[secdir] Review of draft-ietf-netmod-entity-07

Shawn Emery <shawn.emery@gmail.com> Wed, 10 January 2018 06:48 UTC

Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEDDB126CC4 for <secdir@ietfa.amsl.com>; Tue, 9 Jan 2018 22:48:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiejEZcvFJsw for <secdir@ietfa.amsl.com>; Tue, 9 Jan 2018 22:48:05 -0800 (PST)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 150FD1200B9 for <secdir@ietf.org>; Tue, 9 Jan 2018 22:48:05 -0800 (PST)
Received: by mail-io0-x22c.google.com with SMTP id 14so21264970iou.2 for <secdir@ietf.org>; Tue, 09 Jan 2018 22:48:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=DsWktwf/QUbeb+gLs4jelqwBD5IDFk2cX02V9dCBCuw=; b=mXrpQfoVVM29dnFfpu/DYB/unVm/NsELG07NZ1B4NRPgJ3uzX7PC7iHjGvG57mzsh/ UGFJHYYhjp1a17dhu2TW9Jw39Opxof5dyuqEfwZaeABlW2nFrVDc8IpdzWniF8HK8ChA K6NYfBbHe9njEw4Tvm4cfwgSUwYydaPBx/7xfWPj5lB3Vc17FYtgtDSiRYHYY2x0+gKJ D0iHPyLU8TJbO5riO43wEEtoGLjXddciWFekuSohxnXI0reAzZAC8O9wtbmBigX4pjJJ NuUj0zyI7BpSAucJForNoJ+1CJMldbbD88MsVhCBnZoe1ARAxFJQvCN5i+av72GZZQbr pfHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=DsWktwf/QUbeb+gLs4jelqwBD5IDFk2cX02V9dCBCuw=; b=itAsbSQBoSJSCo50AqHyIJyRRHzuI7CBYtzBy5zSmBn4vi84OEzID+V3+tSb6VKUom 6fyLlVh5mGqfb2ICFUPjHFEid1uJjqEuP6kZ2WwausUZirRWfNjEyTjVF4NkYNKggpuw Ian8/QCfP60Ce0ExB1L6TfttIuWmFs/Onx72ter/R9Xu/O7Oq1CQFkVNtIQ5mg9v0C0e q0Lq0lE3p/Bs/o27sLH7XJFaNbc+aK0E5djeEfQ7hMmu7hzi+9erefb/SatUWVpgc6p3 GgB2isi2JWZwVixVk1NnN+IYz3CR1js6FX2J3Q7fVL9mcqF6g5pUxRLV1ti5CWpBTpTp alxw==
X-Gm-Message-State: AKwxytc5ModxmTugz9kpcRhalVAOorloMhONf5OEBCplJxsVV1lH18sp y+8l0THVMnGb/3JCwquwVc7/hgYlDRFaSMIy/YMsNokH
X-Google-Smtp-Source: ACJfBovB7r0lubmEW6oK8UZ5Nv73/KzG914cHbiBczRvcMAHtFhcuXnkC8Hhk60T8LxZXdTAlgifyTaZytoHKicDL30=
X-Received: by 10.107.81.22 with SMTP id f22mr17091306iob.191.1515566884036; Tue, 09 Jan 2018 22:48:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.167.19 with HTTP; Tue, 9 Jan 2018 22:48:03 -0800 (PST)
From: Shawn Emery <shawn.emery@gmail.com>
Date: Tue, 9 Jan 2018 23:48:03 -0700
Message-ID: <CAChzXmZw57wKoLZeWN---rx5ovZwQs0=DsYznsr5LY-0UW+EyQ@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-netmod-entity.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="089e08259c40c1a6550562666926"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Vj4FGRXB_APcwkutny9rv9rcMvA>
Subject: [secdir] Review of draft-ietf-netmod-entity-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 06:48:07 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG data model for server hardware configuration
and status information.

The security considerations section does exist and follows the mib-security
template.  With this, the section defines the nodes that have sensitive
information.  Access controls are provided by the network management
protocol.  I agree with the provided set of nodes considered sensitive,
which covers the majority of them.  The section also states that there is a
MTI for secure transport of the underlying network management protocols
with SSH or TLS.  I believe that the section sufficiently covers the
various security concerns of the draft.

General comments:

None.

Editorial comments:

None.

Shawn.
--