RE: [imss] imss WG Last Call: FC-SP MIB
"WIJNEN, Bert \(Bert\)" <bwijnen@alcatel-lucent.com> Mon, 15 October 2007 09:59 UTC
Return-path: <imss-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhMja-0001Ln-73; Mon, 15 Oct 2007 05:59:38 -0400
Received: from imss by megatron.ietf.org with local (Exim 4.43) id 1IhMjY-0001LF-3i for imss-confirm+ok@megatron.ietf.org; Mon, 15 Oct 2007 05:59:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IhMjX-0001L6-D4 for imss@ietf.org; Mon, 15 Oct 2007 05:59:35 -0400
Received: from ihemail2.lucent.com ([135.245.0.35]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IhMjR-0002fz-6T for imss@ietf.org; Mon, 15 Oct 2007 05:59:35 -0400
Received: from ilexp02.ndc.lucent.com (h135-3-39-2.lucent.com [135.3.39.2]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id l9F9wucO007590; Mon, 15 Oct 2007 04:59:01 -0500 (CDT)
Received: from DEEXP02.DE.lucent.com ([135.248.187.66]) by ilexp02.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Oct 2007 04:58:59 -0500
Received: from DEEXC1U02.de.lucent.com ([135.248.187.29]) by DEEXP02.DE.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Oct 2007 11:58:57 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [imss] imss WG Last Call: FC-SP MIB
Date: Mon, 15 Oct 2007 11:58:52 +0200
Message-ID: <D4D321F6118846429CD792F0B5AF471F7E5B82@DEEXC1U02.de.lucent.com>
In-Reply-To: <FF29F13E2D78C047B4B79F4E062D036338796C@CORPUSMX20A.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [imss] imss WG Last Call: FC-SP MIB
Thread-Index: AcgK0vLbbD32Q+kDSKqF52DDcvyXNQEPLtJA
References: <FF29F13E2D78C047B4B79F4E062D036338796C@CORPUSMX20A.corp.emc.com>
From: "WIJNEN, Bert (Bert)" <bwijnen@alcatel-lucent.com>
To: Black_David@emc.com, imss@ietf.org
X-OriginalArrivalTime: 15 Oct 2007 09:58:57.0034 (UTC) FILETIME=[006276A0:01C80F12]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d16ce744298aacf98517bc7c108bd198
Cc: dromasca@avaya.com
X-BeenThere: imss@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet and Management Support for Storage Working Group <imss.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/imss>, <mailto:imss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:imss@ietf.org>
List-Help: <mailto:imss-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/imss>, <mailto:imss-request@ietf.org?subject=subscribe>
Errors-To: imss-bounces@ietf.org
I am starting to take a look at this document.
Will take a while. It has 249 pages and 6 MIB modules.
One thing I do see that may need some action is the
fact that this document has normative dependencies
on these 2 documents:
[IPSP-IKE-ACTION]
Baer, M., Charlet, R., Hardaker, W., Story, R., and C. Wang, "IPsec
Security Policy IKE Action MIB", draft-ietf-ipsp-ikeaction-mib-
nn.txt, work-in-progress, 19 October 2006.
[IPSP-IPSEC-ACTION]
Baer, M., Charlet, R., Hardaker, W., Story, R., and C. Wang, "IPsec
Security Policy IPsec Action MIB", draft-ietf-ipsp-ipsecaction-mib-
nn.txt, work-in-progress, 19 October 2006.
However, I do not see that any IMPORT is done for those 2 IPSP MIB
modules,
so maybe the dependency is not really normative? I will find out when
I read the whole FC-SP MIB document. Sofar I did notice:
- 4.8.6. The T11-FC-SP-CERTS-MIB Module
This MIB module specifies extensions to IPSP MIBs [IPSP-IPSEC-ACTION]
and [IPSP-IKE-ACTION] which are specific to Fibre Channel. In
particular, it specifies one table, t11FcSpCertsTable, with a row per
certificate indicating how that certificate is being used, and
containing the "name" of the certificate. This "name" can be used to
obtain information, which is independent of FC-SP, about the
certificate from the ipsaCredentialTable (and from the
ipsaCredentialSegmentTable if the certificate is longer than 1024
bytes).
- In the T11-FC-SP-CERTS-MIB (page 230/231:
Since FC-SP leverages a subset of IPsec and IKEv2 (see RFC
4595), a subset of the management information defined for
the use of certificates with IPsec/IKEv2 is also applicable
to FC-SP. Thus, this MIB module leverages RFC wwww and
RFC xxxx for the management of certificates, CAs and CRLs.
-- RFC Editor: replace wwww with actual RFC number for
-- [IPSP-IPSEC-ACTION], and replace xxxx with actual RFC number for
-- [IPSP-IKE-ACTION] & remove this note
Specifically, the information defined in this MIB module
consists of a pointer into the IPsec/IKEv2 MIB modules,
plus minimal additional item(s) of information which are
considered to be important in a Fibre Channel environment.
