Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14

"Susan Hares" <shares@ndzh.com> Sun, 25 February 2018 23:51 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E942124BAC; Sun, 25 Feb 2018 15:51:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Level:
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqIl8wob8_sS; Sun, 25 Feb 2018 15:51:12 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21DC21241F5; Sun, 25 Feb 2018 15:51:12 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.251.46;
From: "Susan Hares" <shares@ndzh.com>
To: "'Paul Wouters'" <paul@nohats.ca>, <secdir@ietf.org>
Cc: <i2rs@ietf.org>, <ietf@ietf.org>, <draft-ietf-i2rs-rib-info-model.all@ietf.org>
References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> <002a01d3ae92$9b899660$d29cc320$@ndzh.com>
In-Reply-To: <002a01d3ae92$9b899660$d29cc320$@ndzh.com>
Date: Sun, 25 Feb 2018 18:51:08 -0500
Message-ID: <003901d3ae93$82750910$875f1b30$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHQD0Pdn7l6HalH48dRcUIzKK9LGQL4ahFmo6VFDDA=
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/j2k72AC9YJtnkjCLezvWzLmep3k>
Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Feb 2018 23:51:13 -0000

Paul:

I hit return to soon.  Thank you for the security review. 

Cheerily, Susan Hares 

-----Original Message-----
From: Susan Hares [mailto:shares@ndzh.com] 
Sent: Sunday, February 25, 2018 6:45 PM
To: 'Paul Wouters'; secdir@ietf.org
Cc: i2rs@ietf.org; ietf@ietf.org;
draft-ietf-i2rs-rib-info-model.all@ietf.org
Subject: RE: [i2rs] Secdir last call review of
draft-ietf-i2rs-rib-info-model-14

Paul: 

The current I2RS  RIB Data model is a yang model which can be access via
netconf and restconf with the restrictions in the network management
datastore architecture.   Are you looking for us to specify the
netconf/restconf suite protocols, and the CBOR for binary in this section. 

If you are looking for more than that, are you looking for what is in
https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/

Thank you,
Sue Hares
WG co-chair

-----Original Message-----
From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Paul Wouters
Sent: Sunday, February 25, 2018 1:59 PM
To: secdir@ietf.org
Cc: i2rs@ietf.org; ietf@ietf.org;
draft-ietf-i2rs-rib-info-model.all@ietf.org
Subject: [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14

Reviewer: Paul Wouters
Review result: Has Issues

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.
 Document editors and WG chairs should treat  these comments just like any
other last call comments.

The summary of the review is Has Issues.

This Informational draft specifies an information model for routing
information bases (RIBs) , and hints at how a read/write API would look
like. I think the document should be improved to clarify this API beyond a
simple mention of SSH and TLS in its own section, outside of the Security
Consideration section. For example, if this is TLS, what is used? Something
restful? xml? json? What would the URI be? And for ssh, what kind of access
would be given? How is this restricted to the RIB API ?


_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs