Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10

Martin Bjorklund <> Mon, 13 May 2013 07:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1553721F8F2C; Mon, 13 May 2013 00:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.553
X-Spam-Status: No, score=0.553 tagged_above=-999 required=5 tests=[HELO_MISMATCH_COM=0.553]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S1+rfrEEiGqm; Mon, 13 May 2013 00:44:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1D18221F8FF8; Mon, 13 May 2013 00:44:44 -0700 (PDT)
Received: from localhost ( []) by (Postfix) with ESMTPSA id 32C6D1200174; Mon, 13 May 2013 09:44:42 +0200 (CEST)
Date: Mon, 13 May 2013 09:44:41 +0200
Message-Id: <>
From: Martin Bjorklund <>
In-Reply-To: <>
References: <> <>
X-Mailer: Mew version 6.5rc2 on Emacs 23.4 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Mon, 13 May 2013 02:22:02 -0700
Subject: Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 May 2013 07:44:55 -0000


Shawn Emery <> wrote:
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments just
> like any other last call comments.
> This internet-draft specifies a data model used for the management of network
> interfaces.
> The security considerations section does exist and discusses that the data is
> made available through the NETCONF protocol.  NETCONF uses SSH to access and
> transfer said data.  It goes on to discuss the implications of unattended
> access to list and leaf data, but does not provide guidance on how to mitigate
> against unauthorized access.  If this is discussed in the NETCONF draft then
> this draft should at least provide this reference.

This is discussed in the NETCONF Access Control Model (RFC 6536).  We
got the same comment also from other reviewers, and we will update the
first paragraph to be:

  The YANG module defined in this memo is designed to be accessed via
  the NETCONF protocol ^RFC6241^.  The lowest NETCONF layer is the
  secure transport layer and the mandatory-to-implement secure
  transport is SSH ^RFC6242^.  The NETCONF access control model
  ^RFC6536^ provides the means to restrict access for particular
  NETCONF users to a pre-configured subset of all available NETCONF
  protocol operations and content.

This text will go into the Security Considerations template that is
used for other YANG module documents as well.

I hope this addresses your concern.