Skip to main content

Last Call Review of draft-ietf-netconf-tcp-client-server-21

Request Review of draft-ietf-netconf-tcp-client-server
Requested revision No specific revision (document currently at 26)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-02-12
Requested 2024-01-29
Authors Kent Watsen , Michael Scharf
I-D last updated 2024-02-16
Completed reviews Genart Last Call review of -21 by Mallory Knodel (diff)
Secdir Last Call review of -21 by Nancy Cam-Winget (diff)
Opsdir Last Call review of -20 by Bo Wu (diff)
Yangdoctors Last Call review of -09 by Ladislav Lhotka (diff)
Tsvart Last Call review of -21 by Michael Tüxen (diff)
Assignment Reviewer Nancy Cam-Winget
State Completed
Request Last Call review on draft-ietf-netconf-tcp-client-server by Security Area Directorate Assigned
Posted at
Reviewed revision 21 (document currently at 26)
Result Has nits
Completed 2024-02-16
I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document defines 3 YANG 1.1 modules support configuration of
TCP clients and TCP servers. These three modules encompass the 
(1) common configurations, (2) a grouping methodology to enable
Modification of application specific parameters for TCP connections
And (3) configurations specific to clients for traversing proxies.

The document reads well and I have found no issues but have
One nit:

Section 3.1.1 speaks to features such as "socks5-username-password"
and "socks5-gss-api" which have both security and privacy implications.
While there is general mention in the Security Considerations (Section 5),
That care must be taken; given that these parameters are used as examples
in Section 3, it would be note highlighting that care in particular to
these parameters must be properly protected to ensure both confidentiality
and integrity.