Deb Cooley has entered the following ballot position for draft-ietf-lisp-geo-15: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lisp-geo/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 1, paragraph 2, and Section 4.1, last sentence: Saying that the encoding format is consistent with the encoding documented in I-Ds which have all expired over 6 years ago is disingenuous at best. Please either remove these sections and sentence entirely, or find examples of RFCs or current I-Ds. Section 4.1, para 3: Is there a limit to what a 'physical shipping package' can be? How are people's movements prohibited from being a part of this use case? Are there privacy concerns that surround the tracking of packages? At the very least it would seem to have supply chain implications. Who is permitted to access the database and how do they do that? Section 4.2, paragraphs 4 and 5: This section discusses look-ups of the mapping system. Who is permitted to do this, what authentication and authorization is required? Is any of this information transmitted over unprotected transport? Section 4.2, last paragraph: The I-D referenced here is old and expired, is there a more current reference? This use case is especially sensitive, tracking vehicles, either has implications for supply chain, or privacy implications for people. Section 7: What protects the MSP from cross contamination between their customers? Is there a mandatory ID management system required? Side channel leakage protection? Authorization system requirements? Section 8, bullet 4: Is it unclear to me how using an authentication key/cert can be used to encrypt mapping records. Section 8, last sentence: None of the use cases in Section 4 give this impression. The privacy concerns for a well know public structures or landmarks are much different than package tracking and vehicle tracking. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Prachi Jain for their secdir review General: This draft is marked as Experimental. What is the experiment? How will we know whether it was successful? Section 4.1: ETR? RTR? expand on first use? Section 7: What is an xTR? _______________________________________________ lisp mailing list -- [email protected] To unsubscribe send an email to [email protected]
