Hi Roman Thank you for your review. Below are the answers I will make an update shortly.
Don -----Original Message----- From: IPsec <ipsec-boun...@ietf.org> On Behalf Of Roman Danyliw Sent: Friday, May 6, 2022 4:25 PM To: ipsec@ietf.org WG <ipsec@ietf.org> Subject: [IPsec] AD Review of draft-ietf-ipsecme-yang-iptfs-05 Hi! I performed an AD review of draft-ietf-ipsecme-yang-iptfs-05. Thanks for this complementary work to draft-ietf-ipsecme-iptfs. Feedback is below. ** Section 2. Editorial. s/ipsec/IPsec/ [Don]OK ** Section 2. Typo. s/to fll/to fill/ [Don]OK ** Section 2. Typo? Per "RFC [RFC9061] has a set of ", this strikes me as an odd way to make the reference. Was it supposed to be "RFC 9061 [RFC9061]"? I would recommend "RFC9061 [RFC9061] defines as set of". [Don]Yes Thanks ** Section 2. Editorial. s/IP-TFS YANG/The IP-TFS YANG module/ [Don]OK ** Section 3.2. Leaf rx-incomplete-pkts. To check my understanding, this is a count of inner packets for which not all of the necessary fragments arrived? [Don] Yes IP-TFS specifies a window for receiving fragments. The incomplete packets are packets where one or more fragments was not received within the allowed window and the packet is discarded. ** Section 3.2. Leaf out-packet-size. Please state the units (bytes?). [Don]OK ** Section 5. Please use the YANG security template as a means to be specific about the read and write implications of this module. [Don]OK ** Section 5. IP-TFS hides the traffic flows through the network, anywhere that access YANG statistics is enabled needs to be protected from third party observation. Can this sentence please be restated as is doesn't parse. Is the intent to say that the statistics need to be access controlled? The template references above would help here. [Don]OK The intent was access to YANG Statistics can reveal traffic information and that should be mentioned as a security consideration. Suggest : IP-TFS hides the traffic flows through the network, however anywhere that IP-TFS YANG statistics access is enabled, can reveal some information about traffic flows as well. Therefore, access to IP-TFS YANG statistics also needs to be protected from third party observation. ** Section A.*. Editorial. s/ipsec/IPsec/ [Don]OK ** Section A.*. Editorial. s/ikeless/IKE-less/ [Don]OK ** Section A.5. Typo. s/json/JSON/ [Don]OK ** Section A.5. Typo. s/formated/formatted/ [Don]OK ** Section A.5. <tfs:traffic-flow-security> <tfs:reorder-window- size>300</tfs:reorder-window-size> There is an XML fragment at the very end of the document. Is that a typo? [Don] Yes this seems to be a fragment from an earlier version there is no reorder-window-size just window-size. Thanks, Roman _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
