Enno: Hi!
I looked at -26. I still find the applicability statement confusing, the the reasons I described in 1.a/1.b (below). There is a contradiction about whether the document applies to residential users (as mentioned in §1.1 and §5) or not (as mentioned in the Abstract). Also, why does the "applicability statement especially applies to Section 2.3 and Section 2.5.4” *only*? This is obviously a non-blocking comment, but I believe it is important since the applicability statement may influence who reads and follows the recommendations. Thanks! Alvaro. On April 10, 2021 at 2:36:26 PM, Enno Rey (e...@ernw.de) wrote: Hi Alvaro, thanks for the detailed evaluation and for the valuable feedback. I went thru your COMMENTS and performed some related adaptions of the draft. A new version has been uploaded. thank you again & have a great weekend Enno On Mon, Apr 05, 2021 at 02:07:53PM -0700, Alvaro Retana via Datatracker wrote: > Alvaro Retana has entered the following ballot position for > draft-ietf-opsec-v6-25: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > (1) The applicability statement in ??1.1 is confusing to me. > > a. The Abstract says that "this document are not applicable to residential > user cases", but that seems not to be true because this section says that the > contents do apply to "some knowledgeable-home-user-managed residential > network[s]", and ??5 is specific to residential users. > > b. "This applicability statement especially applies to Section 2.3 and Section > 2.5.4." Those two sections represent a small part of the document; what about > the rest? It makes sense to me for the applicability statement to cover most > of the document. > > c. "For example, an exception to the generic recommendations of this document > is when a residential or enterprise network is multi-homed." I'm not sure if > this sentence is an example of the previous one (above) or if "for example" is > out of place. > > (2) ??5 mentions "early 2020" -- I assume that the statement is still true now. > > (3) It caught my attention that there's only one Normative Reference (besides > rfc8200, of course). Why? What is special about the IPFIX registry? > > It seems that an argument could be made to the fact that to secure OSPFv3, for > example, an understanding of the protocol is necessary. This argument could be > extended to other protocols or mechanisms, including IPv6-specific technology: > ND, the addressing architecture, etc. Consider the classification of the > references in light of [1]. > > [1] > https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/ > > > -- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
_______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
