[core] Secdir last call review of draft-ietf-core-yang-cbor-15
Shawn Emery via Datatracker <noreply@ietf.org> Thu, 11 March 2021 06:41 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: core@ietf.org
Delivered-To: core@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D14F3A12BC; Wed, 10 Mar 2021 22:41:48 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: core@ietf.org, draft-ietf-core-yang-cbor.all@ietf.org, last-call@ietf.org, semery@uccs.edu
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161544490805.3198.4896668099907204116@ietfa.amsl.com>
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Date: Wed, 10 Mar 2021 22:41:48 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ubD4lPjUUZ0f0dORCBRnFeqIuBg>
Subject: [core] Secdir last call review of draft-ietf-core-yang-cbor-15
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 06:41:48 -0000
Reviewer: Shawn Emery Review result: Has Nits This standards track draft specifies YANG modules for Concise Binary Object Representation (CBOR) encodings. The security considerations section does exist and refers to RFCs 8949 and 7950 for underlying security issues. It continues that there are no additional security concerns introduced by this draft outside of any specific context or protocol. I agree with this assertion. I also don't know how pedantic we should be in including the YANG module security considerations template to a draft that does not specify modules specific to a protocol, i.e. writable nodes, sensitive readable nodes, and RPC operations. I defer this decision to the security ADs. General comments: None. Editorial comments: None.
- [core] Secdir last call review of draft-ietf-coreā¦ Shawn Emery via Datatracker