[Teas] Re: Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: (with COMMENT)
"Dongjie (Jimmy)" <jie.dong@huawei.com> Thu, 13 June 2024 16:05 UTC
Return-Path: <jie.dong@huawei.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B298C14F615; Thu, 13 Jun 2024 09:05:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7JgTGXqpssj; Thu, 13 Jun 2024 09:05:48 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13940C14F604; Thu, 13 Jun 2024 09:05:48 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4W0S060fNdz6H7PJ; Fri, 14 Jun 2024 00:04:22 +0800 (CST)
Received: from lhrpeml100001.china.huawei.com (unknown [7.191.160.183]) by mail.maildlp.com (Postfix) with ESMTPS id 188921400CF; Fri, 14 Jun 2024 00:05:45 +0800 (CST)
Received: from dggpemf200007.china.huawei.com (7.185.36.2) by lhrpeml100001.china.huawei.com (7.191.160.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Thu, 13 Jun 2024 17:05:43 +0100
Received: from kwepemf100006.china.huawei.com (7.202.181.220) by dggpemf200007.china.huawei.com (7.185.36.2) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 14 Jun 2024 00:05:40 +0800
Received: from kwepemf100006.china.huawei.com ([7.202.181.220]) by kwepemf100006.china.huawei.com ([7.202.181.220]) with mapi id 15.02.1544.011; Fri, 14 Jun 2024 00:05:40 +0800
From: "Dongjie (Jimmy)" <jie.dong@huawei.com>
To: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>
Thread-Topic: [Teas] Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: (with COMMENT)
Thread-Index: AQHavZmhNAA7NSKLjE6a/2hTEVwkfbHF1MxQ
Date: Thu, 13 Jun 2024 16:05:40 +0000
Message-ID: <faf1d96a10f2459fa75361401e3885f6@huawei.com>
References: <171828702315.48549.7224120484626975424@ietfa.amsl.com>
In-Reply-To: <171828702315.48549.7224120484626975424@ietfa.amsl.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.163.83]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-ID-Hash: LOPTOU6VALRKHS2WLXTHDZPNDMN3YOB4
X-Message-ID-Hash: LOPTOU6VALRKHS2WLXTHDZPNDMN3YOB4
X-MailFrom: jie.dong@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-teas-enhanced-vpn@ietf.org" <draft-ietf-teas-enhanced-vpn@ietf.org>, "teas-chairs@ietf.org" <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>, "lberger@labn.net" <lberger@labn.net>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: (with COMMENT)
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/MeIJVwgsRxE9u-ZpKQl2ELhm3Ic>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>
Hi Paul, Thanks a lot for your review and comments. Please see some replies inline: > -----Original Message----- > From: Paul Wouters via Datatracker <noreply@ietf.org> > Sent: Thursday, June 13, 2024 9:57 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-teas-enhanced-vpn@ietf.org; teas-chairs@ietf.org; teas@ietf.org; > lberger@labn.net > Subject: [Teas] Paul Wouters' No Objection on draft-ietf-teas-enhanced-vpn-19: > (with COMMENT) > > Paul Wouters has entered the following ballot position for > draft-ietf-teas-enhanced-vpn-19: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-teas-enhanced-vpn/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > "Enhanced VPNS" can be easily confused for EVPN / Ethernet VPN ? The > term is also sometimes capitalized and sometimes not, making it look > like a formal term and sometimes like an informal description. Why > not avoid using the word enhanced and call it "NRP VPN" ? We agree that it is important to not confuse abbreviations. And obviously an Enhanced VPN is not an EVPN/Ethernet VPN. Originally, we used the abbreviation "VPN+" to represent "Enhanced VPN", but the WG asked us to not have two names for one thing, so we dropped back to saying "Enhanced VPN" in all cases. Nevertheless, the service we are describing is an enhanced VPN. That is, a VPN with additional requests/commitments. This document (as it says) describes a framework for using existing, modified, and potential new technologies as components to provide NRP-based Enhanced VPN services. In particular, although regular VPN services could be supported by NRPs using the techniques described in this document, that is not the point. The point is the to deliver enhanced VPN services, that is, connectivity services with advanced characteristics, such as low latency guarantees, bounded jitter, or isolation from other services or customers. Thus we think that "Enhanced VPN" is the correct descriptive term. > [RFC9543] discusses the general framework, components, and interfaces > for > requesting and operating network slices using IETF technologies. These > network > slices may be referred to as RFC 9543 Network Slices, but in this > document > (which is solely about IETF technologies) we simply use the term > "network > slice" to refer to this concept. > > There was a long discussion with the IESG for RFC9543 to not confuse the > technology > with 5G network slices. Creating this "alias" here of course counters that whole > concept. The above text firstly sets the context to "IETF technologies", then refer to the network slices defined in RFC 9543 as "network slices" in this context. We hope this is clear and can avoid referring to RFC 9543 for many times. But if people still feel this could be confusing, we can add "RFC 9543" before each occurrence of "network slice" > While an enhanced VPN service may be sold as offering encryption > and other security features as part of the service, customers > would be well advised to take responsibility for their own > security requirements themselves possibly by encrypting traffic > before handing it off to the service provider. > > This is true of all VPNs, and not really a security consideration for NRP VPNs ? You are completely right. However, we wanted to call this point out because such services are being offered (that is, provider-based security), and such service offerings mean that security is promised to the customer, but the customer cannot know whether the security is being provided. Because such service offerings fall into the scope of enhanced VPNs (and not of regular VPNs), we thought it right to include this text. Since we all agree that the text is true, we think that it should remain. If it helps someone not to make a bad mistake, then it is valuable. > The privacy of enhanced VPN service customers must be > preserved. It should not be possible for one customer to discover > the existence of another customer, nor should the sites that > are members of an enhanced VPN be externally visible. > > Same here? This is also true. However, the mechanisms for delivering enhanced VPNs are extensions of existing techniques, and it is notable that a number of recent proposals to deliver enhanced services have not been clear on whether or not they are properly privacy-preserving. So the WG wanted this text to be absolutely clear. Best regards, Jie > > > _______________________________________________ > Teas mailing list -- teas@ietf.org > To unsubscribe send an email to teas-leave@ietf.org
- [Teas] Paul Wouters' No Objection on draft-ietf-t… Paul Wouters via Datatracker
- [Teas] Re: Paul Wouters' No Objection on draft-ie… Dongjie (Jimmy)
- [Teas] Re: Paul Wouters' No Objection on draft-ie… Paul Wouters