All,
Recall that we received sufficient votes on the firewall profile to be accepted as a CSD. BTW, this is a bit of a milestone. Many thanks to all of the contributors and to our firewall profile editors (Alex Everett and Duncan Sparrell).
I am in the process of resolving the comments that were provided during the voting period. The way I am going to proceed is:
- Attempt to resolve the comment,
- Contact the reviewer out of band to make sure I captured the comment correctly
- Get an OK from them before forwarding it to the whole sub-committee.
I gave you all of that boring information so that you would know why there is a lag between the comments and the proposed resolution to you.
At the end of this email, I pasted in an exchange with Sounil. For now, I will change the 'running' option to 'temporary'. If there is a better term, then please provide.
The term 'Required' vs 'optional' has been a recurring issue. In the context of the profile, the term 'required' means that it must be implemented, however required could be taken to mean 'required' for each command.
I would like to use the phrase 'Mandatory to Implement' (MTI) so that it is obvious we mean required to implement vs required in each command. I have been advised that MTI is not acceptable to OASIS. If that is in fact the case, I would like to draft
a proposal to allow the phrase and see if Chet and Robin are on board with it.
VR
Joe B
======= tear line email exchange between Yu and Brule =====
Thanks for the update. I’m good with all the proposed changes. As for an alternative to “running”, I will generally defer to the router/switch guys, but if I had an option, permanent (survives reboot) or temporary (doesn’t survive
reboot) would be a good alternative.
Thanks
Sounil
Date: Wednesday, May 30, 2018, 3:54 PM
Subject: Resolution of your comments to the Stateless Packet Filter Profile
Sounil,
Here are your comments from the stateless packet filter profile:
YU COMMENT: Per comment provided by Sounil Yu. He advised the cross reference was incorrect and suggested 2.6.8.
PROPOSED RESOLUTION: I suggest removing the cross reference altogether as it is out of scope for this subsection
YU COMMENT: Questions about the ap- prefix in the targets
PROPOSED RESOLUTION: I removed all the ap- prefixes
YU COMMENT: Comment per Sounil: " Based on the semantics specified, it appears that start-time, end-time, and duration are all optional, not required" PROPOSED RESOLUTION: This is an artifact of the OASIS language. Required could be interpreted as 'required
for each command', but in the context of OASIS, means 'Mandatory to Implement'. I think we should adopt the phrases 'Mandatory to Implement (MTI)' and 'Optional to Implement'
YU COMMENT: Comment per Sounil Yu: " Need a header for the commands. Is "file" a command?"
PROPOSED RESOLUTION: The y axis are targets, the x axis are actions. The intersection is a command (labeled as either Required or Optional) I will add explanatory text. I removed 'file' as a target. File was a valid target for the update command, but removed
per suggestion by Duncan Sparrell
YU COMMENT: Comment per Sounil Yu: "If the "response" option has a default of "None", then it should be considered "Optional", not "Required". For start-time, end-time, and duration, if the same semantic apply as in Table 3, then these should all be "Optional"
too"
PROPOSED RESOLUTION: 'Required' in this context means 'mandatory to implement', again, I think we should adopt MTI and OPT
YU COMMENT: Change 'complete' to 'deceive'
PROPOSED RESOLUTION: Made the change
YU COMMENT: Comment per Sounil Yu: 'running' seems to0 vendor specific. Suggest changing
PROPOSED RESOLUTION: Nothing yet, do you have a suggested new name?
YU COMMENT: Comment per Sounil Yu "General comments: Make sure that we use straight quotes and not curly quotes: (e.g., "response":"Ack"). Make sure that naming conventions for specifiers are consistent with lower case and no spaces (e.g., Named Group)."
PROPOSED RESOLUTION: I will make it a point ot do an end to end scrub, but have not done so yet.