Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14

"Susan Hares" <shares@ndzh.com> Sun, 25 February 2018 23:44 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F84A1241F5; Sun, 25 Feb 2018 15:44:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Level:
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3WEO64k2QjH; Sun, 25 Feb 2018 15:44:48 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8E821205F0; Sun, 25 Feb 2018 15:44:44 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.251.46;
From: "Susan Hares" <shares@ndzh.com>
To: "'Paul Wouters'" <paul@nohats.ca>, <secdir@ietf.org>
Cc: <i2rs@ietf.org>, <ietf@ietf.org>, <draft-ietf-i2rs-rib-info-model.all@ietf.org>
References: <151958515603.12934.11779217462614817262@ietfa.amsl.com>
In-Reply-To: <151958515603.12934.11779217462614817262@ietfa.amsl.com>
Date: Sun, 25 Feb 2018 18:44:41 -0500
Message-ID: <002a01d3ae92$9b899660$d29cc320$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHQD0Pdn7l6HalH48dRcUIzKK9LGaO9BWww
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1dQPC0QGsH-jz1383BjKVEwoqxE>
Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Feb 2018 23:44:50 -0000

Paul: 

The current I2RS  RIB Data model is a yang model which can be access via
netconf and restconf with the restrictions in the network management
datastore architecture.   Are you looking for us to specify the
netconf/restconf suite protocols, and the CBOR for binary in this section. 

If you are looking for more than that, are you looking for what is in 
https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/

Thank you, 
Sue Hares
WG co-chair

-----Original Message-----
From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Paul Wouters
Sent: Sunday, February 25, 2018 1:59 PM
To: secdir@ietf.org
Cc: i2rs@ietf.org; ietf@ietf.org;
draft-ietf-i2rs-rib-info-model.all@ietf.org
Subject: [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14

Reviewer: Paul Wouters
Review result: Has Issues

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.
 Document editors and WG chairs should treat  these comments just like any
other last call comments.

The summary of the review is Has Issues.

This Informational draft specifies an information model for routing
information bases (RIBs) , and hints at how a read/write API would look
like. I think the document should be improved to clarify this API beyond a
simple mention of SSH and TLS in its own section, outside of the Security
Consideration section. For example, if this is TLS, what is used? Something
restful? xml? json? What would the URI be? And for ssh, what kind of access
would be given? How is this restricted to the RIB API ?


_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs