IETF Logo Mail Archive

Re: [OPSAWG] Secdir last call review of draft-ietf-opsawg-l2nm-07

mohamed.boucadair@orange.com Mon, 11 October 2021 05:44 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B033A0418; Sun, 10 Oct 2021 22:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LStrf9Vu3sDh; Sun, 10 Oct 2021 22:44:41 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B5363A040D; Sun, 10 Oct 2021 22:44:41 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr26.francetelecom.fr (ESMTP service) with ESMTPS id 4HSSRV69rLz13rc; Mon, 11 Oct 2021 07:44:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1633931078; bh=6Oz5q/hT2PDQ0D69Gt94Zswmv4lUQBD4YRmM8jTU2QA=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=u482K4e9Kac3ekkMx9LbT2IYRDrr4So2w05UW9H8n18MtsioBLbJPxtHv8TTvEsfj /MwUk1FjeYhURCR9tlwc8amPbh6NMTlw1YiI/Td+1wbTPSM2F+VORJ307sG5076YUW 1wTPPYdd5FOaiU8R+dK6kv8vTSqPcCn4ruS52TN1NZfOlvx5lLFQ1+jhBr8c8uPmF1 AbZhZwMvj/I8Tp2LRkYgMOnqEvdCnxeTBLNSoFltRnKa2aPMAa5BmmacmVx1Wr4oos Uvwq/nyRm0zb9DQ8nDPp+mMZjid7gU1QXW1H6pDaoCFkEaOTviYX6YlIVhPUxFjch3 3u7SO/KEIObyQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr03.francetelecom.fr (ESMTP service) with ESMTPS id 4HSSRV4v1LzDq7V; Mon, 11 Oct 2021 07:44:38 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Chris Lonvick <lonvick.ietf@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-opsawg-l2nm.all@ietf.org" <draft-ietf-opsawg-l2nm.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-opsawg-l2nm-07
Thread-Index: AQHXvfLfIJ/vpn8EgE+hDExcqAJlIKvNSKWQ
Content-Class:
Date: Mon, 11 Oct 2021 05:44:37 +0000
Message-ID: <12576_1633931078_6163CF46_12576_267_1_787AE7BB302AE849A7480A190F8B933035425FC2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <163388288155.10643.2924710804028152302@ietfa.amsl.com>
In-Reply-To: <163388288155.10643.2924710804028152302@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2021-10-11T05:39:07Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=6fcc23c0-d8bc-4f02-8d9e-7baa3f3a67d6; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/HtmKRO3EHzMapF4X66foETJT-Fc>
Subject: Re: [OPSAWG] Secdir last call review of draft-ietf-opsawg-l2nm-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2021 05:44:48 -0000

Hi Chris,

Thank you for the review. Much appreciated. 

For the security guidelines, we are following this recommendation from RFC8407:

   This section MUST be patterned after the latest approved template
   (available at <https://trac.ietf.org/trac/ops/wiki/yang-security-
   guidelines>).  Section 3.7.1 contains the security considerations
   template dated 2013-05-08 and last updated on 2018-07-02.  Authors
   MUST check the web page at the URL listed above in case there is a
   more recent version available.

Cheers,
Med

> -----Message d'origine-----
> De : Chris Lonvick via Datatracker <noreply@ietf.org>
> Envoyé : dimanche 10 octobre 2021 18:21
> À : secdir@ietf.org
> Cc : draft-ietf-opsawg-l2nm.all@ietf.org; last-call@ietf.org;
> opsawg@ietf.org
> Objet : Secdir last call review of draft-ietf-opsawg-l2nm-07
> 
> Reviewer: Chris Lonvick
> Review result: Ready
> 
> Hello,
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.
>  Document editors and WG chairs should treat these comments just like any
> other last call comments.
> 
> The summary of the review is READY with some very minor nits in the
> Security Considerations section.
> 
> I'm not well versed in this area but I'll say that the entire document is
> understandable and appears well written. I found no obvious errors or
> problems in my brief review.
> 
> The first paragraph in the Security Considerations section lists that this
> work is built atop YANG, NETCONF, or RESTCONF, and lists the transport
> protocols that are used for them, but stops short of providing guidance.
> My recommendation is to address this by adding a sentence such as,
> "Developers, implementers, and administrators of this specification should
> be familiar with the Security Considerations sections of those RFCs."
> 
> The remaining paragraphs of the Security Considerations section provide a
> list of tools that may be used along with guidance on using them to secure
> access to sensitive items. The authors may wish to summarize this by
> adding a sentence such as, "Administrators may consider using these, and
> perhaps other tools, to enforce a security policy."
> 
> Regards,
> Chris
> 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email