[Teas] Re: Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: (with COMMENT)

Paul Wouters <paul.wouters@aiven.io> Thu, 13 June 2024 18:33 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7068CC1840D0 for <teas@ietfa.amsl.com>; Thu, 13 Jun 2024 11:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvs9ciFybyfP for <teas@ietfa.amsl.com>; Thu, 13 Jun 2024 11:33:43 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF2E1C1CAE8D for <teas@ietf.org>; Thu, 13 Jun 2024 11:33:43 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-a6f3efa1cc7so426449266b.0 for <teas@ietf.org>; Thu, 13 Jun 2024 11:33:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1718303622; x=1718908422; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u4e2wAQLan0XKt1xFsZBzckeE6KhW8sdsaFn1ZeH7gc=; b=Tc6ASVs64TWcMttr2UJ1YaSbmljhFvh1b4HBYkiMiM5bHQO0zXbUUoKPjIBQ/kMCgv FafgX+an5/eIfzC1XLrfbh0EZcspEGBqkuKCdFArc8nk2j23CfiicxVg0g9l9pO4hmDD wKwfCr4+NDJ2emMta+lrIYNNNea18cTMRgzFI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718303622; x=1718908422; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u4e2wAQLan0XKt1xFsZBzckeE6KhW8sdsaFn1ZeH7gc=; b=iVpOMf8+3FKllJI5wgkBOeq7A61uGm4fN3N7C5HnNIaKrcpM6NLI16g2JhY3SwC64K YaMXIk+giyge0uSyi+wPu1V1qnqKOqHiciryz/ajGcC8FFsT+ZmfZXIyYE02BYRjvfJv LWhl3Nnmo92EoO3J7gVrlDJrGjZlCEJsh2PdaLkDaTje5hZS5JuqjZK8o/8aUQb84FgO oDeaifqlw/kf2S0TxjltvV07pLIxIu01H54ri21U+cNAWsNPzXzfMOfzm8IFw1w9tFaR hYwqi58ue4d6WmO3jMCs6fg4uHel7rXSK4P2I6GvlqNE6WDDaU4Cr3tATofUGgFbJTiE k0eQ==
X-Forwarded-Encrypted: i=1; AJvYcCWzkJ3L6dLWr8IoN8HHUQRBQw2BRgSo0AwlUB1SxyqR0C8J9jznfvscTD4xi3cESz3lYn2/hO21cBQo2he4
X-Gm-Message-State: AOJu0YxpBXqm98bSCbGvgvU0z1ksiI2IS7A+o9NCcUwtzFDLkNwFD4la NxHQA20ZVJe4z5OQfKml4fY+xA07ew4bMNjbNGt4DUMuZwrA2J4DOTsKjWD15Yhe0k/6VbojIMT HsR12DHtdXuOmrcJUs/+D2D+8IQ9ma49Pni4RA94zw0jf2gr9
X-Google-Smtp-Source: AGHT+IGH6l1v+QCdSQ890ZddKYpY2yv7IXYdTOB1pvLLt/asTlhjEtWwH0FooNMp1N8WsCPVMwyzfWkaThw5rwB75ls=
X-Received: by 2002:a17:906:c0c5:b0:a6e:f53c:8da0 with SMTP id a640c23a62f3a-a6f6080c781mr47990266b.8.1718303621575; Thu, 13 Jun 2024 11:33:41 -0700 (PDT)
MIME-Version: 1.0
References: <171828702315.48549.7224120484626975424@ietfa.amsl.com> <faf1d96a10f2459fa75361401e3885f6@huawei.com>
In-Reply-To: <faf1d96a10f2459fa75361401e3885f6@huawei.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Thu, 13 Jun 2024 14:33:30 -0400
Message-ID: <CAGL5yWaENabBDfeO+jvxZH5f7TW0eF43vXypJEULnELC6SzKYA@mail.gmail.com>
To: "Dongjie (Jimmy)" <jie.dong@huawei.com>
Content-Type: multipart/alternative; boundary="000000000000fb0e4c061ac9bc2c"
Message-ID-Hash: 36GT6HBLFZMBOONXOQKLJXFK225GUZUV
X-Message-ID-Hash: 36GT6HBLFZMBOONXOQKLJXFK225GUZUV
X-MailFrom: paul.wouters@aiven.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, "draft-ietf-teas-enhanced-vpn@ietf.org" <draft-ietf-teas-enhanced-vpn@ietf.org>, "teas-chairs@ietf.org" <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>, "lberger@labn.net" <lberger@labn.net>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: (with COMMENT)
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/4hQsyFVLFoAywTwlGu2vJzkruVo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>

Hi Jie,

Thanks for the response. I am fine with proceeding without changes, which
is why I left my feedback as comments and not discuss items.

