[secdir] Review of draft-ietf-netconf-4741bis-07

Tina Tsou <tena@huawei.com> Tue, 08 February 2011 02:05 UTC

Return-Path: <tena@huawei.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 9FD6E3A7008; Mon, 7 Feb 2011 18:05:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id b6uNdBVg-UJ6; Mon, 7 Feb 2011 18:05:01 -0800 (PST)
Received: from usaga02-in.huawei.com (usaga02-in.huawei.com []) by core3.amsl.com (Postfix) with ESMTP id 585FB3A7007; Mon, 7 Feb 2011 18:05:01 -0800 (PST)
Received: from huawei.com (localhost []) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LGA009ZM0GHR5@usaga02-in.huawei.com>; Mon, 07 Feb 2011 18:05:06 -0800 (PST)
Received: from TingZousc1 ([]) by usaga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0LGA0082F0GHMN@usaga02-in.huawei.com>; Mon, 07 Feb 2011 18:05:05 -0800 (PST)
Date: Mon, 07 Feb 2011 18:05:05 -0800
From: Tina Tsou <tena@huawei.com>
To: secdir@ietf.org
Message-id: <00dc01cbc734$9ab8cbe0$d02a63a0$@com>
MIME-version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-us
Content-transfer-encoding: 7bit
Thread-index: AcvHNJologxQ/mhUTsec0i/teATXiw==
Cc: ietf@ietf.org, iesg@ietf.org, draft-ietf-netconf-4741bis@tools.ietf.org
Subject: [secdir] Review of draft-ietf-netconf-4741bis-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2011 02:05:02 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

It is well written, so only some editorial comments are below.

2.2.  Authentication, Integrity, and Confidentiality
2.3.  Authentication

Perhaps the Titles of 2.2 and 2.3 can harmonize better to explain why there
are two "authentications" here.

6.2.  Subtree Filter Components

   A subtree filter is comprised of XML elements and their XML
   attributes.  There are five types of components that may be present
   in a subtree filter:

   o  Namespace Selection

   o  Attribute Match Expressions

   o  Containment Nodes

   o  Selection Nodes

   o  Content Match Nodes

If a figure could be provided to describe the relationship among these 5
components and when it becomes what, it would be very helpful for readers to
understand more easily.

6.2.3.  Containment Nodes

   Nodes that contain child elements within a subtree filter are called
   "containment nodes".  

I would say "Child Elements Nodes" or "Child Nodes" might be a little bit
more of straight forward than "Containment Nodes".

7.2.  <edit-config>
merge:  The configuration data in the <config> parameter is
            merged with the configuration at the corresponding level in
            the target datastore.  This is the default behavior.
Has the <config> parameter been introduced before?

Best Regards,