Here are my comments on the security draft.
Elizabeth
Acronym SPI not defined. [First used at bottom of pg 5]
NCITS has officially changed its name to INCITS (InterNational
Committee for Informational Technology Standards) [Section 1.5, Fibre
Channel definition, bottom of pg 6]
FCIP definition centers on SANs. FC/FCIP are not
storage/SAN specific. Not sure how to address/how important it is to
address, since it is true that a majority of FC is storage centric.
Maybe either in FCIP definition or in FCIP overview, note
that the focus of this document is storage, but that FCIP may transport not FCP
frames? [1.3 FCIP overview, pg. 5; 1.5 FCIP definition, pg 7]
Typo: two spaces between Conformant & IP [Section
2.3.2, pg. 12]
Typo: addreses – should be addresses. [Section
2.3.3; third line of pg 13]
Typo: vulnerabile – should be
vulnerable [Section 2.3.3; fourth line of pg 13]
Typo: intiating – should be
initiating [Section 2.3.4; 6th line in paragraph above bullet [4],
pg. 15]
Typo: double ‘the’ [Section 2.3.4; 1st
line of bullet [4], pg 15]
Typo: double ‘the’ [Section 2.5.1; 3rd
line of bullet [g], pg. 19]
Typo: double ‘the’ [Section 2.5.1; 3rd
line of bullet [h], pg 20]
Typo: double ‘the’ [Section 2.5.1; 3rd
line of bullet [i], pg 20]
Suggested rewording: [Section 2.5.3, 1st full
paragraph on pg. 22]
Current: “Use of
IPsec for SLPv2 security has advantages over SLPv2 authentication as defined in
[RFC2608], which does not provide a way to authenticate "zero result
responses", leaving SLPv2 vulnerable to a denial of service attack.”
This sentence was confusing to me. Suggested
rewording to
Use of IPsec for SLPv2 security has advantages over
SLPv2 authentication as defined in [RFC2608]. The latter does not provide
a way to authenticate "zero result responses", which leaves SLPv2
vulnerable to a denial of service attack.”
Typo: double ‘could’ [Section 2.6; 2nd
line of bullet [2], pg. 22]
Typo: desireable – Should be
desirable. [Section 2.6, Third line of bullet [a], pg 23]
Consistency: IPSec instead of IPsec used in several
places, beginning in Section 2.6.1
[Section
2.6.1; 3rd paragraph of page 24, 3rd line]
[Section
2.6.1; 5th paragraph of page 24, 3rd line]
[Section
2.6.2; 2nd to last line of 1st paragraph of section, pg 24]
[Section
2.6.2; 1st line of 2nd paragraph of section, pg 24]
Typo: addreses – should be addresses [Section 2.6.4; 2nd
to last line of 1st paragraph on pg. 26]
Typo: desireable – should be
administrative [Section 5.1.1; bullet [1], 2nd line, pg. 36
Typo: Gbs – should be Gbps [Section 5.4, 2nd
paragraph, 4th line, pg 37]
Typo: Thuss – should be Thus [Section 5.4; 2nd
to last paragraph on pg 38, 3rd to last line]
Typo: intial – should be
initial. [Section 5.6; 2nd paragraph, 2nd line on
page 42]
Typo: Space between Kent & S. [[RFC 2406],
pg. 48]
Update iFCP reference to draft 12; the WG last call version
[[iFCP], pg 49]
Update FCIP reference to draft 11; the WG last call version.
[[FCIP], pg. 49]
I know the above two are listed as WIP, but since they have
completed WG last call, probably should update their references to the versions
that will go to the IESG.
Typo: cut & paste error “, which
includes support for bi-directional authentication” between “(work
in” and “progress)”
Typo: et.al. – should be et al. (there is
currently a period between et & al) [[iSCSIName], pg 49]
Typo: Split draft name with “, which includes
support for bi-directional authentication” [[iSCSIName], pg 49]
Typo: Split draft name with “, which includes
support for bi-directional authentication” [[iSCSISLP], pg 49]
Typo: Space between Kent & S. [[RFC 2402],
pg. 50]
Typo: Extra space after Gulbrandsen and extra ‘.’
and space before Vixie.[[RFC 2782], pg. 50]
Typo: et.al. – should be et al. (there is currently
a period between et & al) [[iSCSIREQ], pg 50]
Update iSCSIREQ reference to draft 6, the IESG last call
version.
Typo: implementers – should be implementers [Intellectual
Property Statement]
Also, would seem to me that we would need the IPR
boilerplate
"The IETF has been
notified of intellectual property rights
claimed in regard to some or
all of the specification contained
in this document. For
more information consult the online list
of claimed rights."
Taken from section 10.4 (D)
of RFC 2026.
Instead of the IPR statement already in the document?