On 08/08/2022 11:42, Mr. Jaehoon Paul Jeong wrote:
Hi Tom,
Here is the revision of CFI with your comments:
https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-consumer-facing-interface-dm-23
Patrick and I have reflected your comments on the revision, and
I attach the revision letter.
Yes, I have reviewed it and have no more comments
Tom Petch
Thanks.
Best Regards,
Paul
On Thu, Aug 4, 2022 at 1:40 AM t petch <[email protected]> wrote:
On 12/07/2022 18:44, Linda Dunbar wrote:
Sue,
Thank you very much for the offer.
The unsolved comments are from Tom Petch: Re: [I2nsf] WGLC for
draft-ietf-i2nsf-consumer-facing-interface-dm-16<
https://mailarchive.ietf.org/arch/msg/i2nsf/d_Wk5fH35Jo_cdz4D0QZN5VNhFA/>
There are several responses to address Tom Petch's comments. Just Tom
hasn't sent feedback if he is satisfied with the response.
Weelll, probably as satisfied as I am going to get.
I have reviewed cfi (customer facing interface-dm)-22 and compared some
of it with capability-32. I have not - but hope to - compare against
nsf-facing; nor have I re-read all the posts to the list but will.
I do think that cfi is now in much better shape. I do see capability as
the key, the base, set of definitions against which the others should be
judged. capability says whether or not the box can do it, the others
tell you how to do it.
With that in mind, I am unconvinced about the response to my comments
about icmp. The treatment is different. capability deals in
icmpv4/icmpv6, type/code; cfi deals in echo/echo-reply which is the sort
of user interface I am used to and would expect a security practitioner
to be familiar with so some words about the mapping, referring to the
IANA website for all the detail, could help users. I would put that in
the body of the text not the YANG module
Likewise, cfi has primary and secondary action which makes a lot of
sense but what is the capability that makes that possible? capability
has ingress-action, egress-action, default-action which seems a
different axis to me. Again, some words about how the two relate could
help, in the body of the document.
Again continent is present in cfi but not in capability. Can a user
tell if the capability is present? I expect not; as ever, worth a note.
signature-set and signature-type sound the same but seem different.
This is an aspect of security that I am not familiar with, at least not
in those terms.
Finally, there are some minor editorial glitches.
RFC8075 I see in the YANG module; it needs adding to the I-D References.
page 17 text version last sentence I cannot parse; perhaps a missing
preposition
the two rate-limit objects could do with units - I note that they are
present in the examples
page 55 text version [STIX] looks like an XML anchor but YANG modules
must be plain text.
Tom Petch
Linda
From: Susan Hares <[email protected]>
Sent: Tuesday, July 12, 2022 12:21 PM
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
