Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22
Deb Cooley <debcooley1@gmail.com> Wed, 24 January 2024 11:59 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F800C14F71F; Wed, 24 Jan 2024 03:59:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.854
X-Spam-Level:
X-Spam-Status: No, score=-6.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWRoVmQRTpXW; Wed, 24 Jan 2024 03:58:57 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 869B2C14F701; Wed, 24 Jan 2024 03:58:57 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id ca18e2360f4ac-7bef44df5c6so147520339f.0; Wed, 24 Jan 2024 03:58:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706097536; x=1706702336; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=t7fMb2wDnwZBZzZZH4reylsQ49rlzIiCc7jPTRHeG7s=; b=kA0hqQElmyIupip2efjswTdyPIJLa9+X2HWJxuq4otu8v+93J93h9yMbNfdhGovCcU AuvfJCEeijlLNN47Tf9gfzx436PxU6/5znrW3eWE/BfrQ4nnlww0z+MrDqwX08nlp5DQ da4EUgnKwWYaCtikM5bk1wK9awPIvyBJpj37hD84c2RWw+iG1VT+mAKq6cfbvHxfcDdV wLGZyy9BlQXcCIcUZtKcP4hJnmTyflzLwNmEgMFyLIV4H/uw2a0ZU2dm22r+WMjEDipA OtXaUZTJz79rOybOttwyrPkgkB5qtKzWnzsF8SCA0Xu6/lxDGQuaJ8Eu4XSfEVMnO/uI YpUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706097536; x=1706702336; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=t7fMb2wDnwZBZzZZH4reylsQ49rlzIiCc7jPTRHeG7s=; b=oQZPqsDNxlPtuJa6Qoo52SahZD1ZnJZ9FGtfRdspe3iSOq5OBfMkZEUncdXjqLRg6K 7f233s1LMELaIuxqpbTcoVpBlVb54vcTNkyJeanq3DL2LchqRp0Q7AOfq0KWpCtryXVA tXSM8EAKvX9TEQVbQsMsaw9W0D2WitbUtCaMdOuCCIvtQrwr/I/YFedjpRNGN6Ui3Cja AdPHzktULJxRlOPHBy8StEmhvCkBsPPjJy0WIeYDTKgbVVFLhqlBePp7fIOlTbycb+pj 8RmQ7DxuQJneGizZ8Fn4ykHWc7kmQ/naWDOZyzssLr9g9iVODH3G/4OPGH62Vuja/UlS JJZQ==
X-Gm-Message-State: AOJu0YyzdVRVR2IoDjYGTK8Cm43IXsGPGmCrTjg/BMq6c1uuRv92YB0e NyRbX3VFvQV+cVZttaiwLACCfZFNYHSCmweVTMA7xHXeOccLN12pkjOqG2mzpRp28IPa5ToaWif C/4TmzrvoanadKNcvRElqFLzZgsHBYa0=
X-Google-Smtp-Source: AGHT+IGcI7nS0W89+isdleJMYhX4/bInQt9yGtTvGLBnLEKL/wLpcKBxYfM7YJ0SD3706Mr1sfdBoAn4HecC3mTlnx4=
X-Received: by 2002:a05:6e02:1d83:b0:361:af92:d62e with SMTP id h3-20020a056e021d8300b00361af92d62emr927097ila.31.1706097536061; Wed, 24 Jan 2024 03:58:56 -0800 (PST)
MIME-Version: 1.0
References: <168103791733.43307.11737105219506688508@ietfa.amsl.com> <643A15FC-6BFB-4723-93C4-6ECA22C128FE@gmail.com> <CO1PR13MB492092C6FEF537BB817A25F8859B9@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1OcSzYtfCFO5sVG_VhZuCwU0FWj-xyYRp=r7rJ41B+i5rg@mail.gmail.com> <CAGgd1Ofuau_y5x1TznUuOBrjM+BX4MrJ-iP8rTZnGc6VFOZ7+Q@mail.gmail.com> <CO1PR13MB4920D4AC874DE8A007E2FC2A85679@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Oce5afvAZxom-abnAiPXD0zKgfkdaVSyKPfUPRxZDPT0g@mail.gmail.com> <CO1PR13MB4920436344845889D7DDF17185649@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1Ofteui3TYpxG7KaNkynSFGegCC2NYQSjBtHZVR7D_XVqA@mail.gmail.com> <CO1PR13MB49202E7D1EC36DBFA032CB6385732@CO1PR13MB4920.namprd13.prod.outlook.com> <CAGgd1OdnEJdhH+nLX=E-PadgGBjwV2T6MF7dmd4kNh1EbVPBLg@mail.gmail.com> <CO1PR13MB4920D66DBC362E0652C0E2F985722@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB4920D66DBC362E0652C0E2F985722@CO1PR13MB4920.namprd13.prod.outlook.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 24 Jan 2024 06:58:38 -0500
Message-ID: <CAGgd1Ofy=X2RT9ZmYsCH9NqEHJLTRyx_NpUrjJX=2oWUZZdr3A@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: "draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org" <draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000096d813060fafc943"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/c1xJzWM_coCIrRJA0Er4Ex_Ey-I>
Subject: Re: [secdir] Secdir early review of draft-ietf-rtgwg-net2cloud-problem-statement-22
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2024 11:59:02 -0000
I will change my 'early review' to 'has issues'. With respect to mitigations, it is impossible to tell if the proposed mitigations improve security. The mitigations are documented in either expired I-Ds or individual I-Ds which have not been reviewed. There are other sections that claim to be improvements (Section 5.1) which are clearly not security improvements. Deb On Wed, Jan 17, 2024 at 1:16 PM Linda Dunbar <linda.dunbar@futurewei.com> wrote: > Deb, > > > > Thanks for the quick confirmations of the resolutions to your comments. > > I removed the ones that you have agreed. > > For the remaining suggestions, please see the resolutions below in Purple. > If they are