IETF Logo Mail Archive

[secdir] Updated rev posted [Re: Review of draft-ietf-mpls-ldp-yang-07]

"Kamran Raza (skraza)" <skraza@cisco.com> Fri, 28 February 2020 04:26 UTC

Return-Path: <skraza@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF19E3A0F07; Thu, 27 Feb 2020 20:26:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=QCLxRVgp; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=phFel9dn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJVA4lcPPkMd; Thu, 27 Feb 2020 20:26:54 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9D73A0F05; Thu, 27 Feb 2020 20:26:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18763; q=dns/txt; s=iport; t=1582864014; x=1584073614; h=from:to:cc:subject:date:message-id:mime-version; bh=+i/O4kzRVqmxTaNxAa0WYPJV6pYKNjMLm/3kMH67PYA=; b=QCLxRVgprLKcqpCKtX6G0w/lHc6j45vgLW4FvrXOnQW7Q0dc9MPOltKc 6MF7PuiX+OxQN2qD4r4Enqo1smcF2MxYWiHHE17J/3OFFAPZZnLhVM3Eo g5I3pG1USt9ethT8fHK2tYG6rrgkF5ZMSyG7n0jpzGgm6bhoUbs8lkPUx 4=;
IronPort-PHdr: 9a23:I2xNyBMPebhZdUyGRrQl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEuKQ/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjgL+TjfSUSF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AoCQBbllhe/4MNJK1mDg4BAQEBAQcBAREBBAQBAYF7gSUvUAVsWCAECyoKhAqDRgOKZYxCiU+EYoJSA1QJAQEBDAEBLQIEAQGEQBmBcSQ4EwIDDQEBBQEBAQIBBQRthTcMhWMBAgEVER0BATcBEQEZAwECKwIEHxEdCgQBDQUigwQBgX1NAy4Bo1cCgTmIYnWBMoJ/AQEFhQUNC4IMCYE4jCUaggCBEScggwqCG4JQgnEygiyQZYVwigiOTSxECoI8BJIrhDYcgkmIG4ROi3yOcIsqjCGDfAIEAgQFAg4BAQWBaSKBWHAVZQGCQVAYDYEajQMREoNQhFmFPz10AoEnjHsBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.70,493,1574121600"; d="scan'208,217";a="735543840"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Feb 2020 04:26:50 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 01S4Qo89032210 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Feb 2020 04:26:50 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Feb 2020 22:26:49 -0600
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Feb 2020 23:26:49 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 27 Feb 2020 22:26:48 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvDtm88Atvl+dSHxrEuTf1Bx/3MaXx+mJKWnWqNPRIU9vWu5XH58grNXcMCl1MJ+xIMzis7Dm+oSHjoawFLO3UOQSrTdEc6VpE0yde2+WA9qUc1ohJ8Ph7hrzL1MPQKybEQ0WT9RQ6GI6pmqP6KuX0BFnAdMXypglMxE/oGsvkDOlL2XSMHNqh1lJSb0LlLZjngsp038i0SbgNyZDexJ26ESh0D6aCt4SzySfCE13xrzzfuAwX4EAXQ3xWg5oq7hUaTcpE2Qs9QAPbgA6KRaAdeES0DvL8eqPf6plys3QXDDxSlpGjpBEGAGgC6+vaXXpFcntB6I3dZuMhLkRyrvRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+i/O4kzRVqmxTaNxAa0WYPJV6pYKNjMLm/3kMH67PYA=; b=YRObiBN8xb3Ev5rsthuRdNv7mtVQxb/09IuEqB9R+ILodWDymj3IwG1boUZ59agBNbuj6zb9aoBXHqYVjAGeApN2OfGDj6qAUk/+Euo+ztyMbmaW3yuTBOkN60GUn+xsCSe5pHfHw5K81+rN4skfOZtmEmxV8srH5oAO37HMhUz/hX5c2TzawTMXvr+jDvkP9WnZRcy4J0No4J6laN/WYrQnqWKYmWbt5nulnIlqM7lgfDY6yXLyukYsHoWKTKKlTbAWC9XVM85Fsnxdj387xSenUQftHkSg1V7ramkj1lRVZg7SnGY+6USiUOF0ba5cNlQb+l90Yt3sbT+nPZTznw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+i/O4kzRVqmxTaNxAa0WYPJV6pYKNjMLm/3kMH67PYA=; b=phFel9dnNm/Yb35HB1OMMid7VL5reiyfR6KnEAdUgumhklVvctmsufMzuCyjHzc3Ffb+gOuqNiimphYkv51ZzQachANVicDo7kj2O6ZUPzTlJAl2SN99kyEKZd6GZRX+DvFTFq1lbCMZ0wH0TdVtk4VaQrQAnfGD4zDDlKMl390=
