Re: [secdir] Secdir telechat review of draft-ietf-netmod-rfc6087bis-18

Andy Bierman <andy@yumaworks.com> Tue, 06 March 2018 17:53 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C34412946D for <secdir@ietfa.amsl.com>; Tue, 6 Mar 2018 09:53:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id seJFgWjXt3KT for <secdir@ietfa.amsl.com>; Tue, 6 Mar 2018 09:53:14 -0800 (PST)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67AF5129C53 for <secdir@ietf.org>; Tue, 6 Mar 2018 09:53:14 -0800 (PST)
Received: by mail-lf0-x22d.google.com with SMTP id m69so29791977lfe.8 for <secdir@ietf.org>; Tue, 06 Mar 2018 09:53:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RN5osWzOUY3WnxRvrjYd+ElLAZwBWY6FPvyKBVUhKMQ=; b=RjKGe+b2r+gzEdy6VXcqb3MMo54UG9qu01Sbp4PNpccqomu0JbauBuvQnkdpjNrCKv rbNST4GGH9fljzW3Pque8SwQu/2TSX38OgOmZinXqT6m1Lt6d8VN1N4JGne+V1vM5cKO DhAOH6oit77+UPy38YTxl3oNW8YzEJn0A06yfbWFujdBU0W906IUFMMzY4mtHzvXI11X ardX+5nHGPELGNkXEtCoL8qTltqPst9ArVEnBIhAUTfq6veSHqahCslmwh92JX9/mYcM wHbWZxgrfVJZCp53Wkt+duDKiM4gQjdKznbCysgOZihUXYWgYRZeyr+2QnRMpUCPo3nS UY3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RN5osWzOUY3WnxRvrjYd+ElLAZwBWY6FPvyKBVUhKMQ=; b=QdkRep9CD1gf3b0al66E4Mg9NJ8YBEIBfFjTUaoNcb17SdCUM/WEDg7vJE+J1IEVyY PLaEsy5EPjpgexDolGzyX65H9UHAmf71gK08H+5//xs/nJV4T76cWxMQOhH4EqtRYV0R RXCGO06uxWrfkHbGg+0i7SMV6yXRxw0rLgAU1ow/UYSI6dwwDASujS16eP7+dsw9Ze6M 5WFpSXremFbUqdO0qENigM4MJ3h/RO2yi2LImhuv5YkqbNtePBHTD4XR/9rqMJEJvinl zBIdTcprOa7KLJBkjDOWcPzRDPLBs1MEbQO/rk4h2P5ytZ+sIMGlmBSjHymfgLgh397g ZlmQ==
X-Gm-Message-State: AElRT7F2lawtCyBXXJZGdaJ7mDvekyDzIMl47qtpRCnL5w8y1mkZ44+5 OeqI/G2H0RaHPTL0o5xtsezNOylsTdT7D3St+sUscg==
X-Google-Smtp-Source: AG47ELvea4OmZ2ZVoz6a1/Cctoken0WEDa6nW2uuQW6FZVnr8V1bwLtlxW2Weu/eUmyrgP6FzjpALnJ2JbuW/8FXJwQ=
X-Received: by 10.25.234.148 with SMTP id y20mr13099244lfi.53.1520358792565; Tue, 06 Mar 2018 09:53:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.21.210 with HTTP; Tue, 6 Mar 2018 09:53:11 -0800 (PST)
In-Reply-To: <CAHbuEH63ayGp2X+FmL9j9ajvF6nbGZM76YR6ttx0NyBvaQcRdw@mail.gmail.com>
References: <151932948231.8096.10376000064045374752@ietfa.amsl.com> <CAHbuEH63ayGp2X+FmL9j9ajvF6nbGZM76YR6ttx0NyBvaQcRdw@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Tue, 6 Mar 2018 09:53:11 -0800
Message-ID: <CABCOCHS5yWgfYnKFcVCOibYGEa1pomaKkKonf1WqfToOCoxG9Q@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF SecDir <secdir@ietf.org>, IETF <ietf@ietf.org>, NetMod WG <netmod@ietf.org>, draft-ietf-netmod-rfc6087bis.all@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0ed1eac32fcf0566c21d9d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zPKK-qNrM-jzrFgK5gut-whCx6I>
Subject: Re: [secdir] Secdir telechat review of draft-ietf-netmod-rfc6087bis-18
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 17:53:18 -0000

On Tue, Mar 6, 2018 at 9:40 AM, Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com>; wrote:

> Thanks for your review, Stephen!
>
> On Thu, Feb 22, 2018 at 2:58 PM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie>; wrote:
> > Reviewer: Stephen Farrell
> > Review result: Ready
> >
> >
> > I reviewed the diff between -18 and RFC6087. [1]
> >
> >    [1] https://www.ietf.org/rfcdiff?url1=rfc6087&url2=draft-ietf-
> netmod-rfc6087bis-18
> >
> > I assume the security ADs were involved already in discussion about
> > the new security considerations template in 3.7.1 and the text there
> > does seem fine to me, so I won't even nit-pick about it:-)
>
> Yes and I sent it to the SAAG list for review as well along with a
> followup email on the security review process for YANG documents (a
> link to the OPSdir page on that).  I don't think any feedback came
> through as a result of the request, so we should be good with the
> general considerations for a bit.
>
> >
> > I do have some other nits to note though.
> >
> > - There are a number of URLs given for access to updated materials
> > that use http schemed URLs and that do not use https schemed URLs.
> > There was a recent IESG statement to the effect that those'd be better
> > as https URLs. The first such example is in 3.1. In fact that URL is
> > re-directed (for me) to https. I think a general pass to fix such URLs
> > to use https wherever possible would be easy and better practice.
> >
>


no objection to changing the URLs to use https



> > - Some of the namespaces use http schemed URLs, for example in
> > section 4.2. I don't know if people are expected to de-reference such
> > URLs, but if they are then it'd be good to say if https is better to use
> > or not. (I'd argue it is.) If those URLs are not expected to be
> > de-referenced, then saying that would be good. (Not that it'd stop
> > people de-referencing 'em so the change is better in any case;-)
>
>
no objection to changing the YANG namespace examples to something else


> I don't see any response on these questions on list and it would be
> good to get an answer, so I'll include a link in my ballot in case the
> authors are not seeing it for some reason.
>
> Thanks,
> Kathleen
>
> >
> > Cheers,
> > S.
> >
>
>
>

Andy


>
> --
>
> Best regards,
> Kathleen
>