Skip to main content

Last Call Review of draft-ietf-netmod-opstate-reqs-04
review-ietf-netmod-opstate-reqs-04-secdir-lc-kivinen-2016-02-11-00

Request Review of draft-ietf-netmod-opstate-reqs
Requested revision No specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-02-16
Requested 2016-02-04
Authors Kent Watsen , Thomas Nadeau
I-D last updated 2016-02-11
Completed reviews Genart Last Call review of -04 by Christer Holmberg
Secdir Last Call review of -04 by Tero Kivinen
Opsdir Last Call review of -04 by Al Morton
Assignment Reviewer Tero Kivinen
State Completed
Request Last Call review on draft-ietf-netmod-opstate-reqs by Security Area Directorate Assigned
Reviewed revision 04
Result Has nits
Completed 2016-02-11
review-ietf-netmod-opstate-reqs-04-secdir-lc-kivinen-2016-02-11-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is terminology and requirements document for handling operational
state. As such the security considerations section cannot have very
detailed problems, but it does properly point out that while
configuration is being applied the device might be in inconsistent
state, and that might cause security issues.

It does not say anything about how the configuration requests needs to
be secured, but I assume that is more in to the actual protocol RFC
issue, than this document.

It does not also comment anything about whether the different states
(intended configuration, applied configuration and derivative state)
should have different security policies to applied to them, i.e.
it does say that it should be possible to retrieve only applied
configuration or only derived state, but does not mention should there
also be different security policies to do those operations. In some
cases the derivative state might contain things like traffic keys
negotiated during the protocol runs, or traffic information aabout
flows passing the devices (privacy issues), so derivative state might
be more sensitive than the actual applied configuration.

Outside the security considerations section the requirement which
says:

       A.  A server MUST support only synchronous configuration
           operations, or only asynchronous configuration operations, or
           both synchronous and asynchronous configuration operations on
           a client-specified per-operation basis.

is bit funny, as it effectively says that either syncronous or
asyncronous MUST be supported and both may be supported, but I do not
understand what the "client-specified per-operation basis" is meaning
for the requirement for server.

Client cannot really require server to change its IMPLEMENTATION on
per-operation basis (i.e., client 1 requesting that server MUST
support only asyncronous operations, and client 2 requesting that
server MUST support only syncronous operations).

Client can use either syncronous or asyncronous if both are supported
by the server, and I assume this is trying to say that client can
select syncronous/asyncronous operation per-operation basis, but when
you are talking about that "A server MUST support ..." I do not think
it is ok to requiring that on a client-specified way.

I.e. proper way would be to say that if server supports both, it MUST
allow client to select which method is used on per-operation basis.
-- 
kivinen at iki.fi