Re: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13

Toerless Eckert <> Mon, 23 July 2018 21:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B6C4130F63; Mon, 23 Jul 2018 14:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id N42mQzEuFfA5; Mon, 23 Jul 2018 14:16:04 -0700 (PDT)
Received: from ( [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4DD6C130E73; Mon, 23 Jul 2018 14:16:04 -0700 (PDT)
Received: from ( [IPv6:2001:638:a000:4134::ffff:52]) by (Postfix) with ESMTP id CC4FD58C4AF; Mon, 23 Jul 2018 23:15:59 +0200 (CEST)
Received: by (Postfix, from userid 10463) id 954674402CB; Mon, 23 Jul 2018 23:15:59 +0200 (CEST)
Date: Mon, 23 Jul 2018 23:15:59 +0200
From: Toerless Eckert <>
To: Liang Xia <>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <>
Subject: Re: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Jul 2018 21:16:07 -0000

Hi Frank,

Mea maxima culpa. Your -13 review below was probably overlooked by me
when integrating all received feeedbac from -13 into 14/15/16, although
it looks more as if i did fix most of the stuff from your review but then
forgot to send a reply.

This is integretated into -17, i didn't push a new version up, but
you can check it at:

Replies inline below


On Fri, Feb 23, 2018 at 07:28:05PM -0800, Liang Xia wrote:
> Reviewer: Liang Xia
> Review result: Has Issues
> In general, this document is well-written and considers security issues
> carefully throughout the whole architecture.

> nits:
> Abstract: /or not misconfigured/or misconfigured/

Was fixed n -16.

> the fifth paragraph of section 6.1: the last ")" is redundant, therefore can be
> deleted


> some section titles don't comply the rule of starting from a capital letter

Hmm.. checked -13 and -16 but could not find anything besides:

(-16) A.3.3.2 mDNS and ...
  This starts with small letter because "mDNS" is a unique name with a lower letter,
  i think this is correct. If we're unsure, RFC editor would be best to resolve later on.
(-16) Titles are all draft names and this section will be removed anyhow for RFC.

> section 6.5
> /("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2",
> see [RFC7296]
> /("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2",
> see [RFC7296])/

What change do you suggest, looks identical ?

> suggestion:
> all the Figures (e.g., Figure 1,2...) should have a title for explanation

Done in -16.

> section 2, please update the last paragraph to reference RFC8174 to indicate
> that lowercase versions of the keywords are not normative

Done in -16.

> Section 11 (Security Considerations) Since section 9.2 has described the
> self-protection properties of ACP well, it may be useful in this section to
> mention them as a whole.

Hmm.. Didn't want to reiterate too much text that is already written out
in the document, but instead inserted a reference to section 9.2 into the
security section.