[secdir] Secdir review of draft-ietf-netconf-yang-patch-07

Dacheng <zhang_dacheng@hotmail.com> Mon, 11 January 2016 12:14 UTC

Return-Path: <zhang_dacheng@hotmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D12F21A899B for <secdir@ietfa.amsl.com>; Mon, 11 Jan 2016 04:14:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ra6NybIpl6LA for <secdir@ietfa.amsl.com>; Mon, 11 Jan 2016 04:14:37 -0800 (PST)
Received: from BLU004-OMC3S4.hotmail.com (blu004-omc3s4.hotmail.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F9FC1A8992 for <secdir@ietf.org>; Mon, 11 Jan 2016 04:14:36 -0800 (PST)
Received: from BLU437-SMTP97 ([]) by BLU004-OMC3S4.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Mon, 11 Jan 2016 04:14:36 -0800
X-TMN: [EJ/fxmw9Su4bfQa2g7A7Aoh6qydwtCtp]
X-Originating-Email: [zhang_dacheng@hotmail.com]
Message-ID: <BLU437-SMTP9708AECD98A7E7ABFEDD9288C90@phx.gbl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6EFF9368-5BCA-4040-9AC6-C3BDD25BCDD3"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Dacheng <zhang_dacheng@hotmail.com>
In-Reply-To: <56908353.5050200@oracle.com>
Date: Mon, 11 Jan 2016 20:14:16 +0800
References: <56595640.5060206@oracle.com> <56908353.5050200@oracle.com>
To: secdir@ietf.org
X-Mailer: Apple Mail (2.1878.6)
X-OriginalArrivalTime: 11 Jan 2016 12:14:34.0489 (UTC) FILETIME=[A2130E90:01D14C69]
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/S0F03aTtz7jPNAiz6gDm7CaCiRc>
Cc: draft-ietf-netconf-yang-patch.all@tools.ietf.org
Subject: [secdir] Secdir review of draft-ietf-netconf-yang-patch-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 12:14:43 -0000

I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document defines a media type for a YANG-based editing mechanism that can be used with the HTTP PATCH method.

I agree that this mechanism does not introduce any new security issues, beyond what is described in [I-D.ietf-netconf-restconf]. So, this draft is almost ready for publication. 

A question:

In Section 2.6  you mentioned 'The server will save the running datastore to non-volatile storage' . Do you assume the severs supporting your mechanism always have non-volatile storage?

An editorial comment:
page 15:
The 'value' node will contain one instance of foo:-> The 'value' node contains one instance of foo: