Skip to main content

Last Call Review of draft-ietf-core-yang-cbor-15
review-ietf-core-yang-cbor-15-secdir-lc-emery-2021-03-10-01

Request Review of draft-ietf-core-yang-cbor
Requested revision No specific revision (document currently at 20)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2021-03-17
Requested 2021-03-04
Requested by Tero Kivinen
Authors Michel Veillette , Ivaylo Petrov , Alexander Pelov , Carsten Bormann , Michael Richardson
Draft last updated 2021-03-17
Completed reviews Yangdoctors Last Call review of -15 by Joe Clarke (diff)
Secdir Last Call review of -15 by Shawn M Emery (diff)
Genart Last Call review of -15 by Peter E. Yee (diff)
Genart Telechat review of -16 by Peter E. Yee (diff)
Assignment Reviewer Shawn M Emery
State Completed
Review review-ietf-core-yang-cbor-15-secdir-lc-emery-2021-03-10
Posted at https://mailarchive.ietf.org/arch/msg/secdir/-D_eqJGLn39M737HSMRh_Cz8uGE
Reviewed revision 15 (document currently at 20)
Result Has Nits
Completed 2021-03-17
review-ietf-core-yang-cbor-15-secdir-lc-emery-2021-03-10-01
My apologies for not including the template directly below with my original
post of this review:

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This standards track draft specifies YANG modules for Concise Binary Object
Representation (CBOR) encodings.

The security considerations section does exist and refers to RFCs 8949 and 7950
for underlying security issues.  It continues that there are no additional
security concerns introduced by this draft outside of any specific context or
protocol.  I agree with this assertion.  I don't know how pedantic we should be
in including the YANG module security considerations template to a draft that
does not specify modules specific to a protocol, i.e. writable nodes, sensitive
readable nodes, and RPC operations.  I defer this decision to the security ADs.

General comments:

None.

Editorial comments:

None.