[core] Secdir last call review of draft-ietf-core-yang-cbor-15

Shawn Emery via Datatracker <noreply@ietf.org> Thu, 11 March 2021 06:41 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: core@ietf.org, draft-ietf-core-yang-cbor.all@ietf.org, last-call@ietf.org, semery@uccs.edu
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161544490805.3198.4896668099907204116@ietfa.amsl.com>
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Date: Wed, 10 Mar 2021 22:41:48 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ubD4lPjUUZ0f0dORCBRnFeqIuBg>
Subject: [core] Secdir last call review of draft-ietf-core-yang-cbor-15

Reviewer: Shawn Emery
Review result: Has Nits

This standards track draft specifies YANG modules for Concise Binary Object
Representation (CBOR) encodings.

The security considerations section does exist and refers to RFCs 8949 and 7950
for underlying security issues.  It continues that there are no additional
security concerns introduced by this draft outside of any specific context or
protocol.  I agree with this assertion.  I also don't know how pedantic we
should be in including the YANG module security considerations template to a
draft that does not specify modules specific to a protocol, i.e. writable
nodes, sensitive readable nodes, and RPC operations.  I defer this decision to
the security ADs.

General comments:

None.

Editorial comments:

None.

[core] Secdir last call review of draft-ietf-core… Shawn Emery via Datatracker