[sfc] Warren Kumari's No Objection on draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
Warren Kumari via Datatracker <noreply@ietf.org> Wed, 14 July 2021 17:55 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sfc@ietf.org
Delivered-To: sfc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id D8B753A0E5F;
Wed, 14 Jul 2021 10:55:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Warren Kumari via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-sfc-nsh-integrity@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org,
gregimirsky@gmail.com, gregimirsky@gmail.com,
j.schoenwaelder@jacobs-university.de
X-Test-IDTracker: no
X-IETF-IDTracker: 7.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Warren Kumari <warren@kumari.net>
Message-ID: <162628534840.21882.4452533905992394703@ietfa.amsl.com>
Date: Wed, 14 Jul 2021 10:55:48 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/biAcbPElTY_RMCfPSXM-KmRjuEI>
Subject: [sfc] Warren Kumari's No Objection on
draft-ietf-sfc-nsh-integrity-06: (with COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>,
<mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>,
<mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 17:55:49 -0000
Warren Kumari has entered the following ballot position for draft-ietf-sfc-nsh-integrity-06: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh-integrity/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Roman and Eric's DISCUSS points. I also found: "Note that some transport encapsulations (e.g., IPsec) only provide hop-by-hop security between two SFC data plane elements (e.g., two Service Function Forwarders (SFFs), SFF to SF) and do not provide SF-to-SF security of NSH metadata. For example, if IPsec is used, SFFs or SFs within a Service Function Path (SFP) that are not authorized to access the privacy-sensitive metadata will have access to the metadata." to be incredibly hard to read/parse. I think that my confusion comes in around the "that are not authorized to access the privacy-sensitive metadata will have access to the metadata." test, and thing that the last sentence should be rewritten to start with "Because IPsec does not... it exposes privacy-sensitive metadata to..." Also, thanks to Jürgen Schönwälder for the OpsDir review, and to the authors for addressing the comments.
- [sfc] Warren Kumari's No Objection on draft-ietf-… Warren Kumari via Datatracker
- Re: [sfc] Warren Kumari's No Objection on draft-i… mohamed.boucadair