IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-i2nsf-consumer-facing-interface-dm-20

Charlie Kaufman <charliekaufman@outlook.com> Sun, 12 June 2022 01:51 UTC

Return-Path: <charliekaufman@outlook.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C73C157B3E; Sat, 11 Jun 2022 18:51:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C13VZJ18Q3kv; Sat, 11 Jun 2022 18:51:51 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10olkn20808.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e88::808]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21143C157B36; Sat, 11 Jun 2022 18:51:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PW8gr0a1E2Qd2nrIsTq4m3QopxmQ45TloMKiy5ij5xrW0HkA5AxjWa8KH9COUaYbHB8berdeTB80Ap9f4TqT2SDo2e4hrMMJTbLHsQSdMHNA8sxOi+nxvLLDnEagOIdv8y9VOtF9rMGY9zXwyJjCctRMIzY/+fyE/yxhI47SxwywRB12cmirAEBt9ZKH5BAhNQSueWCTeJB+WKDbSGhSGgjymxLG4lcGDzBc1MxKs8peUj3d4RYFZreIzUfQFqQBUyV2DwFo6owDltBQd2pLsdRFj8Q6uk7pq/C9dd7bS3uqN07DMBhlKzW71QtVTInavMWaeLuB42xFj220JqMUVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6e4glUgZ20DYRQE7OpTOr51cEMMZEBFCJXNPJ9NCOVQ=; b=VasrIfRca4EwheePv2kefWJsRS6UeqVc7G6DyGoifP8sUdAgz5pjvAVea/Iyb0S+K08XCbuWFiD3Th8Osn7buUGwQV5AE4vc+RW/dzgVJxfS1N0XBaSVeCiSt0+dHjOjC0RCOhk9W2uf1pCjtIKRcu9Do5Sb7BRnbvU67g8vdg0/VNzhCTpK5FujtXXSS88tZ2uBHn83JJNjY5uVXBVp3zSJJEdpXqG2zWLs1TgOPndVTGa+3kGeOZoBTzDNBOXpKM3R6xPkUAbdHROccKXzRDwxlVz1pDhm1UZWdtE11pZQT5Bj79Yyr3H0/uvkb72jsbbbKSXED068cVwmoh1ZQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6e4glUgZ20DYRQE7OpTOr51cEMMZEBFCJXNPJ9NCOVQ=; b=lwadDwobNw+au8EsbcxdwqjQInrO3cUprgNs2FDxKNt0LWy2IQ8THl90fu0vpt13QEhWRrptPYjUgc8mKuRNVtdN4NykjLes3mxFWSAhrkWg6unRcc7gql8YOFCUjcFfbM1ukudcbXhZuT+cK10nZ78yDG9NQCXgn+V07w6TmS9b+XazDud16Eb/lA1WnSn4a5yWZz2iK1BcsZzw3oaWef1RhTGuC9OEMS4kbM2yECdjE/zJ8khai5hdP3QseUJZGP1cduSF5Ve17nUPfodw7MGm3+QzrRqg9qdLW5umkdlzh/xGKU/nf9yQ0+uxqNUCRB+kv9PWEsusdC67MfBDQA==
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com (2603:10b6:302:6::28) by BN7PR19MB2260.namprd19.prod.outlook.com (2603:10b6:406:ad::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.17; Sun, 12 Jun 2022 01:51:41 +0000
Received: from MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::4c48:a8cb:2d41:120a]) by MW2PR1901MB4683.namprd19.prod.outlook.com ([fe80::4c48:a8cb:2d41:120a%7]) with mapi id 15.20.5332.016; Sun, 12 Jun 2022 01:51:41 +0000
From: Charlie Kaufman <charliekaufman@outlook.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-i2nsf-consumer-facing-interface-dm.all@ietf.org" <draft-ietf-i2nsf-consumer-facing-interface-dm.all@ietf.org>
Thread-Topic: Secdir review of draft-ietf-i2nsf-consumer-facing-interface-dm-20
Thread-Index: AQHYff6Rm6cxWG+uPEunyXGjX2Eg0Q==
Date: Sun, 12 Jun 2022 01:51:41 +0000
Message-ID: <MW2PR1901MB4683A2797C0EFD44F403A5FFDFA89@MW2PR1901MB4683.namprd19.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-tmn: [b4DynzFoFfqm6LfXhLA61EIOwH32sl1BF0/s+sh6QVag9DgGjy0BKlrpZYVNt17u]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d32f2658-db3a-4fbf-a56d-08da4c1618c4
x-ms-traffictypediagnostic: BN7PR19MB2260:EE_
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JRUwlJZvS/mFgnx9e4RPjS6aZdzl9FYiN9HaQsvVs7ama4F3j10StkSmp3Fza35wRIuW6SFmSx0iNDw6CBqKC9d4/RO/ALNNkcz8l/qQ9zSMaaIshii5ggcMtyUPZwFOZbcDUFro9qhiCISZqnjKGJQMrL+udDVwz9bQMq8fGz/YKgplMssmTkm7SrnqIKDqzMpDeO5GSSc6XAO/9VBuYlt5+48lIelddEAEp4v0RFVduZ3XfEiKkQDOOQozBDk3wFL7EHxlZp3mi4wvyjfnubHU7ZyK0z6B9IWnEn/OcvmxccriDfCWTJ2HTgnCA7lJnagcFHuHK6DtKJCKS0EC4ajUByWMxN376iBZgi9I6IVskBNckq7wB4qVQDvsi8mNRwwvCodXfxEAbmDilM+xUS62c8Lu2bp1kjIgyJjdQGLBR25UhdXASW7CfLDkKNnDkiEq4fpo2VnG0uRUwFSXsxZV3hHJuLBc6xt0jSSGTbHi6Nl4Y2nJAF8vGaNhAQhFinVdSXuhCn7Au2guhu7nnGOsZ0tZcGuQIrTR41uPOGf9UROPcce/zAx0g9z1Jve9e4sEJk5uG/OTAh1KmSGDiA==