-----邮件原件----- 发件人: Jari Arkko [mailto:jari.arkko@xxxxxxxxx] 发送时间: 2017年10月26日 4:53 收件人: gen-art@xxxxxxxx 抄送: ietf@xxxxxxxx; draft-wu-l3sm-rfc8049bis.all@xxxxxxxx 主题: Genart last call review of draft-wu-l3sm-rfc8049bis-07 Reviewer: Jari Arkko Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-wu-l3sm-rfc8049bis-?? Reviewer: Jari Arkko Review Date: 2017-10-25 IETF LC End Date: 2017-10-11 IESG Telechat date: 2017-10-26 Summary: I'm not an expert on YANG *at all*. And not an expert on the topic in question either. And I had far too little time to spend on this long document. But as far as the textual content of the document goes, it seems reasonable. I have a difficulty in assessing how complete and implementable this model is however. Are there implementations? [Qin]: Yes, there are implementations, something broken in RFC8049 needs to get right. I did enjoy the classification of Internet connectivity as a special case of cloud service :-) You may be onto something. [Qin]:Yes, internet connectivity is special example of public cloud, in my understanding,:-) I did observe a couple of question marks or issues that probably deserve some thought or small revisions. Major issues: - Minor issues: I'm not sure I fully understand the need for "SP MUST honour <requirement>" language in the document. Are there parts of the described model that they SP is *not* required to honour? Other than the explicit strict true/false settings? And in any case, sizeable networks are likely to have issues that might require negotiation/human involvement. [Qin]: Explicit settings are covered by sub-section of section 6.6, such as device constraint, Site Location constraint/parameter, access type. Unlike RFC8049, RFC8049bis change "SP SHOULD honor" into "SP MUST honor". I don't understand how 6.9.1 can say there is no authentication support but then 6.9.2 (encryption) talks about authentication keys. I'd suggest some rethinking or at least clarification might be needed here. [Qin]: Authentication provides you access to a resource like a computer or a network. Encryption provides confidentiality and controls whether an object can be read or not. Both Authentication and Encryption are site level parameters and applicable to site connection. Pre-share key as encryption parameter can be used, e.g., for routing protocol authentication. But pre-share key parameter is not authentication parameter, one example I have for authentication parameter is authentication algorithm which is not specified in the model, We will see how to clarify this in the model. thanks. In the security considerations, I would note that if these models are used not merely for creation of networks, but also their modification, the consequences of inadvertent or malicious modifications can severe and network wide. Perhaps that could be discussed. [Qin]:Security consideration section has already considered both creation of networks and but also their modification, see the text in security consideration section as follows: " The data nodes defined in the "ietf-l3vpn-svc" YANG module MUST be carefully created, read, updated, or deleted as appropriate. " Nits/editorial comments: Section 6.12.2. s/fragmented/fragment it/ [Qin]: Will fix this, thanks.