Skip to main content

Early Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17-00

Request Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection
Requested revision No specific revision (document currently at 14)
Type Early Review
Team YANG Doctors (yangdoctors)
Deadline 2019-04-30
Requested 2019-04-06
Requested by Yoav Nir
Authors Rafael Marin-Lopez , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia
I-D last updated 2019-04-17
Completed reviews Yangdoctors Early review of -04 by Martin Björklund (diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff)
Opsdir Last Call review of -08 by Menachem Dodge (diff)
Secdir Last Call review of -08 by Derek Atkins (diff)
Genart Last Call review of -08 by Mohit Sethi (diff)
Secdir Telechat review of -12 by Derek Atkins (diff)
Comments
The issue we are currently having trouble with is with how to handle the list of algorithms that are supported by IPsec.  The list is dynamic -- the IPsecME working group adds new algorithms and deprecates others; non-IETF entities such as the Russian government also sometimes ask to have their national algorithms registered. OTOH, the I2NSF is a working group that is supposed to finish its work and close down.  So how do we handle changes to the list of algorithms?

Version -03 of the draft had an enumeration of algorithms.  This would make a snapshot of the IANA registry for IPsec algorithms and require us to update the document any time IANA updated their registry.

This version (-04) references draft-ietf-netconf-crypto-types.  I'm not sure that's a good thing, because that draft misses some IPsec algorithms and includes some we don't use in IPsec.

Another option that's been raised is to replace integrity-algorithm-t and encryption-algorithm-t with uint32 (same as we already do for dh_group) and use the numbers from the IANA registry.  It doesn't help with deprecation, but any new algorithms immediately are valid values as long as both NSF and controller recognize them.
Assignment Reviewer Martin Björklund
State Completed
Request Early review on draft-ietf-i2nsf-sdn-ipsec-flow-protection by YANG Doctors Assigned
Reviewed revision 04 (document currently at 14)
Result Not ready
Completed 2019-04-17
review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17-00
Error; cannot read
(/assets/ietfdata/doc/review/review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17.txt)