Skip to main content

Telechat Review of draft-ietf-lime-yang-connectionless-oam-methods-10

Request Review of draft-ietf-lime-yang-connectionless-oam-methods
Requested revision No specific revision (document currently at 13)
Type Telechat Review
Team Ops Directorate (opsdir)
Deadline 2017-10-24
Requested 2017-10-11
Authors Deepak Kumar , Zitao Wang , Qin Wu , Reshad Rahman , Srihari Raghavan
I-D last updated 2017-10-23
Completed reviews Yangdoctors Early review of -03 by Carl Moberg (diff)
Opsdir Telechat review of -10 by Jouni Korhonen (diff)
Secdir Telechat review of -11 by Benjamin Kaduk (diff)
Genart Telechat review of -09 by Brian E. Carpenter (diff)
Assignment Reviewer Jouni Korhonen
State Completed
Request Telechat review on draft-ietf-lime-yang-connectionless-oam-methods by Ops Directorate Assigned
Reviewed revision 10 (document currently at 13)
Result Ready
Completed 2017-10-23
I did a quite shallow review on the document. Apart from some trivial
editorials (that the RFC editor will catch better than I do anyway), and one
comment in Section 5, the document is ready to go.

In Section 5 on lines:
1006       Some of the RPC operations in this YANG module may be considered
1007       sensitive or vulnerable in some network environments.  It is thus
1008       important to control access to these operations.  These are the
1009       operations and their sensitivity/vulnerability:
1011       o  continuity-check: Generates continuity check.
1013       o  path-discovery: Generates path discovery.
1015       which may lead to Denial-of-Service attack on both the local device
1016       and the network or unauthorized source access to some sensitive
1017       information.

Some basic questions. What are the mentioned "some networks environment" and
why they are vulnerable? How/why the DoS is the identified vulnerability here?
And in general lines 1015-1017 are hard (at least to me) to understand in the
light of earlier text.

The IDnits comments are not relevant (the reported error is just editorial).

The YANG module also passed the validation (I used yangvalidator) with date
related warnings.