Review request
draft-ietf-i2nsf-sdn-ipsec-flow-protection
Request | Review of | draft-ietf-i2nsf-sdn-ipsec-flow-protection |
---|---|---|
Requested revision | No specific revision (document currently at 14) | |
Type | Early Review | |
Team | YANG Doctors (yangdoctors) | |
Deadline | 2019-04-30 | |
Requested | 2019-04-06 | |
Requested by | Yoav Nir | |
Authors | Rafael Marin-Lopez , Gabriel Lopez-Millan , Fernando Pereniguez-Garcia | |
WG chairs | Yoav Nir , Linda Dunbar | |
I-D last updated | 2021-07-14 | |
IESG document state | Became RFC 9061 (Proposed Standard) | |
Completed reviews |
Yangdoctors Early review of -04
by Martin Björklund
(diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff) Opsdir Last Call review of -08 by Menachem Dodge (diff) Secdir Last Call review of -08 by Derek Atkins (diff) Genart Last Call review of -08 by Mohit Sethi (diff) Secdir Telechat review of -12 by Derek Atkins (diff) |
|
Comments |
The issue we are currently having trouble with is with how to handle the list of algorithms that are supported by IPsec. The list is dynamic -- the IPsecME working group adds new algorithms and deprecates others; non-IETF entities such as the Russian government also sometimes ask to have their national algorithms registered. OTOH, the I2NSF is a working group that is supposed to finish its work and close down. So how do we handle changes to the list of algorithms? Version -03 of the draft had an enumeration of algorithms. This would make a snapshot of the IANA registry for IPsec algorithms and require us to update the document any time IANA updated their registry. This version (-04) references draft-ietf-netconf-crypto-types. I'm not sure that's a good thing, because that draft misses some IPsec algorithms and includes some we don't use in IPsec. Another option that's been raised is to replace integrity-algorithm-t and encryption-algorithm-t with uint32 (same as we already do for dh_group) and use the numbers from the IANA registry. It doesn't help with deprecation, but any new algorithms immediately are valid values as long as both NSF and controller recognize them. |
|
Assignment | Reviewer | Martin Björklund |
State | Completed | |
Review |
review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17
|
|
Reviewed revision | 04 (document currently at 14) | |
Result | Not ready | |
Completed | 2019-04-17 |
History
Date | By | Description |
---|