Skip to main content

Last Call Review of draft-ietf-netconf-monitoring-
review-ietf-netconf-monitoring-secdir-lc-dekok-2010-06-11-00

Request Review of draft-ietf-netconf-monitoring
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-06-15
Requested 2010-05-03
Authors Martin Björklund , Mark Scott
I-D last updated 2010-06-11
Completed reviews Secdir Last Call review of -?? by Alan DeKok
Assignment Reviewer Alan DeKok
State Completed
Request Last Call review on draft-ietf-netconf-monitoring by Security Area Directorate Assigned
Completed 2010-06-11
review-ietf-netconf-monitoring-secdir-lc-dekok-2010-06-11-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

 The document defines a data model for netconf monitoring.  The security
considerations section says in part:

   Some of the readable data nodes in this YANG module may be
   considered sensitive or vulnerable in some network environments.
   It is thus important to control read access (e.g. via get,
   get-config or notification) to these data nodes.

  What is unclear from the document is whether or not the data is secure
*after* access is gained.  i.e. is there a secure transport layer?
Should one be used?  If not, why?

  A statement about privacy and security, with a reference to an
existing netconf document would be good.