IETF Logo Mail Archive

Re: Review of draft-ietf-lmap-information-model-17

Leif Johansson <leifj@mnt.se> Tue, 14 March 2017 09:17 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C84129524 for <ietf@ietfa.amsl.com>; Tue, 14 Mar 2017 02:17:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnt-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mI94Au95aX_z for <ietf@ietfa.amsl.com>; Tue, 14 Mar 2017 02:17:07 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75BD0129469 for <ietf@ietf.org>; Tue, 14 Mar 2017 02:17:07 -0700 (PDT)
Received: by mail-lf0-x22f.google.com with SMTP id y193so73662446lfd.3 for <ietf@ietf.org>; Tue, 14 Mar 2017 02:17:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnt-se.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=u7FEv2xz5UJrY+GfQH+qhI4yVq4z1EkbL0rr+fs2Kxg=; b=Xqe7TZwE3EVx+1L9tSF6NTPlDQ6Ou40IYl9gt3yKImWpdFQHtA59XTtckebdh7R4jj Z8m1Yydz+uqmocPT8XhOSnPs/ROMc2M5lpEHkPVgeM4ZLFZm4erAMtUhI1QmptfAp7Vn vxzl7yYDKHowEn7oL4y983asIDy1hWpjIbOD4icsPnKg1C+2WZpSmoBbbFBQ9AmJqk8P NF96FW4S7mXIN4oiVMmomc5Bax/LWrsjlWaZcY+/QeHm2OQSacdAFxVM+1i8iaERebTD 8ZyoJo7C5RGXoZNU66P27oXLbETLGGpNgGXm6vaERJBC44/s9FpE6hcHWdgaP25hJ+c/ fA3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=u7FEv2xz5UJrY+GfQH+qhI4yVq4z1EkbL0rr+fs2Kxg=; b=WcgF3n7OyhUVZ1KdxoWsBMZn2wBpGkUDFngFf7vxl59MVpYt5xAf5OVN4l+l65IlS3 uNZeWPzIX7BAse/TDLmEygZt1fvSZwSyWRYubds5uZHuhkR9IH4N9x4G8dUMVN81w3d1 8oizrqshmbCx+rw2paaCKkN3dGvB83J5WY+F+Kcn4txoTCoIM1ALqJLHijFSlwGgbOHn eN2tKV5HkCGxJAGmZN5PCS96zULvRxt/bOGslN0T0Zj2WMVwLZusnNagVmXqYC76h2DT Ueq7fozpQFUaIX/CxgFjVLFNc4hY6e3UpxEdrriyLBYto4yi3fG5oQCpSo7zCcnlwyAp tghQ==
X-Gm-Message-State: AMke39nz6QtCgLIGf++GuqbS2Kbwpt7bwieS+fsnKPUlxhone6XFzFtW6Via+DUmqm+dWQ==
X-Received: by 10.25.216.232 with SMTP id r101mr8628949lfi.28.1489483024972; Tue, 14 Mar 2017 02:17:04 -0700 (PDT)
Received: from ?IPv6:2001:6b0:7:1:198e:bf37:ab2a:c6df? ([2001:6b0:7:1:198e:bf37:ab2a:c6df]) by smtp.gmail.com with ESMTPSA id 187sm4165527ljf.32.2017.03.14.02.17.03 for <ietf@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2017 02:17:04 -0700 (PDT)
Subject: Re: Review of draft-ietf-lmap-information-model-17
To: ietf@ietf.org
References: <148814339074.2901.10793232146724828053.idtracker@ietfa.amsl.com> <20170314085308.GA54939@elstar.local>
From: Leif Johansson <leifj@mnt.se>
Message-ID: <d8ea9f64-7558-4514-6b1f-90b5062a4060@mnt.se>
Date: Tue, 14 Mar 2017 10:17:02 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <20170314085308.GA54939@elstar.local>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/xy57EIA0TQCbAC2WRPPGTCgwyoo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 09:17:10 -0000


On 2017-03-14 09:53, Juergen Schoenwaelder wrote:
> Russ,
> 
> thanks for your review. See my response to your comments inline.
> 
> On Sun, Feb 26, 2017 at 01:09:50PM -0800, Russ Housley wrote:
>> Reviewer: Russ Housley
>> Review result: Almost Ready
>>
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed
>> by the IESG for the IETF Chair. Please wait for direction from your
>> document shepherd or AD before posting a new version of the draft.
>>
>> For more information, please see the FAQ at
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>>
>> Document: draft-ietf-lmap-information-model-17
>> Reviewer: Russ Housley
>> Review Date: 2017-02-26
>> IETF LC End Date: 2017-03-08
>> IESG Telechat date: Unknown
>>
>> Summary: Ready
>>
>> Major Concerns:
>>
>> Section 3.1 says that the pre-configuration information contains
>> the certificate of the Controller or the certificate of the CA
>> which issued the certificate for the Controller.  Section 3.1.1
>> includes ma-preconfig-credentials.  Are these the same?
> 
> The information model on purse is somewhat unspecific about what
> exactly the security credentials are. The reason is that the
> information model maps to two data models today (one in the BBF and
> one in the IETF). The IETF data model can be accessed over NETCONF and
> RESTCONF. RESTCONF runs over HTTP/TLS while NETCONF by default runs
> over SSH. As a consequence, the various credentials needed to support
> the different protocols varies.
> 

You keep missing my point which is this: I understand the difference
between a data model and an information model. What I don't understand
is if you need one or two credentials in the information model.

	Cheers LEif

>> Section 6 says that secure communication channels are needed.  This
>> means
>> that some components of this system (at least the Controller) must
>> have
>> secret keys or private keys.  I think that Section 6 should talk
>> about
>> which components of this system have keys and the consequences if the
>> keys are not well protected.
> 
> There is a fairly large discussion of security issues in RFC 7594
> and we point to them in section 6 rather than repeating them here.
> 
>    An implementation of this Information Model should support all the
>    security and privacy requirements associated with the LMAP Framework
>    [RFC7594].
> 
>> Minor Concerns:
>>
>> The Introduction in RFC 7594 says: "There is a desire to be able
>> to coordinate the execution of broadband measurements and the
>> collection of measurement results across a large scale set of
>> Measurement Agents (MAs)."  The Fact that LMAP is about broadband
>> measurements should be stated in the first paragraph of the
>> Introduction of this document.
> 
> I suggest to add a sentence including a reference to RFC 7536 so
> that the 1st paragraph of the Introduction reads:
> 
>    A large-scale measurement platform is a collection of components that
>    work in a coordinated fashion to perform measurements from a large
>    number of vantage points.  A typical use case is the execution of
>    broadband measurements [RFC7536].  The main components of a large-
>    scale measurement platform are the Measurement Agents (hereafter
>    MAs), the Controller(s) and the Collector(s).
> 
>> Nits:
>>
>> In Section 3, the reason for the 6 categories should probably be
>> placed before the list instead of several paragraphs later.
> 
> I agree, I have moved the text up (and due to some other comment we
> started to call the categories 'aspects'). So the new text reads:
> 
>    The information model is divided into six aspects.  Firstly the
>    grouping of information facilitates reader understanding.  Secondly,
>    the particular groupings chosen are expected to map to different
>    protocols or different transmissions within those protocols.
> 
>> In 3.1: s/If the MA ID is not provided at this stage then/
>>          /If the MA ID is not provided at this stage, then/
> 
> fixed
> 
> /js
>

v2.23.0 | Report a Bug | By Email