[Teas] Secdir Last Call review of draft-ietf-teas-yang-te-types

"Valery Smyslov" <valery@smyslov.net> Wed, 08 May 2019 08:27 UTC

Return-Path: <valery@smyslov.net>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 50B36120041; Wed, 8 May 2019 01:27:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=smyslov.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Gw4Z3FqQPxvr; Wed, 8 May 2019 01:27:15 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0508412002F; Wed, 8 May 2019 01:27:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4d/ST0+qP+outbn7SPkB1kB8WPe3utcDQjv8ijwOfwM=; b=y5AnetFnSjrw6oCLHtGC067QNJ Y0OUCzHLLOTbs3Gph7UiGCALUnDkLbXMI/AT9wNhcyV5dP1h/sBhXrkXjuvDwtui2xXNTzgpyAeDR jfGvyEzivCnQoq6FHLVU1uxHWWRFcp7e96jj9WT43lV69Lmpfp2orgfoKK7/tWSyeAoixUQAsJGwq 2vCn+OF+ivboyf8ObK8fEdoHLpTrXZ2ej5E//eAgYS7yY2IzN2eFjHvlJxQK+eQakmPrvcIn2SYGc +DGRfbj2NXIbcZtShtJ9MEaBBLjr7qRe44CkjMHulDemluVVtMnNxFViSKdLxpbNjrvkhTUKwmGrI 2dTOsQXw==;
Received: from [] (port=65518 helo=buildpc) by direct.host-care.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.91) (envelope-from <valery@smyslov.net>) id 1hOHux-0005hO-Ej; Wed, 08 May 2019 04:27:11 -0400
From: Valery Smyslov <valery@smyslov.net>
To: secdir@ietf.org
Cc: teas@ietf.org, draft-ietf-teas-yang-te-types@ietf.org, ietf@ietf.org
Date: Wed, 08 May 2019 11:27:10 +0300
Message-ID: <04bd01d50577$d66c5a50$83450ef0$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdUFacYNvqiFABSgQWizPW7jA69YFw==
Content-Language: ru
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/jgkJdqkTVjj3uGpQqwv2AGkWZiM>
Subject: [Teas] Secdir Last Call review of draft-ietf-teas-yang-te-types
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 08:27:16 -0000

Reviewer: Valery Smyslov	
Review result: Ready with Nits

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The draft defines a set of common YANG elements (typedefs, identities and groupings)
that are intended to be used in Traffic Engineering related YANG modules.
The draft as such doesn't have security implications. The Security Considerations
section contains general advices on using YANG with data management
protocols (like NETCONF or RESTCONF), which are applicable when 
these definitions are imported and used in other YANG modules.
The advices include using secure protocols (SSH for NETCONF and TLS1.3 for RESTCONF)
and implementing access control for sensitive YANG data nodes. 

Nit: I don't think that reference to TLS1.3 (RFC8446)
should be normative. In my understanding readers of this document
are not obliged to read and fully understand the details of TLS to be able
to import the definitions and create a TE-related YANG module.