Telechat Review of draft-ietf-mpls-ldp-yang-07
review-ietf-mpls-ldp-yang-07-secdir-telechat-emery-2019-11-28-00

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG model for the Multi-Protocol Label
Switching (MPLS) Label Distribution Protocol (LDP).  Network
Configuration Protocol (NETCONF) and RESTCONF is used
to mange network devices based on this model.

The security considerations section does exist and for security
and privacy concerns, discusses that the MTI for NETCONF is
SSH and TLS for RESTCONF.  For authorization, NETCONF
and RESTCONF uses the Network Configuration Access Control
Model (NACM).

The section goes on to state that some data nodes
and RPC operations in the YANG module are considered sensitive
to various operations, but does not give guidance on which nodes
or subtrees that would be affected.  In the past, module specifications
that I've reviewed have outlined each of these relevant items.

The section finishes with the statement that the security
properties of the base specifications, LDP, LDP IPv6, etc., also applies
to this draft.  I agree with the above assertions.

General comments:

None.

Editorial comments:

s/into following/into the following/
s/means and be read/should be read/
s/family"/family"./
s/VPN Forwarding and Routing/VPN Routing and Forwarding/
s/provides a mean/provides a means/
s/Neibgbor/Neighbor/
s/pereference/preference/
s/creatable\/ deletable/creatable\/deletable/

RESTCONF should be expanded on first ocurence.

Shawn.
--