[secdir] review of draft-ietf-netconf-nmda-restconf-04

Daniel Harkins <dharkins@lounge.org> Tue, 03 July 2018 18:32 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7DBA4130DC0; Tue, 3 Jul 2018 11:32:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gR0_z4zF4ONQ; Tue, 3 Jul 2018 11:32:37 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 476CA130DC7; Tue, 3 Jul 2018 11:32:37 -0700 (PDT)
Received: from trixy.bergandi.net ([]) by wwwlocal.goatley.com (PMDF V6.7-x02 #1001) with ESMTP id <0PBA00L92ZIC2G@wwwlocal.goatley.com>; Tue, 03 Jul 2018 13:32:37 -0500 (CDT)
Received: from thinny.local ([]) by trixy.bergandi.net (PMDF V6.7-x01 #1001) with ESMTPSA id <0PBA0037TZI8QX@trixy.bergandi.net>; Tue, 03 Jul 2018 11:32:33 -0700 (PDT)
Received: from 69-12-173-8.static.dsltransport.net ([] EXTERNAL) (EHLO thinny.local) with TLS/SSL by trixy.bergandi.net ([]) (PreciseMail V3.3); Tue, 03 Jul 2018 11:32:33 -0700
Date: Tue, 03 Jul 2018 11:32:35 -0700
From: Daniel Harkins <dharkins@lounge.org>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-netconf-nmda-restconf.all@ietf.org
Message-id: <f919a44f-d93b-f399-cc5d-1353c1c5b57d@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_Vq2ZudmecUZTRRyovh5VHw)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [] (EHLO thinny.local)
X-PMAS-Software: PreciseMail V3.3 [180702a] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Gc3FFP_XVJuUybzeo6uaJXBQIi0>
Subject: [secdir] review of draft-ietf-netconf-nmda-restconf-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 18:32:40 -0000


   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   The summary of the review is "Ready with nits".

   This draft defines two new capability identifier URNs for use in
the RESTCONF protocol and also some new behavioral requirements on
servers implementing it. My nit is on that last bit. In sections
3.2.1 and 3.2.2 present the new query parameters and say that they
are "optional to support" and then go on saying what behavior is
needed if it is supported. I think those need to be changed to be
RFC 2119 words, either SHOULD or MAY depending on the reasons that
might exist for not implementing them (basically conform to what
the words mean in RFC 2119).

   Other than that, the draft is pretty simple and straightforward.
The security considerations are basically a punt but given the
nature of this draft that's probably fine.