Skip to main content

Last Call Review of draft-ietf-netmod-schema-mount-10
review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27-00

Request Review of draft-ietf-netmod-schema-mount
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-06-29
Requested 2018-06-15
Authors Martin Björklund , Ladislav Lhotka
Draft last updated 2018-06-27
Completed reviews Secdir Last Call review of -10 by Shawn M Emery (diff)
Opsdir Last Call review of -10 by Mehmet Ersue (diff)
Rtgdir Telechat review of -10 by Matthew Bocci (diff)
Genart Last Call review of -10 by Joel M. Halpern (diff)
Genart Telechat review of -11 by Joel M. Halpern (diff)
Assignment Reviewer Shawn M Emery
State Completed
Review review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27
Reviewed revision 10 (document currently at 12)
Result Has Nits
Completed 2018-06-27
review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27-00
Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a schema for YANG module mount points for yet another
specified schema location.

The security considerations section does exist and refers to transport
security
through SSH and HTTPS for NETCONF and RESTCONF, respectively.  For
authorization, the spec refers to RFC 8341 for controlling NETCONF and
RESTCONF user access.  Data that would be considered sensitive or subject
to attack is briefly described and prescribes read access controls for said
data.
I agree with the authors' assertions.

General comments:

None.

Editorial comments:

OLD:

These are the subtrees and data nodes and their sensitivity/vulnerability:

NEW:

The following should be considered for subtrees/data nodes and their
corresponding

sensitivity/vulnerability:


Shawn.
--