IETF Last Call Review of draft-ietf-netconf-distributed-notif-19
review-ietf-netconf-distributed-notif-19-secdir-lc-migault-2026-06-08-00
| Request | Review of | draft-ietf-netconf-distributed-notif |
|---|---|---|
| Requested revision | No specific revision (document currently at 19) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2026-03-08 | |
| Requested | 2026-02-22 | |
| Requested by | Mahesh Jethanandani | |
| Authors | Tianran Zhou , Guangying Zheng , Eric Voit , Thomas Graf , Pierre Francois | |
| I-D last updated | 2026-04-21 (Latest revision 2026-04-13) | |
| Completed reviews |
Yangdoctors Early review of -13
by Martin Björklund
(diff)
Opsdir Early review of -14 by Jürgen Schönwälder (diff) Opsdir IETF Last Call review of -19 by Yingzhen Qu Yangdoctors IETF Last Call review of -17 by Martin Björklund (diff) Genart IETF Last Call review of -18 by Joel M. Halpern (diff) Secdir IETF Last Call review of -19 by Daniel Migault Tsvart IETF Last Call review of -18 by Magnus Westerlund (diff) Intdir IETF Last Call review of -18 by Florian Obser (diff) |
|
| Comments |
The SEDDIR review should look for any security implications as far as sending traffic from the Component (a.k.a. line cards) to an entity outside the chassis. Similarly, the INTDIR review should examine the implications of establishing an IP network inside and outside the box. The transport experts should examine the use of UDP and any possible issues with sending data over it. Finally, the YANG doctors should (re)examine any changes to the YANG module and OPSDIR on any operational considerations that were not obvious before. |
|
| Assignment | Reviewer | Daniel Migault |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-netconf-distributed-notif by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/bQMPErB234Fc_aJms79Tfc05a4M | |
| Reviewed revision | 19 | |
| Result | Ready | |
| Completed | 2026-06-08 |
review-ietf-netconf-distributed-notif-19-secdir-lc-migault-2026-06-08-00
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. I have no particular expertise in YANG or NETCONF, so please bear with me if I am missing some context. As I understand it, the document introduces a shift from the traditional model—where a single route processor aggregates data from internal Components and publishes it to the Receiver—to a distributed model where multiple Publisher Agents communicate directly with the external Receiver. If my understanding is correct, this seems to carry a few security implications that might be worth expanding upon in the Security Considerations section: 1. Expanded trust surface at the Receiver. In the traditional model, the Receiver establishes trust with a single entity (the route processor). In the proposed model, the Receiver would need to trust multiple Publisher Agents independently, which increases the number of identities to manage and authenticate. 2. Internal communication becomes external. In the traditional model, Agents provide their data to the route processor over an internal path. This draft appears to move that data flow from an internal Agent-to-Processor exchange to an external Agent-to-Receiver exchange, which would increase the overall exposure of the system. 3. Reduced centralized control. The route processor traditionally could serve as a control point for outbound telemetry. With Agents publishing directly to Receivers, some of that centralized oversight may no longer apply. It might be helpful to briefly describe these architectural trade-offs.