[secdir] Review of draft-ietf-ccamp-alarm-module-07
Shawn Emery <shawn.emery@gmail.com> Thu, 14 March 2019 05:45 UTC
Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243AB1279A5 for <secdir@ietfa.amsl.com>; Wed, 13 Mar 2019 22:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3n7MfSz_LVNp for <secdir@ietfa.amsl.com>; Wed, 13 Mar 2019 22:45:54 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B243C127988 for <secdir@ietf.org>; Wed, 13 Mar 2019 22:45:53 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id d18so3280544lfn.3 for <secdir@ietf.org>; Wed, 13 Mar 2019 22:45:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=QuCAiLVVe0tm21MuUtNqmiOFjQZASWy1bZH4SpMXTkU=; b=rg7NyqqF2QZsvhs016uQ/zD93rha1bPqaxLQlu9NW0R08PiXHSkoWVBWIRrY10IL6/ 4RdMtaMC1sSZXtPzUyX4FPgR81g8yyCi+jhOONz0m15WyuXiU1Bh4uDZ8BmZeFUk2Opw iPwo9LUnmPXYAfOmlHnf2KPPySFs0hAZdeuvwpvjnzLZ8hVA+mLPzo1MHd/tRNGjQ1m8 zhYNBvF+Z+lHGSskJYsav2XYeBNdGQLYTYBQhHVx0hagOgRNTfpxFmEIEwusyACEKKbO qIRc9jzATtY82pcAjRCX6AkG9Ft5W8zzjgwyMWJMLuA7HTYos4rNHk6Eia1GrMiE48PT ML+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=QuCAiLVVe0tm21MuUtNqmiOFjQZASWy1bZH4SpMXTkU=; b=faSzxDq4ZMWa732iFo84ZZ0Hn8Cb0Rj6wg3XZDXqER3vU2TWJ0VLdNjjelJFK4PjPf Ooftbj+qPZeU5cAp7iGRSRgDR5TCDSgFTN7s7CHBZPH4OXRoNFMfAsKZj2aUkpnhlohW qG/AMs6ICfjsVRsIHFJfTooyf6GIjzH2na5TTN0uDvnoD+IJayA3vhmOzy8EYChJGpDe TeynImOIR1mH6Iptkf1o+canWi1eVCqi4V2UMebfXINbUsCwdgl7DmF+4aj1+mLWRihc GqR/XWbsS+E0sHAQ8hlzLA2czcpCGDuBK+nJhMc2xhMBBpvXVyjzYCuvtl9bX5Sloz4n cO/Q==
X-Gm-Message-State: APjAAAUtDH6iBvAgA9WhOp5zD9JdXTtZf2OenC02BVgSRRkW+PQ9T4EW XsgLP30TgCbaVqEPg+Kvqt1gjZzznHb7iFb9BBmoso6YYeI=
X-Google-Smtp-Source: APXvYqx5Gyzxcsxvm1opYb6Y5wl/FB5fpupMOw6wx2HQRAlaAVKaaIPRbruOkwOAcy9inonKxlCjBpuR/IZ/LE69jB4=
X-Received: by 2002:a19:238f:: with SMTP id j137mr13914423lfj.79.1552542351396; Wed, 13 Mar 2019 22:45:51 -0700 (PDT)
MIME-Version: 1.0
From: Shawn Emery <shawn.emery@gmail.com>
Date: Wed, 13 Mar 2019 23:45:40 -0600
Message-ID: <CAChzXmbZfRVVYX-H40ht6Js4o7_LWo_kZWdaQz4Y00D-JQT_tw@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-ccamp-alarm-module.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="0000000000005a93940584076fff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6Q9y-K7-VSFdqqm0Pix1aZCRF2s>
Subject: [secdir] Review of draft-ietf-ccamp-alarm-module-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 05:45:56 -0000
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a YANG module for the purpose of network device alarm management. The security considerations section does exist and follows the yang-security-guidelines. I believe the data nodes and operations of concern are covered in this section, but it seems that alarm-profiles could also be sensitive if an attacker were to downgrade the severity of an alarm by changing the alarm-severity-assignment-profile. General comments: None. Editorial comments: s/northbound/north-bound/ s/definition also focus/definition also focuses/ s/an hierarchy/a hierarchy/ s/raised again etc/raised again, etc/ s/sent Notifications/sent. Notifications/ s/alarn/alarm/ s/The NETCONF access control model/The Network Configuration Access Control Model (NACM)/ s/notify-status-change:/notify-status-changes:/ OLD: This leaf controls whether an alarm should notify only raise and clear or all severity level changes. Unauthorized access to leaf could have a negative impact on operational procedures relying on fine-grained alarm state change reporting. NEW: This leaf controls whether an alarm should notify based on various state changes. Unauthorized access to this leaf could have a negative impact on operational procedures relying on fine-grained alarm state change reporting. Shawn. --
- [secdir] Review of draft-ietf-ccamp-alarm-module-… Shawn Emery
- Re: [secdir] Review of draft-ietf-ccamp-alarm-mod… stefan vallin