[OPSAWG] AD review of draft-ietf-opsawg-tlstm-update-10
"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 19 December 2022 16:09 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB7BC1524D1; Mon, 19 Dec 2022 08:09:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.596
X-Spam-Level:
X-Spam-Status: No, score=-14.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=mlFjGQwd; dkim=pass (1024-bit key) header.d=cisco.com header.b=Iq9j4crF
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnKlY7IFHLnC; Mon, 19 Dec 2022 08:09:45 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22D05C1524B7; Mon, 19 Dec 2022 08:09:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6619; q=dns/txt; s=iport; t=1671466185; x=1672675785; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=tPopCr5w3yvcf0C6PZWQ+c84VvJgVwCU+XeoPcT0TKw=; b=mlFjGQwdyftpurIQgWOVJhY+gvEFOPLcZFQchgUXsJhwx9tDA0YL7Pbw aT4e579GXMol5KKOkZCZ36BzxANkwJTVNNW30w98xVgeoAIse/Z6BmRur 9zmR6pW7xfi8BdVzD07nrfHz8Wpxm3Ef9qAiUNedFAFeW7GBKuImhdJxI s=;
X-IPAS-Result: A0AdAgAgjKBjl5BdJa1XAx4BAQsSDECBRAuBW1KBBQJZOkWIGgOFL4ghkQiLB4EsFIERA1YPAQEBDQEBOQsEAQGBUgGDMgKFDQIlNAkOAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBNwUON4VoDYZZFhUTBgEBNwENBAE+KxcmAQQBDQUIGoJcAYMiAwEPq1EBgT8Cih94gQEzgQGCCAEBBgQEnx0JBYE7iHqDTYUDHIFJRIEVQ3mFDgKBKwESASMfJoNJgi6Lek+BZ4JthlRlCoE9gQCBJTcDRB1AAws7MgpDFCEGEUwrGhsHgQoqCR8VAwQEAwIGEwMgAg0NGzEUBCkTDSkmKEMJAgMiZgMDBCgtCSAEHAcmJDwHVhIqAwIPHzcGAwkDAh9ReyUmBQMLFSpHBAg2BQZSEgIIERIPLEMOQjc2EwZcASoIAw4TA1CBTwRzgRoKAi0omhCBLT4zAWQBA1IBgTQcDwwZAggFAxEFBgs9wR+BNgqDbotTlSkWg3mBUYsJA4ZlkQtel0IggiuKepRPSxmEXAIEAgQFAg4BAQaBYjprcHAVgyIJSRkPjiAMDQmDUIUUhUp1AjYDAgcLAQEDCYwjAQE
IronPort-PHdr: A9a23:VrrVlRBKujQkPOgjKUvUUyQVaBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MlbTuXa1qzUVH0aXCA==
IronPort-Data: A9a23:KH/chaI8kWjwgWFoFE+R8JUlxSXFcZb7ZxGr2PjKsXjdYENS1zMAn DMfDGDSO66JZGL0cthzPou3oR8D7ZTVxt8xHVQd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcIZsCCW0Si6FatANl1EkvU2zbue6WbCs1hxZH1c+En570EM7wobVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQ9yqE5BsUkbXxemimNhux64 flDkLG/HFJB0q3kwIzxUjFCGC14eKZB4rKCcT60sNeYyAvNdH6EL/dGVR5te9ZHvLcsRzgSq ZT0KxhVBvyHr/ipwbanTe9EjcU4J86tN4Qa0p1l5WiFVqd2EcuYK0nMzeZ61W8Lp/ATJ+zPd /tEUyVJTEXPfTQabz/7D7pnzLv32RETaQZwr0qOrLU4y2ne0AI316LiWPLWZNWXSsVTtlqCq 3zH+2P/RBodMbS3xSCM/G7ph+LTk2b8QJkbC7L96vpxnFjW23QfAQEbE1K/pdG4h1KwHdVFJ CQpFjEGt6M+8gmgScPwGk3+q3+ftRlaUN1VewEn1O2T4qXM5ASrOVAAdTdQdNg/iMQfaTIP+ 1DcyrsFGgdTmLGSTHuc8JKdojWzJTUZIAc+WMMUcecWy4K58d1s1HojWv4mQfDq1oeqcd3l6 2rSxBXSkYn/miLiO0+Tx1HMgzu2qoPOSGbZDS2IAzr1t2uViGNZDrFEBHDB5vpGaY2eVFTE7 D4PmtOV66YFCpTleM2xrAclQurBCxWtaW20bbtT838JrGzFF5mLJto43d2GDB01WvvogBewC KMphStf5YVIIFyhZrJtboS6BqwClPa/TI+1BqqOMYoQP/CdkTNrGgkzOSZ8OEiwzyARfV0XZ f93jO71Vy9BUPQ7pNZIb75HgeVDKt8CKZP7HMCnkEvPPUu2b3+OQrBNK0qVcu0898u5TPb9r b5i2z+x40wHCoXWO3CPmaZKdAxiEJTOLc2vwyChXrXYeVQO9aBII6K5/I7NjKQ+xPUIybmUo yzlMqKaoXKm7UD6xcyxQigLQNvSsVxX9xrX4QRE0Y6U5kUe