acceptable, we will upload the revision. > > Can you please change your review status from “Not Ready” to “Ready”? > > > > Thank you very much. > > > > Linda > > > > *From:* Deb Cooley <debcooley1@gmail.com> > *Sent:* Wednesday, January 17, 2024 4:57 AM > *To:* Linda Dunbar <linda.dunbar@futurewei.com> > *Cc:* draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org; > secdir@ietf.org; rtgwg@ietf.org > *Subject:* Re: [secdir] Secdir early review of > draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > > Inline.... > > > > On Tue, Jan 16, 2024 at 3:53 PM Linda Dunbar <linda.dunbar@futurewei.com> > wrote: > > Deb, > > > > Thank you very much for the review comments. > > Resolutions to your comments have been addressed in the following. Please > let us know if you have more concerns. > > > > Thank you, > > Linda > > > > *From:* Deb Cooley <debcooley1@gmail.com> > *Sent:* Thursday, January 11, 2024 6:55 AM > *To:* draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org > *Cc:* secdir@ietf.org; rtgwg@ietf.org > *Subject:* Re: [secdir] Secdir early review of > draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > > > > old, I've attempted to clarify: Section 5.1 para 2: The discussion about > the security risk of IPSec group encryption should be added to section 7 > and at least needs to be mentioned as a risk. Group keys are hard to > securely distribute, and they must be handled securely by every party that > holds them. > > [Linda] do you mean repeat the risks in Section 7 which is already > discussed by Section 5.1? or add the following bullet to Section 7’s > security risks? > > · *Group encryption solutions, which aim to scale IPsec key > management, come with some security risks, such as single point of > compromise, key distribution vulnerabilities, and authentication > weaknesses, to name a few. Out of the scope of this document, more in-depth > security risk analysis is needed for using group encryption solutions.* > > > > [Deb] please add the statemet to Section 7. Any group encryption, re-use > of old keys, or other techniques used to help scale IPsec key management > comes with security risk. > > [Linda] Thanks for the suggested wording. How about changing the above > bullet to the following? > > > - *Any group encryption, re-use of old keys, or other techniques used > to help scale IPsec key management comes with security risks, such as > single point of compromise, key distribution vulnerabilities, and > authentication weaknesses, to name a few. Out of the scope of this > document, more in-depth security risk analysis is needed for those > techniques.* > > > > Section 5.1, paragraph 3: The draft referenced here is expired and the > security of the methods would have to be reviewed. (that is listed in > Section 7) > > [Linda] It is Okay to have an expired draft in the “Informative > References”. I’ve seen many RFCs having expired drafts in their > “Information References”. > > > > Section 7 says “A full security evaluation will be needed before > [SECURE-EVPN] can be recommended as a solution to some problems described > in this document.” Is it good enough? > > > > [Deb} I will leave this to the WG to decide. I just looks a little weird > to my eyes (I spend a fair bit of time convincing customers that they > shouldn't implement (or count on) something specified in an expired draft). > > > > Section 5.1: There are no improvements listed that don't impact > security. The section should be renamed. Originally, this was called > 'Scaling issues' vs 'Improvements'. > > > > [Linda] This title was suggested by one of the reviewers, mainly to focus > on analyzing methods that aim to “improvement of IPsec Tunnels > Management”. Is this a major issue? > > > > [Deb] not a big deal, just misleading for the reader. Maybe quantify why > type of improvements are being suggested? They definitely are not security > improvements. > > [Linda] Agree that they are not security improvements. They are the > improvement techniques aiming to scale large number of IPsec tunnels > management. Mainly for some deployment environment that can tolerate those > security risks. > > > > Section 5.2: The draft referenced in this section is an individual draft, > and again the security of the methods would have to be reviewed. > > [Linda] It is okay to reference “individual draft” in the “Informational > References”. How about we add a statement: > > *“The security risks of the proposed method need to be reviewed.”