbtaZR96Hi_dQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=acee@cisco.com;
x-originating-ip: [2001:420:c0c4:1004::238]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 975b56ac-053a-4867-00b6-08d771d81783
x-ms-traffictypediagnostic: MN2PR11MB4398:|MN2PR11MB4398:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <MN2PR11MB4398164B4B51683736688336C24A0@MN2PR11MB4398.namprd11.prod.outlook.com>
x-ms-exchange-transport-forked: True
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0232B30BBC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(136003)(376002)(39860400002)(396003)(189003)(199004)(15404003)(186003)(54906003)(325944009)(4326008)(99286004)(966005)(5660300002)(6306002)(54896002)(9326002)(66946007)(66476007)(66556008)(64756008)(8936002)(236005)(46003)(6512007)(8676002)(76176011)(81166006)(81156014)(66446008)(76116006)(14454004)(15188155005)(6436002)(33656002)(102836004)(316002)(5024004)(606006)(2616005)(36756003)(6916009)(6506007)(53546011)(14444005)(256004)(229853002)(478600001)(2906002)(7736002)(6116002)(16799955002)(107886003)(25786009)(6246003)(86362001)(446003)(71190400001)(71200400001)(11346002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4398; H:MN2PR11MB4221.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zNrtguPznKRpaM3hRLzdYAn09SDSWN5oRjO2llaQHOY7/xPtV5ReECQdf51oz5wrc4Aa7UTLYaA3aFoAWnJ3aieTcj4VuNY7SyuescyH2HQLlRBpeqNntRadbEpsvUG0zHxDTomFVmoUP7AgPZJNeZt09g4SFY+yhmjO4UcsCYP5JPN+BDW4RCQmI29Ttyh7P6ZoJn0GRLjZN1LruXqqXBiNNepd5Tnczl2xMMSAQD2/rf9CMwF7iuh234vT6YMwnh8S+ppLPsz+S26sld5ABuLHWqKp6JZb0bRRMXaQ7n/LWO0qLez9xH1V92iEEN2DtbQ1hlEFDjyPi9y/TukCFY/TzetF2QXBiOr3fn+/Jwb+CxpzERlIm1APbFghXBGaC2S4RtHuhlCc5ncgt6iqzR7/fL/uf+2AorKJMUalSKQdzRQKV2aV45dH6K7PlxmG2qkAQg4UGh1jMaO6JZbwkWqlxVqpgiYR9YG0QSvuugY=
Content-Type: multipart/alternative; boundary="_000_FCB9CD3ABFA346CDA7887024E329EB8Cciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 975b56ac-053a-4867-00b6-08d771d81783
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2019 18:48:41.5931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lJyqKFqkDWU9dbJEqY6VD3esOqKtcbAC8dfldsHPYs3/bQOzTCEaLKBfJOy89QTS
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4398
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/w8TLpS4X75zYG-xe-8sqHxDsj4Y>
Subject: Re: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 18:49:00 -0000
Hi Paul, I see you chose not to harmonize with the existing ACL model (RFC 8519) or the updated YANG types (draft-ietf-netmod-rfc6991-bis-02). However, given the applicability of the draft, perhaps it doesn’t really matter. In any event, I marked the review as “Ready”. However, a better characterization would probably be “Ready as Ever”. Thanks, Acee From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Date: Tuesday, November 5, 2019 at 9:09 PM To: Acee Lindem <acee@cisco.com> Cc: "draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org" <draft-ietf-i2nsf-nsf-facing-interface-dm@ietf.org>, "i2nsf-ads@ietf.org" <i2nsf-ads@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, YANG Doctors <yang-doctors@ietf.org>, "skku-iotlab-members@googlegroups.com" <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Subject: Re: [I2nsf] YANG Doctors Working Group Last Call Review for draft-ietf-i2nsf-nsf-facing-interface-dm-06 Hi Acee, I believe that I have addressed your comments on I2NSF NSF-Facing Interface Data Model: https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-08 If you are satisfied with the revision, could you update the Review result in the following page? https://datatracker.ietf.org/doc/review-ietf-i2nsf-nsf-facing-interface-dm-06-yangdoctors-lc-lindem-2019-06-22/ Thanks. Best Regards, Paul On Mon, Nov 4, 2019 at 9:37 PM Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> wrote: Hi Acee, I have reflected all your comments in the revised I-D of NSF-Facing Interface YANG Data Model: https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-08 I attach the revision letter to explain how I reflected your comments on each of your comments. If you have questions, please let me know. Best Regards, Paul On