IronPort-HdrOrdr: A9a23:3RHvuqtoWyZcz8o9fNjdENVA7skCzoMji2hC6mlwRA09TyXGra 6TdaUguiMc1gx8ZJh5o6H7BEGBKUmskaKdkrNhQItKOzOW8ldATbsSprcKpgeAJ8SQzJ8k6U 4NSdkdNDSSNyk2sS+Z2njCLz9I+rDum8rE5Za8854Hd3AMV0gU1XYBNu/tKDwReOApP+tdKL Osou584xawc3Ueacq2QlMfWfLYmtHNnJX6JTYbGh8O8mC1/H+VwY+/NyLd8gYVUjtJz7tn23 PCiRbF6qKqtOz+4gPA1lXU849dlLLau5R+7Y23+4YowwfX+0aVjbdaKv6/VfcO0aOSAWMR4Z jxStEbToFOAj3qDyWISFDWqnXdOX4VmgDfIBmj8DzeSQiTfkNiNyKH7rgpNCcxonBQwu1Uwe ZF2XmUuIFQCg6FlCPh58LQXxUvjUasp2E++NRj+UC3fLFuHIO5l7Zvi399AdMFBmb3+YonGO 5hAIXV4+tXa0qTazTcsnN0yNKhU3wvFlPeK3Jy8vC9wnxThjR03kEYzMsQkjMJ8488UYBN46 DBPr5znL9DQ8cKZeZ2BfsHQ8GwFmvRKCi8eV66MBDiDuUKKnjNo5n47PE84/yrYoUByN8olJ HIQDpjxBsPkoLVeL+zNbFwg2PwqT+GLEXQI+llluhEhoE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,255,1665446400"; d="scan'208";a="14398833"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Dec 2022 16:09:44 +0000
Received: from mail.cisco.com (xfe-aln-002.cisco.com [173.37.135.122]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 2BJG9i4k005628 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 19 Dec 2022 16:09:44 GMT
Received: from xfe-rtp-003.cisco.com (64.101.210.233) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Mon, 19 Dec 2022 10:09:43 -0600
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-003.cisco.com (64.101.210.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Mon, 19 Dec 2022 11:09:43 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b49JLYlJ0PS4yMkgC91SF0NWOD2AQm5BGwyjlWaPQHPJ8LMP7vzNopc/ibtoVoJCB9qZfvjnVVTH46Rus10m/bgypOhKyqS783+IBRHSPe3OVUyG/r5sZbzTrt/hCjWTBlpo+w+SxPNfZs7I7AQH8SkvL0Q4fN9xtlR4cUv7H/ZX4qoHGW0zUutcwK75oOH4+rdvmBn2wOqANJwP49iacCdNQuTSqtskjrQrGhIV3OcnWWP4FNM6JGN2zD8yYQFIq3K3i1oxdrXJwH5guathm31xwclIoLXhSVwPoVDh60GdH3rP6vTlzVjUBjGuQsSb9K5mGeC0MaR9aMuyEns8Ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n1s/d80XSdigXZxVZkfMPdz0G00URNHRwThMFXDlv+M=; b=O9bie+p9XUaFoAqOe1m+7lUMO9OSihW/hX55/oKHODmrB4Hn9Gf21UWrg/AlTDaeFRq3C/aRSu/+YbpFIEEmPdZU00+cgBP6ImxljaIXs/Ydbcw5MicQr9/H8f+pEKNW1c6YXeu8oSttqAh8lGtKTeLol+3VkVZfqkwfK9PlcMdal5V3yYNsQ7/xsNxaS/5v4H2G+FTyeKG8iO6u10eU8F0C/+uuUKHCiR/JN6t1QEqin1L0Q42ofvC6GBDsNBhXRwiHj/7nC2a6F1idq2j+llvhWLTuW/f23RahJSELTdcxE1DpTfUuthCk48erCMR7p22rlmGBbIOnssrTPyX2bw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n1s/d80XSdigXZxVZkfMPdz0G00URNHRwThMFXDlv+M=; b=Iq9j4crFxH9WfKSkipIskIyBAKQc2MIKlO2N2UvA8tGpQvrKyOSZAcrseM+tMSaayyKIsPu1P9SXyx0JMPloMUKFZ+Zc7O9x7bjI8PBfO87d2idKGdkZL7cKApK7v34RqIo3uLG8KgKQLdMLVrY1sQgHMkMFMHsJNJ4nGCPFhSI=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by