Last Call Review of draft-ietf-netconf-restconf-15
review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21-00
Request | Review of | draft-ietf-netconf-restconf |
---|---|---|
Requested revision | No specific revision (document currently at 18) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-08-03 | |
Requested | 2016-07-14 | |
Authors | Andy Bierman , Martin Björklund , Kent Watsen | |
I-D last updated | 2016-07-21 | |
Completed reviews |
Genart Early review of -09 by Robert Sparks
(diff)
Genart Last Call review of -15 by Robert Sparks (diff) Genart Last Call review of -15 by Dale R. Worley (diff) Genart Telechat review of -17 by Dale R. Worley (diff) Secdir Early review of -09 by Liang Xia (diff) Secdir Last Call review of -15 by Liang Xia (diff) Opsdir Early review of -13 by Lionel Morand (diff) |
|
Assignment | Reviewer | Liang Xia |
State | Completed | |
Request | Last Call review on draft-ietf-netconf-restconf by Security Area Directorate Assigned | |
Reviewed revision | 15 (document currently at 18) | |
Result | Ready | |
Completed | 2016-07-21 |
review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21-00
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in NETCONF. I have reviewed draft-ietf-netconf-restconf-09 as the Secdir before. My general thoughts about it is: Firstly, the document appears in reasonably good shape. Secondly, in general, the RESTCONF is an application protocol layered on the HTTP protocol. As mentioned in the document, just using the HTTPS (with TLS) can address most of the security issues such as confidentiality, integrity, authentication, etc. In other words, RESTCONF is designed inherently based on a good security base. Now, after several rounds of update, this draft has became better in the aspect of security considerations. I don’t see further security issues in addition to the description in the sections of “Transport Protocol Requirements” and “Security Considerations”. In summary, I think this draft is Ready! Thanks! B.R. Frank