IETF Logo Mail Archive

[secdir] secdir review of draft-ietf-netconf-yang-library-03

Tom Yu <tlyu@mit.edu> Tue, 02 February 2016 02:03 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31C481A1DE1; Mon, 1 Feb 2016 18:03:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGTLFQTEqQeD; Mon, 1 Feb 2016 18:03:40 -0800 (PST)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 510B11A1DBE; Mon, 1 Feb 2016 18:03:39 -0800 (PST)
X-AuditID: 12074422-ee7ff70000000a47-06-56b00e7afc32
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 90.8C.02631.A7E00B65; Mon, 1 Feb 2016 21:03:38 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id u1223bvi006942; Mon, 1 Feb 2016 21:03:38 -0500
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u1223aEN025646; Mon, 1 Feb 2016 21:03:37 -0500
From: Tom Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-netconf-yang-library.all@tools.ietf.org
Date: Mon, 01 Feb 2016 21:03:35 -0500
Message-ID: <ldvbn7z6f7s.fsf@sarnath.mit.edu>
Lines: 12
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRmVeSWpSXmKPExsUixCmqrVvFtyHMoLVZ3uLB4RY2ixl/JjJb fFj4kMWB2WPJkp9MHl8uf2YLYIrisklJzcksSy3St0vgymi8+I+x4C1rxck5X5gbGF+ydDFy cEgImEhsn1DWxcjFISTQxiSx8/kKZghnA6PExrmb2CGc14wSt6ctZOti5ORgE5CWOH55FxOI LSIQL3Hi9F1GEFtYwEbi0K2/LCA2i4CqxK1OiHpeAV2JZfNusYPYPAKcErsnbWWHiAtKnJz5 BKyeWUBL4sa/l0wTGHlmIUnNQpJawMi0ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdULzezRC81 pXQTIyh02F2UdjD+PKh0iFGAg1GJh7dj7fowIdbEsuLK3EOMkhxMSqK8m/8DhfiS8lMqMxKL M+KLSnNSiw8xSnAwK4nwrnwPlONNSaysSi3Kh0lJc7AoifPu6pgbJiSQnliSmp2aWpBaBJOV 4eBQkuCdzbshTEiwKDU9tSItM6cEIc3EwQkynAdo+FKQGt7igsTc4sx0iPwpRl2OBT9ur2US YsnLz0uVEuddAlIkAFKUUZoHNwcc80KM+14xigO9JcxrA1LFA0wXcJNeAS1hAloymw/kg+KS RISUVANjpKvIdtfc9PjmqKXM6qtSPmhXRdgn3LQ/uJ5vz8xY+SNWBrq11zeaNzpufiP+fN0b +X37SufMPHcmbv8En/nsWlNmKKt5z4q28tZn+M86qf5SiuPlgjlHjNxOFyTN7Zcurl0jL8os v+jfh47tYs3JakXFytbnzRbPVwhWCu5L19W/4rW3jl+JpTgj0VCLuag4EQAQVhgj1AIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/ePiD0naudKntzlOLJvrhD56xDhw>
Subject: [secdir] secdir review of draft-ietf-netconf-yang-library-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 02:03:42 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The Security Considerations of this document seem reasonable.  It might
be useful to add a comparison of the risks posed by sensitive
information exposed by this YANG module with information exposed by
other aspects of NETCONF, or available through methods such as
fingerprinting.  Admittedly, a meaningful comparison might be highly
context-specific, so a general comparison might have limited utility.

v2.23.0 | Report a Bug | By Email