Paul


On Thu, Jun 13, 2024 at 12:05 PM Dongjie (Jimmy) <jie.dong@huawei.com>
wrote:

> Hi Paul,
>
> Thanks a lot for your review and comments. Please see some replies inline:
>
> > -----Original Message-----
> > From: Paul Wouters via Datatracker <noreply@ietf.org>
> > Sent: Thursday, June 13, 2024 9:57 PM
> > To: The IESG <iesg@ietf.org>
> > Cc: draft-ietf-teas-enhanced-vpn@ietf.org; teas-chairs@ietf.org;
> teas@ietf.org;
> > lberger@labn.net
> > Subject: [Teas] Paul Wouters' No Objection on
> draft-ietf-teas-enhanced-vpn-19:
> > (with COMMENT)
> >
> > Paul Wouters has entered the following ballot position for
> > draft-ietf-teas-enhanced-vpn-19: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> email
> > addresses included in the To and CC lines. (Feel free to cut this
> introductory
> > paragraph, however.)
> >
> >
> > Please refer to
> >
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> > for more information about how to handle DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-teas-enhanced-vpn/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> >
> > "Enhanced VPNS" can be easily confused for EVPN / Ethernet VPN ? The
> > term is also sometimes capitalized and sometimes not, making it look
> > like a formal term and sometimes like an informal description. Why
> > not avoid using the word enhanced and call it "NRP VPN" ?
>
> We agree that it is important to not confuse abbreviations. And obviously
> an Enhanced VPN is not an EVPN/Ethernet VPN.
>
> Originally, we used the abbreviation "VPN+" to represent "Enhanced VPN",
> but the WG asked us to not have two names for one thing, so we dropped back
> to saying "Enhanced VPN" in all cases.
>
> Nevertheless, the service we are describing is an enhanced VPN. That is, a
> VPN with additional requests/commitments.
>
> This document (as it says) describes a framework for using existing,
> modified, and potential new technologies as components to provide NRP-based
> Enhanced VPN services.
> In particular, although regular VPN services could be supported by NRPs
> using the techniques described in this document, that is not the point. The
> point is the to deliver enhanced VPN services, that is, connectivity
> services with advanced characteristics, such as low latency guarantees,
> bounded jitter, or isolation from other services or customers.
>
> Thus we think that "Enhanced VPN" is the correct descriptive term.
>
>
> >        [RFC9543] discusses the general framework, components, and
> interfaces
> > for
> >        requesting and operating network slices using IETF technologies.
> These
> > network
> >        slices may be referred to as RFC 9543 Network Slices, but in this
> > document
> >        (which is solely about IETF technologies) we simply use the term
> > "network
> >        slice" to refer to this concept.
> >
> > There was a long discussion with the IESG for RFC9543 to not confuse the
> > technology
> > with 5G network slices. Creating this "alias" here of course counters
> that whole
> > concept.
>
> The above text firstly sets the context to "IETF technologies", then refer
> to the network slices defined in RFC 9543 as "network slices" in this
> context. We hope this is clear and can avoid referring to RFC 9543 for many
> times.
>
> But if people still feel this could be confusing, we can add "RFC 9543"
> before each occurrence of "network slice"
>
>
> >         While an enhanced VPN service may be sold as offering encryption
> >         and other security features as part of the service, customers
> >         would be well advised to take responsibility for their own
> >         security requirements themselves possibly by encrypting traffic
> >         before handing it off to the service provider.
> >
> > This is true of all VPNs, and not really a security consideration for
> NRP VPNs ?
>
> You are completely right. However, we wanted to call this point out
> because such services are being offered (that is, provider-based security),
> and such service offerings mean that security is promised to the customer,
> but the customer cannot know whether the security is being provided.
>
> Because such service offerings fall into the scope of enhanced VPNs (and
> not of regular VPNs), we thought it right to include this text.
>
> Since we all agree that the text is true, we think that it should remain.
> If it helps someone not to make a bad mistake, then it is valuable.
>
>
> >         The privacy of enhanced VPN service customers must be
> >         preserved. It should not be possible for one customer to discover
> >         the existence of another customer, nor should the sites that
> >         are members of an enhanced VPN be externally visible.
> >
> > Same here?
>
> This is also true. However, the mechanisms for delivering enhanced VPNs
> are extensions of existing techniques, and it is notable that a number of
> recent proposals to deliver enhanced services have not been clear on
> whether or not they are properly privacy-preserving. So the WG wanted this
> text to be absolutely clear.
>
> Best regards,
> Jie
>
>
> >
> >
> > _______________________________________________
> > Teas mailing list -- teas@ietf.org
> > To unsubscribe send an email to teas-leave@ietf.org
>