Re: [Teas] Secdir last call review of draft-ietf-teas-yang-te-topo-20

Xufeng Liu <> Fri, 24 May 2019 00:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D08BB12018F; Thu, 23 May 2019 17:45:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cP6Ib0gAo8t1; Thu, 23 May 2019 17:45:57 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 39B3B120041; Thu, 23 May 2019 17:45:57 -0700 (PDT)
Received: by with SMTP id g16so6410222iom.9; Thu, 23 May 2019 17:45:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kab1Yvppxj5oDoq19tRC5Tcbkzwwf3pdPKRiBQibWsk=; b=VyR5VXre2dMAOahqKAButsevDNRqtvDXtmMDhI07aYi9ny42BftDFBtDMxyi9F+C5D PT0Ir8PCgsjOe3H1kn+tRXTTBAQOahYi6KCUhV5DLivGjoNJR6AYTGeOUihwEM+slU4U QggvH1PyytJe1LczG1rWA8/juu1JTgFeuC/vtseXRsejs/0uaPJ5L/VifFdUtHiE5wEh FPl5QQ0zSaTZz3q+R7TK9IldsMM2M4aRmF6k4OnjYl/X4ubRwDI8o3eZgLhimjikZnid tGt1viOGMycQsVxJ27hjRDC9eYAB/9aBEVPLb4Okym86kki/mD009j4ZyFJMGdUtlBci Ajrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kab1Yvppxj5oDoq19tRC5Tcbkzwwf3pdPKRiBQibWsk=; b=mg4XonVqAmojPXNcvO7RUJmDrlqCCdvyh7Veq11hX51kqCz1h37+sd4aWF4YYckFib v8US037KihtU4xySUq8qu4lPrhO7fHM5w1lv4KinzxDGfJwXqUQQeq6sON+GMSqQCXct IUG+358FF3xJG1xZJq527JJc2sP23Zku793v5Ky+LHo0Obm+nNQdgedSPnlWjuvHFHxd 5o1OsP0xsBrHRpMMUSaLBCgu6UtS9VCcjB6rdT0kjrSEDO6OLVL4LXdacDU5t9uQLbyT 9lb4+2BZoOu8+PHPHek8BJ80KvGEbb25Zx2GNFlMkW8t+IhzZgGi1jexeOIpIKXjWLp2 AW3A==
X-Gm-Message-State: APjAAAXa7UfFXzqoNUy/E74D8Z9Ov7hQd+GNtwHWhZEO4Fp1UXs4DtI1 bCRgCCX6hdfBWSVgTQvWJ0x/bFTf0NwDE1K0WUDU0t9Y
X-Google-Smtp-Source: APXvYqxxEZ0FzfKOdR6lPn+Mpr0mBxXJUXe4V+y6/xZhkYgapuo1yaR89Eq2AFn6BE22MFIULugCaEXZhQde6ewj9pc=
X-Received: by 2002:a6b:4e10:: with SMTP id c16mr2030880iob.181.1558658756288; Thu, 23 May 2019 17:45:56 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Xufeng Liu <>
Date: Thu, 23 May 2019 20:45:45 -0400
Message-ID: <>
To: Melinda Shore <>
Cc:, ietf <>, TEAS WG <>,
Content-Type: multipart/alternative; boundary="0000000000007eadbd0589978568"
Archived-At: <>
Subject: Re: [Teas] Secdir last call review of draft-ietf-teas-yang-te-topo-20
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 24 May 2019 00:46:00 -0000

Hi Melinda,

Thanks for the review. We have posted the updated revision to address
these issues. We have updated the text in the Security Considerations
section to describe the possible actions by a malicious attacker. As for
the mandatory references to RFC5246 and RFC6536, they were obsoleted by
newer RFCs so we replaced them with the newer ones.
RFC5246 has been obsoleted by RFC8446, so we now use RFC8446 instead. Do we
still need to reference RFC5246?
RFC6536 has been obsoleted by RFC8341, so we now use RFC8341 instead. Do we
still need to reference RFC6536?

- Xufeng

On Tue, May 14, 2019 at 2:25 PM Melinda Shore via Datatracker <> wrote:

> Reviewer: Melinda Shore
> Review result: Not Ready
> This review updates my previous review of the -15 draft (see
> ).
>  I'm pleased to see the update to the security considerations sections,
> although it's still fairly generic and doesn't describe the threat
> environment
> (this may seem like a nit but it's not: describing how changes to
> individual
> subtrees may impact the system does not really detail how a malicious
> actor may
> subvert or disable the system).  I think this section arguably does
> conform to
> the yang-security-guidelines template despite the missing detail and
> modulo the
> missing mandatory references to 5246 and 6536.  I'm torn between marking
> this
> has "Has Issues" (because of the lack of threat description in the Security
> Considerations) and "Not Ready" (because of the missing mandatory
> references)
> but am going with the latter, and it's up to the IESG how heavily they'd
> like
> to weight the generic descriptions of modified subtree impacts.