Received: from BL0PR11MB3412.namprd11.prod.outlook.com (2603:10b6:208:7c::32) by BL0PR11MB3124.namprd11.prod.outlook.com (2603:10b6:208:30::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15; Fri, 28 Feb 2020 04:26:47 +0000
Received: from BL0PR11MB3412.namprd11.prod.outlook.com ([fe80::29ec:dcc7:ed48:3f7e]) by BL0PR11MB3412.namprd11.prod.outlook.com ([fe80::29ec:dcc7:ed48:3f7e%6]) with mapi id 15.20.2750.021; Fri, 28 Feb 2020 04:26:47 +0000
From: "Kamran Raza (skraza)" <skraza@cisco.com>
To: "Shawn M. Emery" <semery@uccs.edu>, secdir <secdir@ietf.org>, "draft-ietf-mpls-ldp-yang.all@ietf.org" <draft-ietf-mpls-ldp-yang.all@ietf.org>
Thread-Topic: Updated rev posted [Re: Review of draft-ietf-mpls-ldp-yang-07]
Thread-Index: AQHV7e9JI5sjC6LP2EGHwHk11d+oLg==
Date: Fri, 28 Feb 2020 04:26:46 +0000
Message-ID: <F628A40F-73B3-40C5-A50B-CBC1E8D612F8@cisco.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
authentication-results: spf=none (sender IP is ) smtp.mailfrom=skraza@cisco.com;
x-originating-ip: [173.38.117.82]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 597107f9-efe1-46b8-4b61-08d7bc066c6a
x-ms-traffictypediagnostic: BL0PR11MB3124:
x-microsoft-antispam-prvs: <BL0PR11MB31243F07BE0BE051C103EBCBD0E80@BL0PR11MB3124.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0327618309
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(396003)(136003)(366004)(39860400002)(189003)(199004)(4326008)(76116006)(33656002)(2616005)(66946007)(66446008)(64756008)(66556008)(66476007)(8676002)(81156014)(6486002)(26005)(15650500001)(6512007)(2906002)(186003)(81166006)(36756003)(8936002)(478600001)(5660300002)(6506007)(53546011)(86362001)(110136005)(296002)(71200400001)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR11MB3124; H:BL0PR11MB3412.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4DxE8ZbTytL0zmls/vg1mQ2L+esGKtJpMDRvHT73uqc+X8iYq3G12YvByN5UZnjTIHo636Gx41PjpFk+edZOScQzijIcn1pMrl4lgxNeJ8+zNuBIBFkHvGi1qXzNf3oFrEPxkmUojntHoW2HexrEvvslat+heo/BjUfwgLpv9U+tysNJLYFOuWHyg4QWRMHElob7fkz43CEv0nXBqokmOtHRr5bgx3tWaotfO6a6RR4qoyNEoLreQFsjyD60+3XtR2tBscY4HZeMHLEEg1v1ih6+j4fNXerIp5wQKSPqrywllOnuC0SrYJZhfcoeLzRiE4QmDJGyNeAHVrCR+0BNYVDjjiUaxdwQiH/d5iy79S33uOKkwCrBJx1AIQfn7Dtpk2wdVP5P6fceRzib2b0+AWrNzMK6c3W/V98/UNftDh/fCtb/24M8HinwDH4GUt74
x-ms-exchange-antispam-messagedata: MHw9+PzBjfD6VYEDAYod3SULNwDDz4YAo63RlrhVIWiUMj7+JOxuTuQkOOuALieUKp/HxmUqBnEkZh6IO/B1yV7OlOwgyqGLWJwAjBPLYNGyMX0MkWwXC9zF9bs5MGeuOB/ypBKzV/CfZg973HXw+w==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_F628A40F73B340C5A50BCBC1E8D612F8ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 597107f9-efe1-46b8-4b61-08d7bc066c6a
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2020 04:26:46.8746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jZMqMsixaeSChRLv3BA+Kg+YiJp5LfuMQx0WZSkKijyKhOn+kPvvDjknR5xcANeBp25uDcpq17SXxvq4vLCc1g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3124
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/EXcZYJfeDAXOpjbnax-dw1rAc_0>
Subject: [secdir] Updated rev posted [Re: Review of draft-ietf-mpls-ldp-yang-07]
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 04:26:57 -0000