* > > > > [Deb] and please add that statement to Section 7 with the other draft. > > [Linda] Added the following: > > *A full security evaluation will be needed before [SECURE-EVPN] and > [MULTI-SEG-SDWAN] can be recommended as a solution to some problems > described in this document.* > > > > Deb Cooley > > > > On Tue, Apr 25, 2023 at 11:21 AM Linda Dunbar <linda.dunbar@futurewei.com> > wrote: > > Deb, > > > > Can you elaborate some Security Consideration for the “group key > management” that can be included in the Section 7? > > > > Greatly appreciated. > > > > Linda > > > > *From:* Deb Cooley <debcooley1@gmail.com> > *Sent:* Tuesday, April 25, 2023 9:02 AM > *To:* Linda Dunbar <linda.dunbar@futurewei.com> > *Cc:* secdir@ietf.org; > draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org; rtgwg@ietf.org > *Subject:* Re: [secdir] Secdir early review of > draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > > I looked at version 26, and apologies for top posting. > > > > Section 4, grammar: done! > > > > Section 4.3 para 3: This seems to be better - no mention of MPLS, just > private VPNs, which I think is suitably agnostic. > > > > Section 5.1: I certainly agree that N*N keys are unmanageable, but I do > still think that group key management warrants a mention in Section 7. > > > > Deb > > > > > > On Mon, Apr 24, 2023 at 4:53 PM Linda Dunbar <linda.dunbar@futurewei.com> > wrote: > > Deb, > > > > Thank you for the additional comments. > > > > Resolutions to your comments are inserted below: > > > > Linda > > > > *From:* Deb Cooley <debcooley1@gmail.com> > *Sent:* Thursday, April 20, 2023 9:44 AM > *To:* Linda Dunbar <linda.dunbar@futurewei.com> > *Cc:* secdir@ietf.org; > draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org; rtgwg@ietf.org > *Subject:* Re: [secdir] Secdir early review of > draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > > Apologies, it has been a busy week...I recognize that writing a draft like this is difficult. > > My remaining concerns are: > > Section 4, sentence 1: Grammar - 'will be mixed of different' should be 'will > > be a mix of different'. > > This now says 'a mixed of different'. Most definitely the smallest of nits. > > [Linda] thanks for catching it. > > New: Section 4.3, para 3: I am unfamiliar with MPLS VPNs, are they really 'more secure' than IPSec? I can easily believe that they have better quality services, and may perform better. > > [Linda] Section 4.3 has now changed “Extending Private VPNs to Hybrid Cloud DCs.”. Private VPNs, including private circuits, MPLS based VPN, use network service provider’s physical links/wavelengths. Their traffic running over Private VPNs don’t mix with Internet traffic. Therefore, more secure. > > > > New: Section 5.1: The discussion about the security risk of IPSec group encryption should be added to section 7. > > > > [Linda] Section 5.1 is about Scaling IPsec, instead of Pairwise Tunnels which needs N square number of tunnels, the draft suggest improvement. > > > > > > Deb Cooley > > > > On Fri, Apr 14, 2023 at 6:51 AM Deb Cooley <debcooley1@gmail.com> wrote: > > I'm including my final set of comments. I made the mistake of submitting the wrong version. I've noted the ones you have addressed already in blue. I apologize for the confusion. > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > Document: draft-ietf-rtgwg-net2cloud-problem-statement-22 <https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/22/> > > Reviewer: Deb Cooley > > Review Date: 2023-04-06 (early review) > > > > Please note that I know almost nothing about BGP, MPLS or routing. > > > > The summary of the review is 'not ready'. > > > > Section 3: perhaps move this whole section to Section 7? Sections 4, 5, and 6 > > seem like they should come before Section 3 anyway? > > > > partially done (moved Section 3.5 to 7) > > > > Section 3.1, para 1, sentence 2: Grammar: 'with more variety of parties' could > > be 'with a larger variety of parties.' > > > > Apologies, I meant this sentence: 'Cloud GWs need to peer with more variety of parties, via private circuits or IPsec over public internet.' > > > > > > Section 3.1, para 2, sentence 2: 'IP tunnels', does this imply IPSec? Or > > something else? > > > > done > > > > Section 3.1, para 3: By