IETF Logo Mail Archive

[sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)

Ben Campbell <ben@nostrum.com> Mon, 26 June 2017 15:37 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: sacm@ietf.org
Delivered-To: sacm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F4112EB0C; Mon, 26 Jun 2017 08:37:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sacm-requirements@ietf.org, Karen O'Donoghue <odonoghue@isoc.org>, sacm-chairs@ietf.org, odonoghue@isoc.org, sacm@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.55.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149849144588.31865.17392511624418268107.idtracker@ietfa.amsl.com>
Date: Mon, 26 Jun 2017 08:37:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/sx5CzVazawF42j-rvUHdVoEg7EQ>
Subject: [sacm] Ben Campbell's Discuss on draft-ietf-sacm-requirements-16: (with DISCUSS and COMMENT)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 15:37:26 -0000

Ben Campbell has entered the following ballot position for
draft-ietf-sacm-requirements-16: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-sacm-requirements/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

(Resending because I forgot to hit the "send email" button this first time. No
other change.)

The SACM charter requires the group to " whenever reasonable and possible,
reuse existing protocols, mechanisms, information and data models. " If that is
reflected anywhere in the requirements, I missed it. (which is possible.) In
particular, I think section 2.6 needs to include requirements to favor use of
existing "transfer protocols".  (As written, T-001 seems almost tailored to
counter arguments to "just use HTTP".)


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

General:

- I agree with the other abstain positions that the content in this draft
doesn't seem to warrant publication as an RFC. I'm not going to abstain over
it, since I think that sort of discussion should occur at charter or milestone
adoption time.

- I don't think the contents of this draft warrant the use of 2119 keywords.
While I think it reasonable to sometimes use 2119 keywords to add precision and
clarity to requirements on standards work, many of the requirements in this
draft seem vague and hand-wavy. All-caps MUSTs and SHOULDs only serve to give
the appearance of precision and verifiability. I mention a few more glaring
instances in my detailed comments, but those are not exhaustive.

Specifics:

- 1.1, 2nd paragraph: If you stick with using normative keywords, but want to
disclaim lower case versions, please consider switching to the boilerplate from
RFC 8174.

- 2.1 (and rest of document): I assume the requirements numbering scheme means
something. It would be helpful to describe that scheme prior to use.

- g-001: "SACM MUST allow
    implementations to use their own extensions; either proprietary data
    models, protocols or extensions to SACM data models or protocols
    could be used though they are not considered to be SACM compliant."

That seems to say that SACM must allow extensions, but those extensions would
not be considered compliant. That seems like a contradiction. As worded with
the MUST, it seems like it says SACM cannot prevent implementations from doing
non-interoperable things.

- G-002: This is the whole point of IETF processes. It seems odd to state it as
a requirement.

- g-003: It seems like you are using "datagram" in an unconventional way. A
definition would help.

- g-004: "...MUST be suitably specified..." is vague and unverifiable.

- G-005: "For interoperability and
    scope boundary,"
I don't understand what "scope boundary" means in that clause.

- G-006: Is this a requirement for e2e protection? It seems like it is, but the
description is vague. In particular, I cannot tell if the mention of
middleboxes is to say that middleboxes should not be able to read or modify
traffic, or if it is to say that middleboxes may be part of the architecture
and actually need that sort of access. (Also, the requirement title says
"integrity", but the text seems to be about both integrity and confidentiality.)

- G-015: "... accommodate considerations such as geographic,
    regulatory, operational and federations..." seems vague for use with a MUST.

- ARCH-004: "The fact that a centralized or
    decentralized deployment is used SHOULD be invisible to a consumer."
Can you elaborate on why? Might not a consumer want to consider the nature of a
data source?

- 2.6: The section switches between saying "transport protocols" and "transfer
protocols" Please be consistent.

- T-001: I think this needs some elaboration, or a citation to elaboration
somewhere else. Otherwise, it seems like this assertion opens the door for a
lot of complexity and lack of interoperability.

v2.23.0 | Report a Bug | By Email