Last Call Review of draft-ietf-alto-oam-yang-12
review-ietf-alto-oam-yang-12-secdir-lc-salz-2023-09-28-00

Request Review of draft-ietf-alto-oam-yang
Requested revision No specific revision (document currently at 17)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-10-06
Requested 2023-09-22
Authors Jingxuan Zhang , Dhruv Dhody , Kai Gao , Roland Schott , Qiufang Ma
I-D last updated 2023-09-28
Completed reviews Dnsdir Last Call review of -12 by Scott Rose (diff)
Secdir Last Call review of -12 by Rich Salz (diff)
Genart Last Call review of -12 by Dan Romascanu (diff)
Dnsdir Telechat review of -14 by Scott Rose (diff)
Dnsdir Telechat review of -15 by Ted Lemon (diff)
Yangdoctors Early review of -06 by Andy Bierman (diff)
Opsdir Early review of -06 by Dan Romascanu (diff)
Tsvart Early review of -06 by Spencer Dawkins (diff)
Assignment Reviewer Rich Salz
State Completed
Request Last Call review on draft-ietf-alto-oam-yang by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/2MAwq8CYIdGXzOjo_nZY8NYB96U
Reviewed revision 12 (document currently at 17)
Result Ready
Completed 2023-09-28
review-ietf-alto-oam-yang-12-secdir-lc-salz-2023-09-28-00
I know a little bit about YANG (having helped with the cryptographic keys
definitions for SSH, TLS) and almost nothing about ALTO (but I stayed at a XXXX
I mean I read the RFC 7285).

I read the security considerations carefully. It did a nice job pointing out
that some of the data could be sensitive so be careful about exposing it to
everyone. The opening sentence "Both of these protocols have
mandatory-to-implement secure transport layers (e.g., SSH, TLS) with mutual
authentication." Should probably be followed with some kind of advice about
SHOULD use mutual authentication when any sensitive data is being retrieved or
modified.

A started to read some of the YANG definitions, but I defer to the YANG Doctors.

From a security perspective, this is definitely READY.