setting up default eBGP routes, these don't count as > > routes from an external entity? The rest of the paragraph addresses the > > handling of exceeding the maximum route threshold? But there appears to be an > > option to keep the BGP session? This paragraph is confusing. > > > > done > > > > Section 3.2, paragraph 2: IGP? AS? I can't tell what this is trying to say. > > > > done > > > > Section 3.2, paragraph 3: If there is a site failure, how is the Cloud GW > > 'running fine'? Is this GW using a different site? BFD expands to what? > > > > done - I understand... > > > > Section 3.2: Para 1 states why a site might go down. Para 2-6 outline the > > routing (?) issues that occur when a site goes down. I think these could be > > better organized. Only the last para suggests mitigations. > > > > I think most of this fits better into Section 7? > > > > Section 3.3 I'm not an expert, but isn't this an issue to any routing scenario? > > Can this be combined with Section 3.6? > > > > ok > > > > Section 3.4, para 3, item 1: Is this a problem? Or a feature? If it is a > > problem, can you say why? > > > > done - this is better! > > > > Section 3.6, last paragraph: A globally unique name won't 'resolve the same > > way from every perspective'? Other than being restricted (previous paragraph), > > what does this mean? If this is covered in the previous para, I would recommend > > deleting the phrase. > > > > fine > > > > Section 4, sentence 1: Grammar - 'will be mixed of different' should be 'will > > be a mix of different'. > > > > Section 4.2, para 2: Use of a shared key in IPSec implies that IKE isn't used > > (shared key was only possible with IKEv1 I believe, which is deprecated). I > > would remove the phrase 'using a shared key'. > > > > On Wed, Apr 12, 2023 at 4:09 PM Linda Dunbar <linda.dunbar@futurewei.com> > wrote: > > Deb, > > > > We really appreciate your review and comments to the document. Please see > below for the resolution to your comments. > > > > Linda > > > > -----Original Message----- > From: Deb Cooley <debcooley1@gmail.com> > Sent: Sunday, April 9, 2023 6:28 AM > To: secdir@ietf.org; > draft-ietf-rtgwg-net2cloud-problem-statement.all@ietf.org; rtgwg@ietf.org > Subject: Re: [secdir] Secdir early review of > draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > > Note: I hit ‘send’ too early, ugh. Please see the comments on the > datatracker for the correct version. > > > > Deb Cooley > > > > > On Apr 9, 2023, at 6:59 AM, Deb Cooley via Datatracker <noreply@ietf.org> > wrote: > > > > > > Reviewer: Deb Cooley > > > Review result: Not Ready > > > > > > I have reviewed this document as part of the security directorate's > > > ongoing effort to review all IETF documents being processed by the > > > IESG. These comments were written primarily for the benefit of the > > > security area directors. Document editors and WG chairs should treat > > > these comments just like any other last call comments. > > > > > > Document: draft-ietf-rtgwg-net2cloud-problem-statement-22 > > > Reviewer: Deb Cooley > > > Review Date: 2023-04-06 (early review) > > > > > > Please note that I know almost nothing about BGP, MPLS or routing. > > > > > > The summary of the review is > > > > > > Section 3.1, para 1, sentence 2: Grammar: 'with more variety of > > > parties' could be 'with a larger variety of parties.' > > > > > [Linda] Per RTGarea Director suggestion, the text has been changed to the > following. Is it Okay with you? > > *Site failures include (but not limited to) a site capacity degradation or > entire site going down. The reasons for these capacity degradations or > failures can include: a) fiber cut for links connecting to the site or > among pods within the site, b) cooling failures, c) insufficient backup > power, d) cyber threat attacks, e) too many changes outside of the > maintenance window, or other errors. Fiber-cut is not uncommon within a > Cloud site or between sites.