Last Call Review of draft-ietf-netconf-rfc4742bis-
|Requested revision||No specific revision (document currently at 08)|
|Type||Last Call Review|
|Team||Security Area Directorate (secdir)|
|I-D last updated||2011-03-03|
Secdir Last Call review of -??
by Rob Austein
|Request||Last Call review on draft-ietf-netconf-rfc4742bis by Security Area Directorate Assigned|
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft is an updated specification for transport of NETCONF message streams over SSH connections using the SSHv2 "subsystem" protocol. These message streams are bi-directional channels conveying multiple complete XML documents in each direction. The main change from RFC 4742 to this draft is a revision to the framing protocol. The original framing protocol in RFC 4742 used a magic delimiter string "]]>]]>" in the mistaken belief that such a string could never appear in a well-formed XML document. The current document defines a new counted-length framing protocol, but preserves vestiges of the old framing protocol for backwards compatibility and requires use of the old protocol during the initial capability exchange. I have no serious security concerns regarding this document, but I do have two comments: 1) If it's worth changing the framing protocol at all, which I'm willing to accept as a given, it is far from obvious to me that the current negotiated upgrade is the right way to do it, as this will require implementation of the old bad mechanism forever. Switching to a new SSH subsystem name seems like a much simpler solution. 2) As a matter of stylistic consistency with the last several decades of Internet protocols, the delimiter sequence in the new framing protocol should have been <CRLF>, not <LF>. Sigh.