[IPFIX] WGLC comments on draft-ietf-ipfix-mediators-problem-statement-06

[Brian Trammell <trammell at tik.ee.ethz.ch>]

Greetings, all,

Please find below my WGLC comments on the Mediator PS draft.

The Implementation Analyses in Section 5.x are in my opinion still too  
tied to specific mediator devices. We're talking about Concentrators  
and Masquerading Proxies and Distributors as if there was a  
substantive difference among them. There isn't. There are Mediators.  
They run Intermediate Functions. They accept IPFIX, or something like  
it (e.g. NetFlow). They produce IPFIX. They might change the content  
or framing based on configuration and state. Drawing more restrictive  
labeled boxes around specific types of intermediate functions risks  
limiting flexibility and provides the impression that complicated  
mediation might require multiple devices.

However, we've had this discussion for a very long time without coming  
to agreement, and it's a relatively minor point, so I'm willing to let  
these sections go as they are. However, I will state that I find the  
Intermediate Process and Mediator definitions in the Terminology to be  
quite useful (as they should be considering the amount of work we put  
into them before and during the Stockholm meeting :) ), but the  
others, not so much.

The Security Considerations section is a little week; I suspect the  
IESG in particular will require a more in-depth analysis of Mediator- 
specific attacks. Mitigation could, of course, also be handled in the  
Mediator Protocol draft. One thing that came up in the 5655 review is  
the issue of chains of trust, so I suspect there will also be  
questions about how a final collector will be able to authenticate an  
Original Exporter across a Mediator. But these can be handled at the  
IESG stage.

(Also, one very minor nit, in the Acknowledgments sections, my last  
name is spelled Trammell.)

Best regards,

Brian