[secdir] Review of draft-ietf-netmod-schema-mount-10
Shawn Emery <shawn.emery@gmail.com> Mon, 25 June 2018 05:27 UTC
Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F08212F1A5 for <secdir@ietfa.amsl.com>; Sun, 24 Jun 2018 22:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8aidWyKOcNbs for <secdir@ietfa.amsl.com>; Sun, 24 Jun 2018 22:27:44 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAA2F12F1A2 for <secdir@ietf.org>; Sun, 24 Jun 2018 22:27:43 -0700 (PDT)
Received: by mail-lf0-x22d.google.com with SMTP id q11-v6so13379000lfc.7 for <secdir@ietf.org>; Sun, 24 Jun 2018 22:27:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=yI1AJBtgyDtzcGa5SVOkEBnx5aGIfL8h9XIKawrZ6UU=; b=GnKsrM2jz81yMnp8PB+uiX2irM2knrLhY17rvNt/UwhEdsvnlrUXaVDfbWiWK86l7Q uySGWJLzHjAoG0oryEB5QivcTN/NcATMcA87kSb68acqYD3128hITRW6UzJ2cri5SHby XBBTmyJO1BG7Jfni34xbRMCUxR6sMbQce5EpY38Big1lWaBi0/okRxNI5+BO/R0LLKeO Xkzavms87DX0ZhWHMrdkROMFzTAc3layNIi9xJE7UTUnaRPQEJGR6ZKcHXUTdej8ypQ8 5mFisNYnV0Q0tjnapOxRGAiekmzeQ6WveYAuXgV9HDWJGDCmWsqsEpCY09/RuGycsljQ 9DtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yI1AJBtgyDtzcGa5SVOkEBnx5aGIfL8h9XIKawrZ6UU=; b=hvReTmAhjRROjJc06WQnRqQdnuqFe1G1Kyy7C6iPKrM061zcBxYtug4tX7etAVpCob L9pWeESMnqJ0ehWUCbLa0lrIBrot4e1YFpBOCqiry/TadXinPtfxW5Oj1/FOeWKiubPz nzBNKiwsvNWOKTJ+WpOXnDfWQS1Ip6Xt6aayhAHgUUGCD642bq6LgHGDk7M2cmqiPkcC 6odS3EV3oHck9WF3LRcxE5CeLR77Y/jdlAkVMUxpklKtB2FuBcUcL004TAt0knrZ32k5 e1Z0jzk7y6CKgek4UZ0hlYZYk+fnF3hpBWJyE1trxRI1bRXO/6bj48T4MU6z8nB/KaJW jLNQ==
X-Gm-Message-State: APt69E3+V0PwlGczig3u+Z/hV10X55q0aNzggWgk4ui2hYDr711bdo/3 /bfyWmJAztF/V6o23G9ui4SPxpSKFa3uFwaKAgc9X7hI+YM=
X-Google-Smtp-Source: ADUXVKIT4OtL2rOhDs60u3vFyqC/QEBK89pj/+M5dHSTWQAXahc1ERPdyimG8Xc2xqnXtCtUmkRGMV/XqSR6gaHCEIc=
X-Received: by 2002:a19:1d8c:: with SMTP id d134-v6mr5140934lfd.56.1529904461615; Sun, 24 Jun 2018 22:27:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:8751:0:0:0:0:0 with HTTP; Sun, 24 Jun 2018 22:27:40 -0700 (PDT)
From: Shawn Emery <shawn.emery@gmail.com>
Date: Sun, 24 Jun 2018 23:27:40 -0600
Message-ID: <CAChzXmanxy0cn9i-E6FvnNmC2_gpir1qNd4jgPLAmDL7L8j-6A@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-netmod-schema-mount.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="000000000000f99812056f70a32f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/oC-ffwJq5FBzOa0biCVajjac7m8>
Subject: [secdir] Review of draft-ietf-netmod-schema-mount-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 05:27:46 -0000
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a schema for YANG module mount points for yet another specified schema location. The security considerations section does exist and refers to transport security through SSH and HTTPS for NETCONF and RESTCONF, respectively. For authorization, the spec refers to RFC 8341 for controlling NETCONF and RESTCONF user access. Data that would be considered sensitive or subject to attack is briefly described and prescribes read access controls for said data. I agree with the authors' assertions. General comments: None. Editorial comments: OLD: These are the subtrees and data nodes and their sensitivity/vulnerability: NEW: The following should be considered for subtrees/data nodes and their corresponding sensitivity/vulnerability: Shawn. --
- Re: [secdir] Review of draft-ietf-netmod-schema-m… Ladislav Lhotka
- [secdir] Review of draft-ietf-netmod-schema-mount… Shawn Emery
- Re: [secdir] Review of draft-ietf-netmod-schema-m… joel jaeggli
- Re: [secdir] Review of draft-ietf-netmod-schema-m… Martin Bjorklund
- Re: [secdir] Review of draft-ietf-netmod-schema-m… Shawn Emery
- Re: [secdir] Review of draft-ietf-netmod-schema-m… joel jaeggli