* > > > > > > > Section 3.1, para 2, sentence 2: 'IP tunnels', does this imply IPSec? > > > Or something else? > > > > > [Linda] changed. > > > > > Section 3.1, para 3: By setting up default eBGP routes, these don't > > > count as routes from an external entity? The rest of the paragraph > > > addresses the handling of exceeding the maximum route threshold? But > > > there appears to be an option to keep the BGP session? This paragraph > is confusing. > > [Linda] The intent is to say: > > When inbound routes exceed the maximum routes threshold for a peer, the > current common practice is generating out of band alerts (e.g., Syslog) via > management system to the peer, or terminating the BGP session (with cease > notification messages [RFC 4486] being sent). However, it would be useful > if IETF can specify some in-band alert messages to indicate the inbound > routes exceeding the threshold. > > > > > > Section 3.2, paragraph 2: IGP? AS? I can't tell what this is trying > to say. > > > > > [Linda] changed to domain. > > > > > Section 3.2, paragraph 3: If there is a site failure, how is the > > > Cloud GW 'running fine'? Is this GW using a different site? BFD? > > [Linda] Failures within a site like a fiber cut between two racks. So the > GW is still running fine. > > > > > > > > Section 3.2: Para 1 states why a site might go down. Para 2-6 > > > outline the routing (?) issues that occur when a site goes down. I > > > think these could be better organized. Only the last para suggests > mitigations. > > [Linda] changed to the "Failures within a site". > > > > > > > > Section 3.3 I'm not an expert, but isn't this an issue to any routing > scenario? > > > Can this be combined with Section 3.6? > > [Linda] Section 3.3 is to introduce the problem of multiple instances > available at different sites for one service (such as using ANYCAST > address). The site with the shortest distance might not be the optimal > service instance as the site might be overloaded. > > Section 3.6 is about DNS resolution at different sites. . > > > > > > > > > > Section 3.4, para 3, item 1: Is this a problem? Or a feature? If it > > > is a problem, can you say why? > > [Linda] Item 1 is meant to say: > > The difference of routing distances to multiple server instances in > different edge Cloud is relatively small. Therefore, the edge Cloud that is > the closest doesn’t contribute much to the performance. > > > > > > > > Section 3.5: I would suggest moving this to Section 7. There are a > > > couple of mitigations listed - anti-DDOS, DTLS, IPSec, monitoring. > > > > > [Linda] Good suggestion. Changed. > > > > > Section 3.6, last paragraph: A globally unique name won't 'resolve > > > the same way from every perspective'? Other than being restricted > > > (previous paragraph), what does this mean? If this is covered in the > > > previous para, I would recommend deleting the phrase. > > > > > [Linda] DNSOPS director insisted on adding this paragraph to empathize > that not all globally unique names can be resolved. > > > > > > > Stopped at Section 4. > > > > > > > > > > > > _______________________________________________ > > > secdir mailing list > > > secdir@ietf.org > > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > <https://www/>. > > > ietf.org%2Fmailman%2Flistinfo%2Fsecdir&data=05%7C01%7Clinda.dunbar%40f > > > uturewei.com%7C07fbc4f2cc284e39624f08db38ed774e%7C0fee8ff2a3b240189c75 > > > 3a1d5591fedc%7C1%7C0%7C638166364798968574%7CUnknown%7CTWFpbGZsb3d8eyJW > > > IjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000% > > > 7C%7C%7C&sdata=2SVXI%2BaoyU%2Bc4Aa8RRvb6BEQUIMmwTz%2BsqF6Z5o%2FnuU%3D& > > > reserved=0 > > > wiki: > > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac > <https://trac/> > > > .ietf.org%2Ftrac%2Fsec%2Fwiki%2FSecDirReview&data=05%7C01%7Clinda.dunb > > > ar%40futurewei.com%7C07fbc4f2cc284e39624f08db38ed774e%7C0fee8ff2a3b240 > > > 189c753a1d5591fedc%7C1%7C0%7C638166364798968574%7CUnknown%7CTWFpbGZsb3 > > > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7 > > > C3000%7C%7C%7C&sdata=vbmjW7gi%2BOgn9xbql5S4grf6NZayrZ%2B%2BgFYC3%2B0yK > > > cE%3D&reserved=0 > > > >
- [secdir] Secdir early review of draft-ietf-rtgwg-… Deb Cooley via Datatracker
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Uri Blumenthal
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Uri Blumenthal
- Re: [secdir] Secdir early review of draft-ietf-rt… Robert Raszuk
- Re: [secdir] Secdir early review of draft-ietf-rt… Uri Blumenthal
- Re: [secdir] Secdir early review of draft-ietf-rt… Robert Raszuk
- Re: [secdir] Secdir early review of draft-ietf-rt… Uri Blumenthal
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar
- Re: [secdir] Secdir early review of draft-ietf-rt… Deb Cooley
- Re: [secdir] Secdir early review of draft-ietf-rt… Linda Dunbar