Reviewer: Jürgen Schönwälder Review result: Has Issues The document is very well written and organized, thanks for that. I have some comments and a few nits. The issues I have a minor, I think the document overall is in a good shape. - From an operational perspective, I very much appreciate that there is some text discussing error and failure reporting and that there are some MTU configuration guidelines. - The document claims: As depicted in Table 1, SFFs are not involved in data encryption. This document enforces this design approach by encrypting Context Headers with keys that are not supplied to SFFs, thus enforcing this limitation by protocol (rather than requirements language). I am a bit puzzled about this statement since a protocol definition at the end is just some form of requirements language. Well, putting that remark aside, I do not really see anything in the specification that ensures that SFFs won't get the keys. We also read: [...] Encryption keying material is only provided to these SFC data plane elements. Well, the specification is actually silent about how keys are distributed. Section 4.4. says: The procedure for the allocation/provisioning of secret keys (K) and authenticated encryption algorithm or MAC_KEY and HMAC algorithm is outside the scope of this specification. As such, this specification does not mandate the support of any specific mechanism. To me, it seems the claims made in section 4.4. do not really hold. - In section 6, you picked as the epoch 1970-01-01T00:00Z while NTP uses the epoch 1900-01-01T00:00Z. This leads to rollovers in the year 2106 for your timestamps while the NTP rollover would be in 2036. Given that you use an NTP compatible format and a different epoch, I think this deserves to be spelled out explicitly so that people understand that they have to do conversions. (Alternatively, you could adopt the epoch NTP is using and the need for conversions goes away at the price of an earlier rollover.) Anyway, what I am saying is that if you pick a different epoch, I suggest to spell this out explicitly and to not rely on implementers to discover this. Minor nits: - In section 5.2, it should say: OLD In reference to Figure 5 NEW In reference to Figure 7 - In section 7.3, I suggest this change to make it clear again to the reader what K is: OLD Using K and NEW Using the secret key K and -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call