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Q3Wza9oPVaU5j30Expab67xA5HMb9IU6WZd9phN5KY8l2KGjDvBdRJN+Z7KSYPbOxURFi3I3c6C/1Jt3sRZJui5krzRV6K1l9Qktb4VS4cEgKiqMzTaG3Icr4r6+/1wwhKRet3A9j45fCSTrw52/ouNMvOYiClTC+cqnQpXalvtcFYmMyqHOEGT5/7i6fVpWwawDcollXJCG2Spi86bokEKSRpeLVukEbrYtSHhM1klBmN+kDOVmS30hTm7fdmP4f/jev/DgTNeW4c13rieFr5peVVIs1QMAddEdp6T+wfOF20dyjas9LMYY1By6iZwrjgCfcuJHZmRFhNo3QWVXB2iTd3Lc2yNqVOl4/FR3X79jp+pSQXchIBY9rxqPwvJnH9cB8kpRrfvSV5DrULugQ+rRBvi2DK0aGOwRn41Ooup7LEOkVfsV66eCXltb2wb1dcI5QHc73nzSkc0ilvPN6rzv1oVsnsjUnNRENqWln3jFHXx9q81i3ePgBJYGG/qcXjqOa3DDLrHo2h2UR3ojKbgSadmKWjMuAmgPrR9oJtf9Nt8q3/5+BXikmQy7BClFS3fUvgi8bkd1I89nDQHjV08V6xhTmn1b02zAM520/kWk3jKx3n4WY7Kw2BWTMcdz6ysgT8whJzAZcYFFDDpPwXNhcyx/ywzrTfUllP4jl7rZ8PA7eoJtT6GdPsvb97JZULO3HRXPEEIlJXvGaeWnwbMmWtpjrp0oBc44GmJc9IHcOSlf5rsf1E9GKAemVv1pXjPqsL9VLsXn6PMD20YL2gLt2vkoTZ2QAmS/LrkC22gPGvGDMMzmLbvV2s5vvHlZvlfdyGz7g7BQ7ftjEzYtuOeL6CIFwM08g8WKjxzyMOjJ7E24NZhbWB/I2XifWtrz+EmGoFdiwpkCQIuM/4P0TOLl+nHuvozdeHxFdZRbxKzrcCJSQXQVgzn7PwRDhDvxHwn92Ng+M1sX+l5v0wqb5wCZlZfd6YLNt9f7S5O4QuygV4VCcVxK3VIWuygW0jnrUPCVjANrIAUzQRwNWg3XeHExZHIe1Um2cvRtHopuKY3Q2aPM6iRa/vOC0HK6t7QmIejRjZr3S3go26oTfb2HDXoW1qaXl3oBovoME4mcWu4XqHgpiOe+jg65mw50W3/e1u8qCACk+/KeWPPMvaakRb90pNwl40eJ0zJv0EJsK/55WWW9nikObYbqXp/FH/QG1VbbibFwWzGubq/0zbB/b+Z/rAHgcSCw13CSVNh19mZh2ZvkGGOQKPPygrkCgxv0Mg0sYiuTVe1QmxMHqLk8Abyd96skNxEMrEjkpacle+Xpn+eoBQVrpZNRl7mm3uMeES8TG98m8ZYmJQ6gQyYYD1DP6puiUzbsA3eu61F9hZEeNDMZviO9Vyj4zUm9S9AJDjOKrCCJE/6bRCVl+VkWWNVvTkRP4BV9peX/R4i9wnv7Sstmo389hATZ2hX4toLy3QiRUMTyUclQt4KTBr9F/RzscdHoAHGMxycRXHwf274=
Content-Type: multipart/alternative; boundary="_000_MW2PR1901MB4683A2797C0EFD44F403A5FFDFA89MW2PR1901MB4683_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR1901MB4683.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d32f2658-db3a-4fbf-a56d-08da4c1618c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2022 01:51:41.4253 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR19MB2260
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/U6Jt_Fpa-jzwGVyyXFZRTFPMqsA>
Subject: [secdir] Secdir review of draft-ietf-i2nsf-consumer-facing-interface-dm-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jun 2022 01:51:55 -0000

Reviewer: Charlie Kaufman
Review result: Has nits

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document specifies a syntax for specifying security policies that apply in a networked environment. It is intended that general policies would be fed into the system in this syntax and then some policy engine would determine which policies need to be enforced by which nodes in the system and appropriate subsets would be distributed. The syntax takes the form of a YANG data model.

The review result I wanted to give was "Mostly Harmless". I am skeptical as to whether the collection of policies specifiable is flexible enough to be usable to manage a real network, but the syntax is easily extensible and this seems as good a place to start as any. If it encourages experimentation with management systems that distribute policies this way, that would be a good thing, and any deficiencies found could be fixed later. I could imagine other groups having very different visions as to how to manage this information, but I would not expect the presence of this document as an RFC would discourage them from experimenting with those visions.

I'm not sufficiently familiar with YANG or with Network Functions Virtualization to have a useful opinion as to how good this design is.

I noticed one nit, which suggests they might want to run the document through a spelling checker. The nit is not worth holding the document up if no one finds anything else.

Nits:

Page 8: interuption -> interruption

--Charlie

v2.23.0 | Report a Bug | By Email