BL1PR11MB5480.namprd11.prod.outlook.com (2603:10b6:208:314::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Mon, 19 Dec 2022 16:09:42 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::39ca:2d87:558d:9c17]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::39ca:2d87:558d:9c17%4]) with mapi id 15.20.5924.016; Mon, 19 Dec 2022 16:09:42 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "draft-ietf-opsawg-tlstm-update.all@ietf.org" <draft-ietf-opsawg-tlstm-update.all@ietf.org>, Kenneth Vaughn <kvaughn@trevilon.com>
CC: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-tlstm-update-10
Thread-Index: AdkTw/MQYFAehOIIR4uerqRC6M81FA==
Date: Mon, 19 Dec 2022 16:09:42 +0000
Message-ID: <BY5PR11MB4196AAFB9EE88F039CC30A0BB5E59@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4196:EE_|BL1PR11MB5480:EE_
x-ms-office365-filtering-correlation-id: 76c9963f-0d3f-414e-3e79-08dae1db7017
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fKjVjd6R51aJPPeMbojnMFaYWseP6tatpXb3XjsYh8kpcxsTGxysjm+BvgvkuvEtu6MxA94hUjDq7M0wRK+FbwCyJWBCXMsHKrPmgty+IUplDxAeSMVaENR4taismrUqQIbJOlNANl868A67pV8ObGFcT8svuV4gNnNadcDDzeo97IITPj50th4Q3ecUQ1mFyeYRoRgo7pW75g1byCZ1BRKBvlvcprcfqnHP4/7ffx88tcuGHcq3bf4vCYzMLNJn4GfZw2BkiQAwUTM4+IHIzjAnBviuw0nJVYq9bY9NZ55lgnLV3A3tinzIePOEUO8naf4DzZvpJqx6Q9XLajYNkvQKgiLjkNiL5WB8faAY1sDMufBoOpmBKzZcnwjyv7B4hnanVi/PaLwXLz/Ocaiw0UzgaiSYzG0CGaAvSjsROhRV++w0e2OPg+Qh1hoPa+t2dgp8lEEQ5+QqqRxmytU3YnkRuMoH4tL/3Cs1zy5SdVXm36JZfWk03qMzfVgGYBwAEfAerutBW8npzcZIMGGR1iO+0/gVmwr5rW71c235M9zmoiBL3DYpSFLg+25Cl25a3TElP3qkLg+h2mt2Hgp3jeI2vOZPLyD7SjTxTPeU4vcfY55fIIiHx4EU7qwNPtjkayWlCAvmrhamWtoP56UDS1pap2kq7wYiq0X6RzraM9PbV16Lac7MZwlRfQehXl5CO245vzl+derMA5k+xb964U0NnrRKWfMtGQoPoumkMc1FJw7R3OoPYk5M0lRqKo+4yOUduoHd47PmemkZayAb3Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(376002)(136003)(366004)(39860400002)(346002)(451199015)(83380400001)(86362001)(55016003)(40140700001)(33656002)(122000001)(38070700005)(66899015)(38100700002)(8936002)(316002)(52536014)(66446008)(64756008)(66476007)(2906002)(110136005)(66556008)(76116006)(66946007)(8676002)(4326008)(5660300002)(186003)(9686003)(7696005)(41300700001)(6506007)(15650500001)(478600001)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RIN