Sun, Jun 23, 2019 at 3:03 AM Acee Lindem (acee) <acee@cisco.com<mailto:acee@cisco.com>> wrote: I have reviewed this document as part of the YANG doctors directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other early review comments. Document: draft-ietf-i2nsf-nsf-facing-interface-dm-06 Reviewer: Acee Lindem Review Date: June 22, 2019 Review Type: Working Group Last Call Intended Status: Standards Track Summary: Needs to go back to Working Group for rework and another WGLC Modules: "ietf-i2nsf-policy-rule-for-nsf@2019-06-12.yang" Tech Summary: The model defines different types of I2NSF security policy. Each is comprised of an event, a condition, and an action. There is significant overlap with other IETF models. Within I2NSF, there is repetition of definitions which needs to go into a common I2NSF types module. Additionally, the data descriptions were were done quickly and never reviewed or edited. I believe it needs to go back to the working group for another revision and working group last call. . Major Comments: 1. Why don't you leverage the definitions in RFC 8519 for packet matching? We don't need all this defined again. 2. Date and time are defined in RFC 6991. Why don't those suffice? 3. Refer to the intervals as "time-intervals" rather than "time-zones". The term "time-zone" has a completely different connotation. 4. What the "acl-number"? Also, ACLs are named (RFC 8519). Also, why define all the packet matching and then reference an ACL. 5. The descriptions are very awkwardly worded and in many cases simply repeat the data node or identify description without hyphens. I started trying to fix this but it was too much. I'll pass for on for some examples. There are enough co-authors and contributors that one would expect much better. 6. There is overlap of definitions with the I2NSF capabilities draft. The common types and identities should be factored into a common I2NSF types module. 7. The "Security Considerations" in section 8 do not conform to the recommended template in https://trac.ietf.org/trac/ops/wiki/yang-security- guidelines> Minor Comments: 1. Section 3.1 should reference RFC8340 rather than attempting to include tree diagram formatting semantics. 2. "iiprfn" is a poor choice for default model prefix - I suggest "nsfintf". It is only one character longer and actually is expands to something meaningful. 3. RFC 2460 is obsoleted by RFC 8200. 4. RFC 791 is the wrong reference for IPv4 TOS. It should be RFC 1394. 5. What is the IGRP protocol? I'm familiar with EIGRP but not IGRP. 6. What is the skip protocol? Is this about skipping the check? If so, why is it needed. 7. Reference for IPv6 ICMP should be RFC 2463. 8. Why do you include Photuris definitions? Nobody uses this. 9. Note that all the keys for all 'config true' lists must be unique so your specification in the description as well as 'mandatory true' are redundant for the 'rules' list. This mistake is in other lists as well. 10. What is 'during' time? 11. What is a "security-grp"? Is this a security-group? 12. The module prologue doesn't match the example in Appendix B of RFC 8407. 13. There needs to be a good definition of absolute and periodic time in the descriptions. 14. The References do not include all the RFCs referenced by YANG model reference statements. Nits: Will send diff to authors and i2nsf chairs as example of review that should be done on YANG documents prior to sending to YANG doctors. Thanks, Acee _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php> -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] YANG Doctors Working Group Last Call Revi… Acee Lindem (acee)
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong
- Re: [I2nsf] YANG Doctors Working Group Last Call … Acee Lindem (acee)
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong
- Re: [I2nsf] YANG Doctors Working Group Last Call … Acee Lindem (acee)
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong
- Re: [I2nsf] YANG Doctors Working Group Last Call … Acee Lindem (acee)
- Re: [I2nsf] YANG Doctors Working Group Last Call … Mr. Jaehoon Paul Jeong