Re: [secdir] Secdir telechat review of draft-ietf-netmod-rfc6087bis-18

Kathleen Moriarty <> Tue, 06 March 2018 17:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4335B127876; Tue, 6 Mar 2018 09:41:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P8sSZd1L5_7J; Tue, 6 Mar 2018 09:41:24 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c0f::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 783F41270AC; Tue, 6 Mar 2018 09:41:20 -0800 (PST)
Received: by with SMTP id 95so19110940ote.5; Tue, 06 Mar 2018 09:41:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/xUHQtSMJ6Wcnfpd228FDZc/wY3hK7lwThDpVvsU4Fw=; b=W8jIhQ6/zicMhKlYMvOlQQZCBUsFtvoh/WM5+ddUwIG8G77WyWuVlvOhUS2pe4x51t 99OwZFAFvrZukGx4d8QQHoDwYTlvLWYj6wWB1/bi/SCHYPMPxooVvESaB6FKa1NSZ5Ix kL2ZDMHZhnwrh046odfSIj5IYOuK1nKqlD1lUrGDQMt5o6IZ9FrUgcxcXkJwzg/2gwd9 3bwUqEobj7SIL9r6dyeIulpNl6k7a8beSvdk0ANnAYbS0rApFRI0BwdCBQHjo2QsdHzA 6sgmnF4qKXu4e7kubAPAcDUGsmY45uPXs9oF2k33F1PMIZjLzCq2M5azoy5IHza42jfs nN0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/xUHQtSMJ6Wcnfpd228FDZc/wY3hK7lwThDpVvsU4Fw=; b=RJBqhwJGwbQ2ddO/RaCYfvK/jk7YkHwLu7Ei45p+F/n6ouKc1EtFGlZTlEJ6OxcaQP 646ZhDHSKIIPIrySrgWq69HQCeMhMt5Z2oqCWUcxhnHSxBCCuFR3djTP1p79AlYUfUVt 54Kx1r2DMTjdJxpE/FY0nsyxBZkCayOKtYXYqcRjnqj+Oe0I9PBCH7dpUOpgua6hPEff +t0Sq2EHUBj3/6zStaqjT1/2cXSjcGaq6zJiOjzvkaGfoMUiEBXWqyjghsOYgZ+DvdRx iXWpHJXNPhddJF747T1+PP7B0jECQgfXJM8XqlCfRbAbI41aR+9CSGn+JUE/5sR3njV9 9HgA==
X-Gm-Message-State: AElRT7G1YnB1UMoX4zq2lY2lmvT4t9fb20KzH5qjFfLVaJHqN/ezbiuo gu8HquujH2vXLdrX+EaoyfYU+FNlSNrhR5hMIr8=
X-Google-Smtp-Source: AG47ELuV5mpbM7/4E8JZ9ZiJBPCLQ2HiihAQAOmRIhQZ42nJNCzlcXc7VOT70naSlHdLBi6tbaf2P/XLFUG9HVSCA3k=
X-Received: by with SMTP id z22mr14265899oti.75.1520358079796; Tue, 06 Mar 2018 09:41:19 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 6 Mar 2018 09:40:39 -0800 (PST)
In-Reply-To: <>
References: <>
From: Kathleen Moriarty <>
Date: Tue, 6 Mar 2018 12:40:39 -0500
Message-ID: <>
To: Stephen Farrell <>
Cc: IETF SecDir <>, IETF <>,,
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [secdir] Secdir telechat review of draft-ietf-netmod-rfc6087bis-18
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Mar 2018 17:41:26 -0000

Thanks for your review, Stephen!

On Thu, Feb 22, 2018 at 2:58 PM, Stephen Farrell
<>; wrote:
> Reviewer: Stephen Farrell
> Review result: Ready
> I reviewed the diff between -18 and RFC6087. [1]
>    [1]
> I assume the security ADs were involved already in discussion about
> the new security considerations template in 3.7.1 and the text there
> does seem fine to me, so I won't even nit-pick about it:-)

Yes and I sent it to the SAAG list for review as well along with a
followup email on the security review process for YANG documents (a
link to the OPSdir page on that).  I don't think any feedback came
through as a result of the request, so we should be good with the
general considerations for a bit.

> I do have some other nits to note though.
> - There are a number of URLs given for access to updated materials
> that use http schemed URLs and that do not use https schemed URLs.
> There was a recent IESG statement to the effect that those'd be better
> as https URLs. The first such example is in 3.1. In fact that URL is
> re-directed (for me) to https. I think a general pass to fix such URLs
> to use https wherever possible would be easy and better practice.
> - Some of the namespaces use http schemed URLs, for example in
> section 4.2. I don't know if people are expected to de-reference such
> URLs, but if they are then it'd be good to say if https is better to use
> or not. (I'd argue it is.) If those URLs are not expected to be
> de-referenced, then saying that would be good. (Not that it'd stop
> people de-referencing 'em so the change is better in any case;-)

I don't see any response on these questions on list and it would be
good to get an answer, so I'll include a link in my ballot in case the
authors are not seeing it for some reason.


> Cheers,
> S.


Best regards,