Re: [Tsv-art] [netmod] TSV-ART review of draft-ietf-netmod-acl-model-19

Sonal Agarwal <> Tue, 10 July 2018 18:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 097FA131031; Tue, 10 Jul 2018 11:27:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uUf3ywN0AGRW; Tue, 10 Jul 2018 11:27:01 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9F3DC130DCE; Tue, 10 Jul 2018 11:27:01 -0700 (PDT)
Received: by with SMTP id g4-v6so34393iti.1; Tue, 10 Jul 2018 11:27:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9cpy39B9x7iNoBerSmteyPhfzkORhlDG8N+aibgnyGQ=; b=hRyxBMNhBBuOHOMxwfOsubp1Pr/HfcLDa/xndG1yniFUZpkcha7pxr6rT/700owf0V SNBF1xSugdaHB3Ixb8Gzmov9UEHO6WSWe8/452LqzrsGy+FtXrcI5nKuYDMrDch+VyIy Qr5ion/kZZZPclzrlM+iElDeSf/o68MvwBiwVuA03/UVKxcZTkithb/GzfYBID4XMo3P YSsEljUUUYnl52Il/Vb7joju6W03h1QuZmTq1e4eAscIcSL6gYwbAVTUUw/u2DHLGmLt JGHxbLkBDbTKYR2jBOUK/Pn46q8S73qw2JkBTGahMfKNZQPT8PL7uGxEHJ+Vps3T3hM6 2DDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9cpy39B9x7iNoBerSmteyPhfzkORhlDG8N+aibgnyGQ=; b=b8LCUpO8kdw944SKSTiArcy1WwsVJ5T6mYqhKc18sqEHZxoHzw7Cs9ODKs7EPIGIMs p4y0b9AiMQuUrRzRnz91nXQoCkQX9PJzvz0ifqahP4HEv484lIgYunVJZKNF1zZCcpaj j9X/c0to2u7MgUaTzZ+dJg/Uwfz1JNXmknOcYZSiqeWRPv5gDn3AFhX/5/eVPR0DSkKA 5231u0oB54OWn56dmFCDAkkfbH/IkqqZnmorAkm+rme7woFJoZ8vgQyQwfsA0p5QcjIy d6Ea7wAH/jiJvtXP8m0AdbGeHS9/xUM7/1zMaL7ihsQnWwztkh9JQIkvhizz3CS04Xyj 5oxg==
X-Gm-Message-State: APt69E34rfnSNXoceDPWNBeCHqPS4x4O51g5bXA204IACO8L2B6hUgVL t4lbODlLBM4gY5mFfpva+8A7lU5NU9f3Gy4Q7vg=
X-Google-Smtp-Source: AAOMgpdwqxOaqAHMyxccV9BbBr1JBvesHMb1tyAkrQ5YhlI9ZvT862v3PWISD4eXFCKJFfaap8HLBC8kFLCFiN3VZYk=
X-Received: by 2002:a02:6543:: with SMTP id u64-v6mr21720457jab.71.1531247220860; Tue, 10 Jul 2018 11:27:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:4743:0:0:0:0:0 with HTTP; Tue, 10 Jul 2018 11:26:59 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Sonal Agarwal <>
Date: Tue, 10 Jul 2018 11:26:59 -0700
Message-ID: <>
To: Allison Mankin <>
Cc: Transport Area Review Team <>,
Content-Type: multipart/alternative; boundary="000000000000a9acf90570a946f4"
Archived-At: <>
Subject: Re: [Tsv-art] [netmod] TSV-ART review of draft-ietf-netmod-acl-model-19
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Transport Area Review Team <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Jul 2018 18:27:04 -0000

Hi Allison,

Please see inline:


On Mon, Jul 9, 2018 at 12:43 PM, Allison Mankin <>

> I've reviewed this document as part of the transport area review team's
> ongoing effort to review key IETF documents. These comments were written
> primarily for the transport area directors, but are copied to the
> document's authors for their information and to allow them to address any
> issues raised. When done at the time of IETF Last Call, the authors should
> consider this review together with any other last-call comments they
> receive. Please always CC tsv-art@… if you reply to or forward this
> review..
> Summary:
> Almost Ready (but I do have a question)
> Technicals:
> I reviewed that the details about TCP, UDP, ECN, and DSCP are consistent
> with the specifications, and that the specifications are accurate.  The
> model is accurate for these.
> Question:
>  What is the use case for ACLs referencing TCP PSH and URG flags, and
> sequence numbers?  These are not very predictable and I would think not
> very useful for the work that ACLs do, but I'm willing to be informed.
> [SA] The use case for this would be for applications that use ACL's and
> require high levels of security. Enumerating all the supported flags and
> their bit positions makes it clear to the user. These flags and the
> sequence number are all part of the TCP header.

> _______________________________________________
> netmod mailing list