Last Call Review of draft-ietf-netmod-interfaces-cfg-10
review-ietf-netmod-interfaces-cfg-10-secdir-lc-emery-2013-05-16-00

Request Review of draft-ietf-netmod-interfaces-cfg
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-05-03
Requested 2013-04-25
Other Reviews Genart Last Call review of -10 by Roni Even (diff)
Genart Last Call review of -14 by Roni Even (diff)
Genart Last Call review of -15 by Roni Even (diff)
Opsdir Early review of -13 by Susan Hares (diff)
Review State Completed
Reviewer Shawn Emery
Review review-ietf-netmod-interfaces-cfg-10-secdir-lc-emery-2013-05-16
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03944.html
Reviewed rev. 10 (document currently at 16)
Review result Ready
Draft last updated 2013-05-16
Review completed: 2013-05-16

Review
review-ietf-netmod-interfaces-cfg-10-secdir-lc-emery-2013-05-16

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG. 


These comments were written primarily for the benefit of the security 


area directors. Document editors and WG chairs should treat these 


comments just like any other last call comments.






This internet-draft specifies a data model used for the management of 


network interfaces.






The security considerations section does exist and discusses that the 


data is made available through the NETCONF protocol.  NETCONF uses SSH 


to access and transfer said data.  It goes on to discuss the 


implications of unattended access to list and leaf data, but does not 


provide guidance on how to mitigate against unauthorized access.  If 


this is discussed in the NETCONF draft then this draft should at least 


provide this reference.




General comments:

None.

Editorial comments:

None.

Shawn.
--