6TjrquJjYjy+9vn1gPsNi1QpKJidnZA2y6LcVtP5uluUkarZXdo+GvJsx7pSJFU0U7ZhuZfzzLOg1Ud50wSOhiHth3EmxAmYPTebuRVaaIY4WLyMO9+QlPRQvidMrj0MxTlPibvvSn0sNlm7NEnXNh5yXoPqev4IettO0ZgGJZam6vaRQOhg7AyG3wyYhQZNAnzGqat4uDWhQktZW51hC/76dYbCw1KoiBPqJgkxoCWWx7gRpFqR9KEtlNvr4ikDwTv1/K/SNcUKeRfdaH02+aiZCqZHFrieiDBBbUc3rRDf99SrTV1gwXGrZedvSPupSklAbRUAPQlfWInxHgBmPuACwFKSaEQzSsN9MuGj39g5JtCOZUgR6h0VFKAiHU/jWzfcXoo/lh0ByWoaMmPiP2y+8jyXdapkT0x1h5uRrGu6qTePZsCEvThlFtxkSpasW3/wplGqHN1kSosVXzfypOsTnRc1yzU2mkKL8I9MYAdOA51thT73/XyBYP3Q0wNqsFzMXvFI8z9ZN/uc0erxJGLSarzGzr8IEaMfkHgIO06qp4aSWqim9/V17tNI5YPBdplWf4A4enX4BhQ5wKYfpvL1S3j1LttGkS2EDm4FWFuRIb20JUQmsdvX4c4gfMqRedi7zjE8civvo6Ifufx8appCHckNKfz8thNO7Pf3roBmwyJtvs9e2aAXg0aO76KLVz4+hELpn3lOynEXai6OSSnXIiPk4+XsB+xGhSBKU/NOPQ66KEyBRzu1trDF6v2D+X/imFV7/5L++CXNxpNzmOgOo0mVZejyc3MQ0aRBoQlTf9k++2sxZroDmuDr9NPIcqOlRmEdCznrFDbngIQLg0z41WuAaqVoc71FcsLSUycSn061Evj47mMfP097x1sIzVAOJqwFg2SItSVCRAbsXdgzoXeGGUJCspZoKnP23rNQ/HGh1MGIpbPH80u/a/ot6NXdgsVLMAsXWIkodjpRSf2To7StTbml/Kl+iRAap7mnE1PfJ0ofotOjy/wDRSbNS13q2PQrAUgqbVTm0z4V4oTwWJzcRjjRWMCgUUS+RL1WVYFifBKlCbQqFzHrbz+l+xqFXFACkRDMZ2RzkluK8S/ewbHJn2WYYqajjefn4NOxSYEqg/ZLo3o8a0yq9UirZBovnqUYuJBQzVEtX4cxgDn7KhLcrCkWXHMAvpgwH4ULsIJOwkb8yBnVHSzeAoQIBUp5DOlZEV9bUUUXzLfBohnB5VqwQnb9mumLf0bT/8ZVonFSyHBITVhq9oNJGq5OC/jKuNYNiABlYprR2MlQP/uvZQjtoi5ej+B0tqqmWKQh1jkuhj6+sL8lin6kVp+BMHaNZoS88r5ALUxwIGGkjS7fkuQguJR6DXN7LC6azJNSh8RVp4JnUp6loxuq8SN5lcp3hyJWo31kBWWgTHDDGcEkqMDS0W+eN8dIP4fWDGlDxgJbjwlEyDnD1KG40KBz8MvAD02I1QcWfMEpmuk1fxoI5Kb2vw/CIT+ZxAITKdkQTGZtNNkIgK+Q3KgvsWRNQXnLkAIE+whXMEX3+x7sGMctGXCOWElvQ0S8Zvs9XAzbwi0tjZNxrIawlCi+1Sy3DCX37V9RERgoXr0QI6KZpltUTAOXQq84zF6XAHz4=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 76c9963f-0d3f-414e-3e79-08dae1db7017
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2022 16:09:42.0380 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3v7SKNsMz9AxEZ0TGt3gHWFdrrBUDqlciOya6UWXzkX2RCQqRaTYfsP12juFlH8F6dKyYLW5gT5LOvV7aARgig==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5480
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.122, xfe-aln-002.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/9lm7ccbRjSIQTR2AA31vYZBHC2k>
Subject: [OPSAWG] AD review of draft-ietf-opsawg-tlstm-update-10
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2022 16:09:50 -0000
Hi Kevin,
Sorry for the delay. Here are my AD review comments for draft-ietf-opsawg-tlstm-update-10. All my comments are pretty minor. Please let me know if you have any questions/comments, or otherwise can just post an updated version which I can then send off for IETF LC.