Thanks for your review and comments.

We have just posted a new rev -08 that takes care of your comments and comments from other IESG reviewers.
On behalf of authors, please see inline [skraza]:

From: "Shawn M. Emery" <semery@uccs.edu>
Date: Monday, November 25, 2019 at 5:34 PM
To: secdir <secdir@ietf.org>, "draft-ietf-mpls-ldp-yang.all@ietf.org" <draft-ietf-mpls-ldp-yang.all@ietf.org>
Cc: Shawn Emery <shawn.emery@gmail.com>
Subject: Review of draft-ietf-mpls-ldp-yang-07
Resent-From: <alias-bounces@ietf.org>
Resent-To: <skraza@cisco.com>, <rajiva@cisco.com>, <xufeng.liu.ietf@gmail.com>, <sesale@juniper.net>, <jescia.chenxia@huawei.com>, <hshah@ciena.com>, <mach.chen@huawei.com>, <tsaad.net@gmail.com>, <n.leymann@telekom.de>, <loa@pi.nu>, <martin.vigoureux@nokia.com>, <db3546@att.com>, <aretana.ietf@gmail.com>, Nicolai Leymann <n.leymann@telekom.de>, Tarek Saad <tsaad.net@gmail.com>
Resent-Date: Monday, November 25, 2019 at 5:33 PM

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG model for the Multi-Protocol Label
Switching (MPLS) Label Distribution Protocol (LDP).  Network
Configuration Protocol (NETCONF) and RESTCONF is used
to mange network devices based on this model.

The security considerations section does exist and for security
and privacy concerns, discusses that the MTI for NETCONF is
SSH and TLS for RESTCONF.  For authorization, NETCONF
and RESTCONF uses the Network Configuration Access Control
Model (NACM).

The section goes on to state that some data nodes
and RPC operations in the YANG module are considered sensitive
to various operations, but does not give guidance on which nodes
or subtrees that would be affected.  In the past, module specifications
that I've reviewed have outlined each of these relevant items.

[skraza]: Enhanced this section significantly and have added the relevant items to this section. See draft rev -08.

The section finishes with the statement that the security
properties of the base specifications, LDP, LDP IPv6, etc., also applies
to this draft.  I agree with the above assertions.

General comments:

None.

Editorial comments:
[skraza]: Fixed all the listed.

s/into following/into the following/
s/means and be read/should be read/
s/family"/family"./
s/VPN Forwarding and Routing/VPN Routing and Forwarding/
s/provides a mean/provides a means/
s/Neibgbor/Neighbor/
s/pereference/preference/
s/creatable\/ deletable/creatable\/deletable/

RESTCONF should be expanded on first ocurence.
[skraza]: I could not find the expansion – even in the RESTCONF RFC 8040 .

Shawn.
--

v2.23.0 | Report a Bug | By Email