Telechat Review of draft-ietf-mpls-ldp-yang-07
review-ietf-mpls-ldp-yang-07-secdir-telechat-emery-2019-11-28-00

Request Review of draft-ietf-mpls-ldp-yang
Requested rev. no specific revision (document currently at 07)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2019-12-03
Requested 2019-11-12
Authors Kamran Raza, Rajiv Asati, Xufeng Liu, Santosh Esale, Xia Chen, Himanshu Shah
Draft last updated 2019-11-28
Completed reviews Yangdoctors Early review of -01 by Dean Bogdanović (diff)
Yangdoctors Early review of -02 by Jan Lindblad (diff)
Genart Last Call review of -06 by Theresa Enghardt (diff)
Rtgdir Last Call review of -06 by Yingzhen Qu (diff)
Yangdoctors Last Call review of -06 by Jan Lindblad (diff)
Secdir Telechat review of -07 by Shawn Emery
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-mpls-ldp-yang-07-secdir-telechat-emery-2019-11-28
Posted at https://mailarchive.ietf.org/arch/msg/secdir/UY6_dJ3tD0_CLBh4C0Lf1-mmxmE
Reviewed rev. 07
Review result Has Nits
Review completed: 2019-11-25

Review
review-ietf-mpls-ldp-yang-07-secdir-telechat-emery-2019-11-28

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG model for the Multi-Protocol Label
Switching (MPLS) Label Distribution Protocol (LDP).  Network
Configuration Protocol (NETCONF) and RESTCONF is used
to mange network devices based on this model.

The security considerations section does exist and for security
and privacy concerns, discusses that the MTI for NETCONF is
SSH and TLS for RESTCONF.  For authorization, NETCONF
and RESTCONF uses the Network Configuration Access Control
Model (NACM).

The section goes on to state that some data nodes
and RPC operations in the YANG module are considered sensitive
to various operations, but does not give guidance on which nodes
or subtrees that would be affected.  In the past, module specifications
that I've reviewed have outlined each of these relevant items.

The section finishes with the statement that the security
properties of the base specifications, LDP, LDP IPv6, etc., also applies
to this draft.  I agree with the above assertions.

General comments:

None.

Editorial comments:

s/into following/into the following/
s/means and be read/should be read/
s/family"/family"./
s/VPN Forwarding and Routing/VPN Routing and Forwarding/
s/provides a mean/provides a means/
s/Neibgbor/Neighbor/
s/pereference/preference/
s/creatable\/ deletable/creatable\/deletable/

RESTCONF should be expanded on first ocurence.

Shawn.
--