Re: [Teas] Benjamin Kaduk's No Objection on draft-ietf-teas-actn-framework-14: (with COMMENT)

[Leeyoung <leeyoung@huawei.com>]

Hi Benjamin,

Thanks for your further comment. 

We will add: "Trust anchors for the PKI can be configured to use a smaller (and potentially non-intersecting) set of trusted Certificate Authorities (CAs) than in the Web PKI." 

Best regards,
Young 

-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk@mit.edu] 
Sent: Thursday, May 24, 2018 3:20 PM
To: Leeyoung <leeyoung@huawei.com>
Cc: The IESG <iesg@ietf.org>; draft-ietf-teas-actn-framework@ietf.org; Vishnu Beeram <vbeeram@juniper.net>; teas-chairs@ietf.org; teas@ietf.org; Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>
Subject: Re: Benjamin Kaduk's No Objection on draft-ietf-teas-actn-framework-14: (with COMMENT)

On Wed, May 23, 2018 at 11:02:14PM +0000, Leeyoung wrote:
> Hi Benjamin,
> 
> 
> 
> Thanks for your kind words for the document and providing good comments and the nits to be fixed. Please see inline for our response. Please also let us know if our response is good with you.
> 
> 
> 
> Best regards,
> 
> Young and Daniele
> 
> 
> 
> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@mit.edu]
> Sent: Wednesday, May 23, 2018 11:07 AM
> To: The IESG <iesg@ietf.org>
> Cc: draft-ietf-teas-actn-framework@ietf.org; Vishnu Beeram <vbeeram@juniper.net>; teas-chairs@ietf.org; vbeeram@juniper.net; teas@ietf.org
> Subject: Benjamin Kaduk's No Objection on draft-ietf-teas-actn-framework-14: (with COMMENT)
> 
> 
> 
> Benjamin Kaduk has entered the following ballot position for
> 
> draft-ietf-teas-actn-framework-14: No Objection
> 
> 
> 
> When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
> 
> 
> 
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> 
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> 
> 
> 
> The document, along with other ballot positions, can be found here:
> 
> https://datatracker.ietf.org/doc/draft-ietf-teas-actn-framework/
> 
> 
> 
> 
> 
> 
> 
> ----------------------------------------------------------------------
> 
> COMMENT:
> 
> ----------------------------------------------------------------------
> 
> 
> 
> Thanks for the clear and easy-to-follow document!
> 
> 
> 
> I do have a few minor comments, below.
> 
> 
> 
> 
> 
> Section 3
> 
> 
> 
> Please expand OSS and NMS on first usage.
> 
> 
> 
> DL&YL>>  Thanks. We will expand these acronyms on their firs usage: OSS: Operations Support System; NMS: Network Management System
> 
> 
> 
> Section 3.2
> 
> 
> 
>    [...] The two functions of the MDSC,
> 
>    namely, multi-domain coordination and virtualization/abstraction are
> 
>    referred to as network-related functions while the other two
> 
>    functions, namely, customer mapping/translation and virtual service
> 
>    coordination are referred to as service-related functions.
> 
> 
> 
> Starting out with "The two" implies that there are no others, which is contradicted by "the other two" later.  So, I'd suggest just starting with "Two functions of the MDSC ...".
> 
> 
> 
> DL&YL>>  Agree. Will delete "The" from the sentence.
> 
> 
> 
> Section 3.3
> 
> 
> 
> Please expand NBI (which appears to only be used once in the document).
> 
> 
> 
> DL&YL>>  Agree. We will expand it. NBI: Northbound Interface
> 
> 
> 
> 
> 
> Section 5.3.2
> 
> 
> 
> It seems pretty likely that allowing repeated path computation requests (with different parameters) would allow a malicious MDSC to learn a fair amount of information about the topology that the PNC is attempting to abstract away.  This is probably not a huge deal, though.
> 
> 
> 
> DL&YL>>  Yes there could be such possibility. But in most cases, the MDSC and PNCs are under one operator’s control, this may be a huge deal as you pointed out.
> 
> 
> 
> 
> 
> Section 8.3
> 
> 
> 
>    A key objective of the MDSC is to support the customer's expression
> 
>    of the application connectivity request via its CNC as set of
> 
>    desired business needs, therefore policy will play an important
> 
>    role.
> 
> 
> 
> nit: "as a set of"
> 
> 
> 
> DL&YL>>  Thanks, Will change as you suggested.
> 
> 
> 
>    Once authorized, the virtual network service will be instantiated
> 
>    via the CNC-MDSC Interface (CMI), it will reflect the customer
> 
>    application and connectivity requirements, and specific service
> 
>    transport needs.
> 
> 
> 
> nit: this is a comma splice; I'd change the comma before "it" to either a semicolon or a period.  (There's a similar issue in the following sentence, too.)
> 
> 
> 
> DL&YL>>  Yes. We would put semicolon before “it”.
> 
> 
> 
> We will fix the next sentence as follows:
> 
> 
> 
> OLD:
> 
> The CNC and the MDSC components will have agreed
> 
>    connectivity end-points, use of these end-points should be defined
> 
>    as a policy expression when setting up or augmenting virtual network
> 
>    services.
> 
> 
> 
> NEW:
> 
> The CNC and the MDSC components will have agreed
> 
>    connectivity end-points; use of these end-points should be defined
> 
>    as a policy expression when setting up or augmenting virtual network
> 
>    services.
> 
> 
> 
> Section 9.2
> 
> 
> 
> Perhaps we should say something about configuring trust anchors for the PKI, e.g., using a smaller set of trusted CAs than in the Web PKI.
> 
> 
> 
> DL&YL>>  That will be helpful. How about adding the following sentence at the end of the first paragraph:
> 
> 
> 
> Trust anchors for the PKI can be configured using a smaller set of trusted Certificate Authorities (CAs) than in the Web PKI.

I think "configured to us a smaller (and potentially
non-intersecting) set" might be better.

Thanks for all the fixups,

Benjamin