Last Call Review of draft-ietf-netconf-restconf-15
review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21-00

Request Review of draft-ietf-netconf-restconf
Requested rev. no specific revision (document currently at 18)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-08-03
Requested 2016-07-14
Other Reviews Genart Early review of -09 by Robert Sparks (diff)
Genart Last Call review of -15 by Robert Sparks (diff)
Genart Last Call review of -15 by Dale Worley (diff)
Genart Telechat review of -17 by Dale Worley (diff)
Secdir Early review of -09 by Liang Xia (diff)
Opsdir Early review of -13 by Lionel Morand (diff)
Review State Completed
Reviewer Liang Xia
Review review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg06692.html
Reviewed rev. 15 (document currently at 18)
Review result Ready
Draft last updated 2016-07-21
Review completed: 2016-07-21

Review
review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21






Hello,




I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just like any other last call comments.




 




This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in NETCONF.




 




I have reviewed draft-ietf-netconf-restconf-09 as the Secdir before. My general thoughts about it is:




 




Firstly, the document appears in reasonably good shape.




 




Secondly, in general, the RESTCONF is an application protocol layered on the HTTP protocol. As mentioned in the document, just using the HTTPS (with TLS) can address most of the security issues such as confidentiality,
 integrity, authentication, etc. In other words, RESTCONF is designed inherently based on a good security base.




 




 




Now, after several rounds of update, this draft has became better in the aspect of security considerations. I don’t see further security issues in addition to the description in the sections of “Transport Protocol Requirements”
 and “Security Considerations”. 




 




In summary, I think this draft is Ready!




 




Thanks!




 




B.R.




Frank