[secdir] draft-ietf-i2rs-rib-data-model
Derrell Piper <ddp@electric-loft.org> Sat, 17 February 2018 23:30 UTC
Return-Path: <ddp@electric-loft.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AC9012D7EA; Sat, 17 Feb 2018 15:30:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4nL9Byu0hki; Sat, 17 Feb 2018 15:30:31 -0800 (PST)
Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com [139.60.72.138]) by ietfa.amsl.com (Postfix) with SMTP id 1467212D7E6; Sat, 17 Feb 2018 15:30:30 -0800 (PST)
Received: from [IPv6:2603:3024:1748::4] ([2603:3024:1748::4]) by Mail.Yoyodyne.COM via Internet for <iesg@ietf.org> (and others); Sat, 17 Feb 2018 15:30:30 PST
From: Derrell Piper <ddp@electric-loft.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_CBDF97FC-F7D5-4A75-9FCF-C0230D397E55"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Message-Id: <F676F5C9-B8EC-411B-AD3B-2E755AC206F5@electric-loft.org>
Date: Sat, 17 Feb 2018 15:30:29 -0800
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-i2rs-rib-data-model.all@ietf.org
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/wFABxaBRKCGQMJwZrrsLC-DMWQs>
Subject: [secdir] draft-ietf-i2rs-rib-data-model
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Feb 2018 23:30:32 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. This document defines a YANG data model for the Routing Information Base (RIB). The Security Considerations section states that it's intended to run over SSH (NETCONF) or TLS (RESTCONF) and thus relies on discretionary access control defined by these underlying protocols along with the security of SSH/TLS. It further calls out the 'RIB', 'route', and 'nexthop' subtrees being defined, as being sensitive. Useful references: RFC6536 defines the network access control mechanism, RFC7921 explains the security environment for I2RS, and RFC8241 discusses the specific security requirements for I2RS.
- [secdir] draft-ietf-i2rs-rib-data-model Derrell Piper