Re: [OPSAWG] Murray Kucherawy's No Objection on draft-ietf-opsawg-sdi-10: (with COMMENT)
Warren Kumari <warren@kumari.net> Tue, 19 May 2020 19:36 UTC
Return-Path: <warren@kumari.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF4D93A0D32 for <opsawg@ietfa.amsl.com>; Tue, 19 May 2020 12:36:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id En1QLOzfrqO0 for <opsawg@ietfa.amsl.com>; Tue, 19 May 2020 12:36:24 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E7243A0D73 for <opsawg@ietf.org>; Tue, 19 May 2020 12:36:23 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id 202so540527lfe.5 for <opsawg@ietf.org>; Tue, 19 May 2020 12:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gbmSmo2081QLMgkEynv+A7v4DCvtS3eOl9FPIPRaPFo=; b=uRJPmUf/AvgBBHnhg7pEfT6J55UG33sOkliSErgbiqiFXIYa+mdIhApvgaHdIQUZTJ MxLd1coKGvqZym5TfExMoI8+N4w6XPDBKakBfwFC8ZcBy4YY9Kav21WaV520MLjVo2Zv ZQ5UISoirUbg4Bbz3HNzkfxil8gXf2lH142iJbI4Rtt+IvN4LR/vBkIh8Hq6FS/qQOR0 9M9tv8Mm9jETa7cFo9DgJk6/5LVA2xriqc9zcpmqBjxbDVi4gim2mi9ihOKl8PxICqCN OIDE5mNNxXp8Mc30oYL3doKSDth9+NSTo3RMVWjTt8kacqNRwHLyM+TU/Rr6sEsQqbQE 51qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gbmSmo2081QLMgkEynv+A7v4DCvtS3eOl9FPIPRaPFo=; b=a+YUeJmxFi6DXmMmKO2eED45MlqhAhc7zQS5mxdd2ch0ABAzsSIW6q/9MfMeT/ebgr RR4NK1R40E5+VLBzYsPz8EUZBaWr23fOldag0p8Xn4w0oTidy0SQ0ChSRoSc+sOoi7sW klWH/fj/yDvqd/MpMBabd/v7YHQKi/DrC1D/34+y6YyiVvkrOLFiqIlTgbGGsWKA8OOr un61YOQA7pHDgv4auUbBtwiVIDYAce05kvnbtuNF7DA/732AZYPums05MrB3RpdfKSgI W3B1F3azhe2Za1McdkTl1x8d7ZFMZPhd61t3fPluntSscV/7DHFcrBnlW7nCj1/KTPPA IWQg==
X-Gm-Message-State: AOAM533GxLfUKa/UzbaZpFNBIBRVa4VLambEa32mkmxs0ZJzdywrMPKi Tr5cEv4b683VqDYMEbVjdtMQ4K5FdzBILhBBWQlBxQ==
X-Google-Smtp-Source: ABdhPJy/r59ATMDa8wr8t3gjuN1hralzsjxU6ZHkmVTkpW2gdiTJcawPT3sOeupN2J0Z/PQOr+oWHrQcduC9bW4zMpA=
X-Received: by 2002:a05:6512:104c:: with SMTP id c12mr291178lfb.200.1589916981071; Tue, 19 May 2020 12:36:21 -0700 (PDT)
MIME-Version: 1.0
References: <158969448080.20571.5288514293121823581@ietfa.amsl.com>
In-Reply-To: <158969448080.20571.5288514293121823581@ietfa.amsl.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 19 May 2020 15:35:44 -0400
Message-ID: <CAHw9_i+pY3F__8SbtR-5q_FKa03KwMTH8cncRMf1u019PtYBtw@mail.gmail.com>
To: Murray Kucherawy <superuser@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-opsawg-sdi@ietf.org, OpsAWG-Chairs <opsawg-chairs@ietf.org>, opsawg <opsawg@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/-wIUyaXcfPPdwgAGkfwIwY2iUm4>
Subject: Re: [OPSAWG] Murray Kucherawy's No Objection on draft-ietf-opsawg-sdi-10: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 19:36:27 -0000
On Sun, May 17, 2020 at 1:48 AM Murray Kucherawy via Datatracker <noreply@ietf.org> wrote: > > Murray Kucherawy has entered the following ballot position for > draft-ietf-opsawg-sdi-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-sdi/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Bigger points first: > > The shepherd writeup contains this remark, which made me squint a bit: "More > security review was asked for by the WG at various [times], and it is not clear > that this input will be taken into account." Why's that? Erk! Joe (chair) is checking with the shepherd (MCR) -- I think that this was a miscommunication -- the WG asked for more security review, and didn't really get very much feedback. I'm hoping that this was just poorly worded in the writeup, otherwise there is an issue here... > > This Informational document cites BCP 14, and then has a solitary SHOULD in > Section 4.2. One could easily change "SHOULD fetch" to "fetches" and do away > with all of that. Oooh! Nice! Done! That was the only normative reference, and so I managed to do away with that section as well. > > There are several places where the prose uses two words to mean roughly the > same thing (e.g., "store / cache"). I found this awkward each time I hit it. > Please, in each case, pick one. Worst case, replace the slash with "or", but > you'll probably find that redundant anyway. Done. Thank you, this has significantly improved readability... Also, it turns out that XML tags, ASCII art and URLs contain a LOT of forward slashes, which makes grepping hard :-P > > There are several places where a list or example is introduced with a hyphen > (e.g., "There are two options when implementing this - a vendor could..."). > Instead, it should be a new sentence, or at least a colon followed by a clause > or maybe a bulleted list. Wow, there were a lot of those. Thank you, done. > > And now, a lot of editorial suggestions: Wow. Apologies for how poorly written this was, and thank you for all of the editorial work -- I really appreciate your time and effort on this... > > Section 1: > * "... or using an auto install techniques which fetch ..." -- > s/techniques/technique/, or remove "an" DONE * "... or something similar, is an > unacceptable ..." -- remove the comma DONE * "... vendor to pre-configure the > devices before shipping it ..." -- change either "devices" to "device", or "it" > or "them" DONE. * "... configuration, etc; but these ..." -- change to "... > configuration, etc. However, these ..." DONE. Nice, thank you, * "... managing installed / deployed > devices ..." -- suggest just picking one DONE! > > Section 2: > * "... newly installed / unconfigured ..." -- change to "... newly installed, > unconfigured ..." Nice. DONE. * "... obtain an IP address and address of a config server > ..." change to "... obtain an IP address for itself and discover the address of > a configuration server ..." DONE. Much better, thanks! * "This document describes a concept ..." -- this > paragraph feels like it belongs in Section 1 Good point -- that works much better, thanks. > > Section 2.1: > * "... Point of Presence (POP) / datacenter." -- maybe just replace all of this > with "facility"? DONE. Thanks. * "... device configuration, fetches the certificate ..." -- > s/,/ and/ DONE. Thanks. * "... encrypted config ..." -- please use either "configuration" > (preferred) or "config", but not both DONE Thank you - I selected "configuration" (other than in ASCII art, where it would not really fix, and I think is clear from context). * "... installed in Operator_A' ..." -- > missing an "s" (two instances in the third paragraph) * "... (note that all > this ..." -- s/all this/all of this/ (and actually, this should be its own > sentence) DONE and DONE. > > OLD: > The device attempts to load the > config file - if the config file is unparsable, (new functionality) > the device tries to use its private key to decrypt the file, and, > assuming it validates, installs the new configuration. > NEW: > The device attempts to load the configuration file. As an added > step, if the configuration file cannot be parsed, the device tries > to use its private key to decrypt the file and, assuming it validates, > proceeds to install the new, decrypted, configuration. Oooh, better. DONE, thanks. > > * "(See Security Considerations)" -- section number, please DONE. > > Section 3: > * This section doesn't appear to me to describe a role other than "vendor". > * "... the vendors roles and ..." -- s/vendors/vendor's/ DONE. > > Section 3.1: > * Please expand "EST" on first use. DONE. > > Section 3.2: > * "... store / cache ... uptime / reachability ..." -- as above, these really > stand out to me as in need of making an editorial choice DONE. > > Section 4: > * I don't see a role in here either other than "operator". DONE. > > Section 4.1: > * "(likely serial number)" -- suggest "(e.g., the serial number)" DONE. > > Section 4.2: > * "publication server, and download ..." -- remove the comma DONE. > > Section 5.1: > * "chassis / backplane" -- another; see previous remarks DONE. > * TPM could use a reference (ISO/IEC 11889?) > NOT DONE. I will need to find a non-payware reference (the ISO one is a 198CHF PDF). I think that the RFC Ed already has a good ref for this... > Section 5.3: > * "(e.g.: 'load replace <filename> encrypted))" -- unbalanced quoting and > parentheses > Indeed. DONE. > Section 7: > * "... may wish to bootstrapping devices with ..." -- s/bootstrapping/bootstrap/ DONE! > * "... minimal / less sensitive ..." -- pick one, or at least use "or" DONE. > > Appendix B: > * s/csr/CSR/ (and probably expand it) DONE. > * "Demo / proof of concept" -- pick one DONE (Proof of Concept). > * "... from the command line, in production ..." -- start a new sentence DONE. > * Don't use "I'm". Maybe change "I'm using S/MIME because ..." to "S/MIME is > used here because ..." DONE. Thank you VERY much - I'm embarrassed by the amount of editorial work that this needed, and really appreciate your time... Thank you again, W > > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [OPSAWG] Murray Kucherawy's No Objection on draft… Murray Kucherawy via Datatracker
- Re: [OPSAWG] Murray Kucherawy's No Objection on d… Warren Kumari
- Re: [OPSAWG] Murray Kucherawy's No Objection on d… Michael Richardson
- Re: [OPSAWG] Murray Kucherawy's No Objection on d… Joe Clarke (jclarke)
- Re: [OPSAWG] Murray Kucherawy's No Objection on d… Colin Doyle