[secdir] Review of draft-ietf-mpls-ldp-yang-07
"Shawn M. Emery" <semery@uccs.edu> Mon, 25 November 2019 22:31 UTC
Return-Path: <semery@uccs.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2410120F44; Mon, 25 Nov 2019 14:31:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.489
X-Spam-Level:
X-Spam-Status: No, score=-1.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.4, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgUfH9EWBMTL; Mon, 25 Nov 2019 14:31:09 -0800 (PST)
Received: from exchange.uccs.edu (uccs-ex1.uccs.edu [128.198.1.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 730E11208BF; Mon, 25 Nov 2019 14:30:45 -0800 (PST)
Received: from mail-ed1-f51.google.com (209.85.208.51) by UCCS-EX1.uccs.edu (128.198.1.101) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 25 Nov 2019 15:30:43 -0700
Received: by mail-ed1-f51.google.com with SMTP id b5so14343965eds.12; Mon, 25 Nov 2019 14:30:44 -0800 (PST)
X-Gm-Message-State: APjAAAUKzZWGqatz1iqEOMNQ5r4P0BVS72uT8QVuQblldHGy2nyiQ+SO WjtM44ydQOlE4zWtnMitU7CtFxVajb35CkrXZLM=
X-Google-Smtp-Source: APXvYqy62aulwuFm07PFelK+XMq7YptFfnT+rF0PsBs33K92bcFphRGJjJwlKX4cVCdTZobbgRRCucMGzEA5EK8G7uo=
X-Received: by 2002:aa7:d496:: with SMTP id b22mr21384248edr.122.1574721042595; Mon, 25 Nov 2019 14:30:42 -0800 (PST)
MIME-Version: 1.0
From: "Shawn M. Emery" <semery@uccs.edu>
Date: Mon, 25 Nov 2019 15:30:31 -0700
X-Gmail-Original-Message-ID: <CAChzXmaHQa8QgyzVHrV09Gj9UHSm7tEiEsG60EJmw-hQenUXEg@mail.gmail.com>
Message-ID: <CAChzXmaHQa8QgyzVHrV09Gj9UHSm7tEiEsG60EJmw-hQenUXEg@mail.gmail.com>
To: secdir <secdir@ietf.org>, draft-ietf-mpls-ldp-yang.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005d465605983350cd"
X-Originating-IP: [209.85.208.51]
X-ClientProxiedBy: uccs-ex1.uccs.edu (128.198.1.101) To UCCS-EX1.uccs.edu (128.198.1.101)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UY6_dJ3tD0_CLBh4C0Lf1-mmxmE>
X-Mailman-Approved-At: Mon, 25 Nov 2019 14:35:39 -0800
Subject: [secdir] Review of draft-ietf-mpls-ldp-yang-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 22:34:30 -0000
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a YANG model for the Multi-Protocol Label Switching (MPLS) Label Distribution Protocol (LDP). Network Configuration Protocol (NETCONF) and RESTCONF is used to mange network devices based on this model. The security considerations section does exist and for security and privacy concerns, discusses that the MTI for NETCONF is SSH and TLS for RESTCONF. For authorization, NETCONF and RESTCONF uses the Network Configuration Access Control Model (NACM). The section goes on to state that some data nodes and RPC operations in the YANG module are considered sensitive to various operations, but does not give guidance on which nodes or subtrees that would be affected. In the past, module specifications that I've reviewed have outlined each of these relevant items. The section finishes with the statement that the security properties of the base specifications, LDP, LDP IPv6, etc., also applies to this draft. I agree with the above assertions. General comments: None. Editorial comments: s/into following/into the following/ s/means and be read/should be read/ s/family"/family"./ s/VPN Forwarding and Routing/VPN Routing and Forwarding/ s/provides a mean/provides a means/ s/Neibgbor/Neighbor/ s/pereference/preference/ s/creatable\/ deletable/creatable\/deletable/ RESTCONF should be expanded on first ocurence. Shawn. --
- [secdir] Review of draft-ietf-mpls-ldp-yang-07 Shawn M. Emery
- Re: [secdir] Review of draft-ietf-mpls-ldp-yang-07 Benjamin Kaduk