Early Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17-00

Request Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection
Requested rev. no specific revision (document currently at 14)
Type Early Review
Team YANG Doctors (yangdoctors)
Deadline 2019-04-30
Requested 2019-04-06
Requested by Yoav Nir
Authors Rafael Marin-Lopez, Gabriel Lopez-Millan, Fernando Pereniguez-Garcia
Draft last updated 2019-04-17
Completed reviews Yangdoctors Early review of -04 by Martin Björklund (diff)
Yangdoctors Last Call review of -08 by Martin Björklund (diff)
Opsdir Last Call review of -08 by Menachem Dodge (diff)
Secdir Last Call review of -08 by Derek Atkins (diff)
Genart Last Call review of -08 by Mohit Sethi (diff)
Secdir Telechat review of -12 by Derek Atkins (diff)
Comments
The issue we are currently having trouble with is with how to handle the list of algorithms that are supported by IPsec.  The list is dynamic -- the IPsecME working group adds new algorithms and deprecates others; non-IETF entities such as the Russian government also sometimes ask to have their national algorithms registered. OTOH, the I2NSF is a working group that is supposed to finish its work and close down.  So how do we handle changes to the list of algorithms?

Version -03 of the draft had an enumeration of algorithms.  This would make a snapshot of the IANA registry for IPsec algorithms and require us to update the document any time IANA updated their registry.

This version (-04) references draft-ietf-netconf-crypto-types.  I'm not sure that's a good thing, because that draft misses some IPsec algorithms and includes some we don't use in IPsec.

Another option that's been raised is to replace integrity-algorithm-t and encryption-algorithm-t with uint32 (same as we already do for dh_group) and use the numbers from the IANA registry.  It doesn't help with deprecation, but any new algorithms immediately are valid values as long as both NSF and controller recognize them.
Assignment Reviewer Martin Björklund 
State Completed
Review review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17
Reviewed rev. 04 (document currently at 14)
Review result Not Ready
Review completed: 2019-04-17

Review
review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17

Error; cannot read (/a/ietfdata/doc/review/review-ietf-i2nsf-sdn-ipsec-flow-protection-04-yangdoctors-early-bjorklund-2019-04-17.txt)