Hi Warren, See inline.
On 4/24/17, 5:02 PM, "Warren Kumari" <[email protected]> wrote: >Warren Kumari has entered the following ballot position for >draft-ietf-rtgwg-yang-key-chain-20: No Objection > >When responding, please keep the subject line intact and reply to all >email addresses included in the To and CC lines. (Feel free to cut this >introductory paragraph, however.) > > >Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >for more information about IESG DISCUSS and COMMENT positions. > > >The document, along with other ballot positions, can be found here: >https://datatracker.ietf.org/doc/draft-ietf-rtgwg-yang-key-chain/ > > > >---------------------------------------------------------------------- >COMMENT: >---------------------------------------------------------------------- > > >I had a few minor comments, mainly on the explanatory text -- I'm not a >YANG expert (that's Benoit's job :-)): > >1: "A key chain can be used by any service or application requiring >authentication or encryption." - from my reading, this only symmetric >keys; should this be "A key chain can be used by any service or >application requiring authentication or encryption using symmetric keys"? Yes - I believe I added “symmetric” in one other place and would be fine with adding it here as well. > > >2: "They are also used to support of security requirements (e.g., TCP-AO >Algorithms [TCP-AO-ALGORITHMS]) not implemented by vendors or only a >single vendor." -- if it is not implemented, why put a key string on a >device? Perhaps this was intended to be "not **yet** implemented..." ? Vendors supporting TCP based protocols, most notably TCP, currently support other less-secure algorithms. It is the goal to support TCP-AO in the model so that a revision is not required to roll out TCP-AO. Thanks, Acee > > _______________________________________________ rtgwg mailing list [email protected] https://www.ietf.org/mailman/listinfo/rtgwg