Minor level comments:
(1) p 4, sec 2.3. TLS Version
[RFC6353] states that TLSTM clients and servers MUST NOT request,
offer, or use SSL 2.0. [RFC8996] prohibits the use of (D)TLS
versions prior to version 1.2. TLSTMv1.3 MUST only be used with
(D)TLS version 1.2 and later.
It wasn't clear to me exactly what is meant by TLSTMv1.3, and this is the only use of this term. Could you be more specific here please?
(2) p 6, sec 4. MIB Module Definition
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info)."
Please add the RFC 2119 boilerplate text to this MIB. E.g.,
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
(3) p 9, sec 4. MIB Module Definition
An SnmpTLSFingerprint value is composed of a 1-octet hashing
algorithm identifier followed by the fingerprint value. The
1-octet identifier value encoded is based on the IANA TLS
HashAlgorithm Registry (RFC 5246); however, this registry is
only applicable to (D)TLS protocol versions prior to 1.3,
which are now designated as obsolete and are not expected to
ever support additional values. To allow the fingerprint
algorithm to support additional hashing algorithms that might
be used by later versions of (D)TLS, the octet value encoded
is taken from IANA SNMP-TLSTM HashAlgorithm Registry. The
initial values within this registry are identical to the
values in the TLS HashAlgorithm registry but can be extended
to support new hashing algorithms as needed. The remaining
octets of the SnmpTLSFingerprint value are filled using the
results of the hashing algorithm.
This description somewhat mixes the definition of what the field is, along with some historical context. Hence, I suggest that it might be helpful to split the description between what the field is now vs how is was derived. E.g., perhaps something like:
An SnmpTLSFingerprint value is composed of a 1-octet hashing
algorithm identifier followed by the fingerprint value:
The 1-octet identifier value encoded is taken from the
IANA SNMP-TLSTM HashAlgorithm Registry.
The remaining octets of the SnmpTLSFingerprint value are
filled using the results of the hashing algorithm.
Historically, this field was based on the IANA TLS
HashAlgorithm Registry (RFC 5246); however, this registry is
only applicable to (D)TLS protocol versions prior to 1.3,
which are now designated as obsolete and are not expected to
ever support additional values. To allow the fingerprint
algorithm to support additional hashing algorithms that might
be used by later versions of (D)TLS, the octet value encoded
is now taken from IANA SNMP-TLSTM HashAlgorithm Registry. The
initial values within this registry are identical to the
values in the TLS HashAlgorithm registry but can be extended
to support new hashing algorithms as needed. The remaining
octets of the SnmpTLSFingerprint value are filled using the
results of the hashing algorithm.
It also wasn't clear to me whether there is a restriction that only versions of (D)TLS greater than 1.3 may use an algorithm value greater than 8, and whether that restriction must be stated here.
Nit level comments:
(4) p 8, sec 4. MIB Module Definition
Values of this textual convention are not guaranteed to be
directly usable as transport layer addressing information,
potenitally requiring additional processing, such as run-time
resolution. As such, applications that write them MUST be
prepared for handling errors if such values are not
supported, or cannot be resolved (if resolution occurs at the
time of the management operation).
Typo, potenitally -> potentially
(5) p 15, sec 4. MIB Module Definition
certificate, then additional rows MUST be searched looking
Extra line break in the description above?
(6) p 27, sec 5. Security Considerations
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example, by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
Suggest eliding the "even then" since the sentence starts with "Even ..."
(7) p 31, sec 8.2. Informative References
Kenneth Vaughn (editor)
Trevilon LLC
1060 Highway 107 South
Del Rio, TN 37727
United States of America
Phone: +1 571 331 5670
Email: kvaughn@trevilon.com
Grammar nits from an automated tool:
Grammar Warnings:
Section: 3.2, draft text:
This document does not specify an application profile, hence all of the compliance requirements in [RFC8446] apply.
Warning: Consider using all the.
Suggested change: "all the"
Section: 6, draft text:
IANA is asked to create a new registry called the SNMP-TLSTM HashAlgorithm Registry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) Group and to update the proposed URL reference in the above MIB ( listed as "https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml" under SnmpTLSFingerprint), if needed, to accurately reflect its location.
Warning: Don't put a space after the opening parenthesis.
Suggested change: "("
Regards,
Rob
- [OPSAWG] AD review of draft-ietf-opsawg-tlstm-upd… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-tlstm… Kenneth Vaughn
- Re: [OPSAWG] AD review of draft-ietf-opsawg-tlstm… Rob Wilton (rwilton)