[secdir] review of draft-ietf-netconf-nmda-restconf-04
Daniel Harkins <dharkins@lounge.org> Tue, 03 July 2018 18:32 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DBA4130DC0; Tue, 3 Jul 2018 11:32:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gR0_z4zF4ONQ; Tue, 3 Jul 2018 11:32:37 -0700 (PDT)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 476CA130DC7; Tue, 3 Jul 2018 11:32:37 -0700 (PDT)
Received: from trixy.bergandi.net ([76.93.146.89]) by wwwlocal.goatley.com (PMDF V6.7-x02 #1001) with ESMTP id <0PBA00L92ZIC2G@wwwlocal.goatley.com>; Tue, 03 Jul 2018 13:32:37 -0500 (CDT)
Received: from thinny.local ([69.12.173.8]) by trixy.bergandi.net (PMDF V6.7-x01 #1001) with ESMTPSA id <0PBA0037TZI8QX@trixy.bergandi.net>; Tue, 03 Jul 2018 11:32:33 -0700 (PDT)
Received: from 69-12-173-8.static.dsltransport.net ([69.12.173.8] EXTERNAL) (EHLO thinny.local) with TLS/SSL by trixy.bergandi.net ([10.0.42.18]) (PreciseMail V3.3); Tue, 03 Jul 2018 11:32:33 -0700
Date: Tue, 03 Jul 2018 11:32:35 -0700
From: Daniel Harkins <dharkins@lounge.org>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-netconf-nmda-restconf.all@ietf.org
Message-id: <f919a44f-d93b-f399-cc5d-1353c1c5b57d@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_Vq2ZudmecUZTRRyovh5VHw)"
Content-language: en-US
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
X-PMAS-SPF: SPF check skipped for authenticated session (recv=trixy.bergandi.net, send-ip=69.12.173.8)
X-PMAS-External-Auth: 69-12-173-8.static.dsltransport.net [69.12.173.8] (EHLO thinny.local)
X-PMAS-Software: PreciseMail V3.3 [180702a] (trixy.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Gc3FFP_XVJuUybzeo6uaJXBQIi0>
Subject: [secdir] review of draft-ietf-netconf-nmda-restconf-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 18:32:40 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is "Ready with nits". This draft defines two new capability identifier URNs for use in the RESTCONF protocol and also some new behavioral requirements on servers implementing it. My nit is on that last bit. In sections 3.2.1 and 3.2.2 present the new query parameters and say that they are "optional to support" and then go on saying what behavior is needed if it is supported. I think those need to be changed to be RFC 2119 words, either SHOULD or MAY depending on the reasons that might exist for not implementing them (basically conform to what the words mean in RFC 2119). Other than that, the draft is pretty simple and straightforward. The security considerations are basically a punt but given the nature of this draft that's probably fine. regards, Dan.
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Kent Watsen
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Mahesh Jethanandani
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Daniel Harkins
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Juergen Schoenwaelder
- [secdir] review of draft-ietf-netconf-nmda-restco… Daniel Harkins
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Juergen Schoenwaelder
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Daniel Harkins
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Juergen Schoenwaelder
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Daniel Harkins
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Juergen Schoenwaelder
- Re: [secdir] review of draft-ietf-netconf-nmda-re… Mahesh Jethanandani