So it does sound normative. So I have a warning:
I have been reviewing those 2 IPSP documents a few times over the last
(mmmm probably) 2-3 or 2-4 years, and I must warn you that the cycle
times on
those documents are EXTREMELY slow. The current revisions are:
draft-ietf-ipsp-ikeaction-mib-02.txt
draft-ietf-ipsp-ipsecaction-mib-02.txt
which showed up as I-D on 10 Nov 2006, and both are still in Revised ID
needed. Those MIB documents are also pretty complex, and so if/when a
new revision will eventually show up (if at all), then whoever needs to
re-review will need a serious block of time to actually do so.
My personal experience is pretty bad/sad with those 2 documents, and
I must admit that I am completely de- or un-motivated at this point in
time to re-review them a again if/when they do show up. But possibly
Dan can convince me otherwise at that time.
Anyway, I just wanted the authors/editors/wg-chair and WG members to
be aware of this risky normative dependency.
Bert Wijnen
> -----Original Message-----
> From: Black_David@emc.com [mailto:Black_David@emc.com]
> Sent: Wednesday, October 10, 2007 2:18 AM
> To: imss@ietf.org
> Cc: dromasca@avaya.com; Black_David@emc.com
> Subject: [imss] imss WG Last Call: FC-SP MIB
> Importance: High
>
> This is to announce an imss WG Last Call on the following MIB draft:
>
> MIB for Fibre-Channel Security Protocols (FC-SP)
> draft-ietf-imss-fc-fcsp-mib-00.txt
>
> This WG Last Call will run through 12 midnight Eastern Time
> on Friday, October 26, 2007 (your WG chair hopes to deal with
> Last Call results during the week of October 29th and hopes
> that any revisions can be completed prior to the November
> 19th Internet Draft submission cutoff for the Vancouver meeting).
>
> Technical comments *must* be sent to the imss mailing list.
> Editorial comments may be sent directly to the draft editor
> (but please cc: me):
>
> Keith McCloghrie [kzm@cisco.com]
>
> In order to try to set a good example, I have completed my WG
> chair review of the MIB prior to announcing this Last Call.
>
> I found two technical concerns:
> (1) The MIB defines precedence values for traffic selectors
> as opposed to implicitly presenting them in order of
> precedence. I guess this is ok, but Section 4.7 should
> explain why this approach was chosen.
> (2) Section 4.9 defines rate control for Authentication
> failures on a per-fabric granularity. That strikes
> me as overly coarse, and I wonder if per-SA would
> be a more appropriate/useful granularity.
>
> I also found a number of editorial concerns:
>
> Section 1, 2nd paragraph. Remove the sentence starting with
> "This latest draft" or insert an instruction to the RFC
> Editor to remove it before publication as an RFC.
>
> Section 3.1 - Delete "The" at the start of the first paragraph.
>
> Should Section 3.5 and subsequent subsections of Section 3
> all be subsections of Section 3.4 Security?
>
> Section 3.10 - "To provide better scaling, the Switch Connectivity
> Objects are not Fabric-wide information such that they are
> distributed only to where they are needed."
>
> "information such that they are" -> information, but are"
>
> Section 3.10 introduces "Active Zone Set" but does not
> explain what this term means.
>
> T11FcSpPolicyNameType - the DESCRIPTION needs to explain the
> concept of "restricted" - how does a "restricted" entity
> differ from the corresponding unrestricted entity?
>
> Thanks,
> --David
> ----------------------------------------------------
> David L. Black, Senior Technologist
> EMC Corporation, 176 South St., Hopkinton, MA 01748
> +1 (508) 293-7953 FAX: +1 (508) 293-7786
> black_david@emc.com Mobile: +1 (978) 394-7754
> ----------------------------------------------------
>
>
>
> _______________________________________________
> imss mailing list
> imss@ietf.org
> https://www1.ietf.org/mailman/listinfo/imss
>
_______________________________________________
imss mailing list
imss@ietf.org
https://www1.ietf.org/mailman/listinfo/imss
- [imss] imss WG Last Call: FC-SP MIB Black_David
- RE: [imss] imss WG Last Call: FC-SP MIB WIJNEN, Bert (Bert)
- [imss] RE: imss WG Last Call: FC-SP MIB Black_David
- [imss] RE: imss WG Last Call: FC-SP MIB WIJNEN, Bert (Bert)
- [imss] RE: imss WG Last Call: FC-SP MIB Black_David
- [imss] RE: imss WG Last Call: FC-SP MIB WIJNEN, Bert (Bert)
- [imss] MIB doctor review part 1 (SYNTAX Checks): … WIJNEN, Bert (Bert)