[secdir] Secdir last call review of draft-ietf-i2rs-rib-info-model-14

Paul Wouters <paul@nohats.ca> Sun, 25 February 2018 18:59 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 13009127241; Sun, 25 Feb 2018 10:59:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
To: <secdir@ietf.org>
Cc: i2rs@ietf.org, ietf@ietf.org, draft-ietf-i2rs-rib-info-model.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.72.4
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151958515603.12934.11779217462614817262@ietfa.amsl.com>
Date: Sun, 25 Feb 2018 10:59:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8qCaBydp6esKEIIVBBW0QGjOMPY>
Subject: [secdir] Secdir last call review of draft-ietf-i2rs-rib-info-model-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Feb 2018 18:59:16 -0000

Reviewer: Paul Wouters
Review result: Has Issues

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat  these comments just like any
other last call comments.

The summary of the review is Has Issues.

This Informational draft specifies an information model for routing information
bases (RIBs) , and hints at how a read/write API would look like. I think the
document should be improved to clarify this API beyond a simple mention of SSH
and TLS in its own section, outside of the Security Consideration section. For
example, if this is TLS, what is used? Something restful? xml? json? What would
the URI be? And for ssh, what kind of access would be given? How is this
restricted to the RIB API ?