Last Call Review of draft-ietf-netmod-schema-mount-10
review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27-00
| Request | Review of | draft-ietf-netmod-schema-mount |
|---|---|---|
| Requested revision | No specific revision (document currently at 12) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-06-29 | |
| Requested | 2018-06-15 | |
| Authors | Martin Björklund , Ladislav Lhotka | |
| Draft last updated | 2018-06-27 | |
| Completed reviews |
Secdir Last Call review of -10
by
Shawn M Emery
(diff)
Opsdir Last Call review of -10 by Mehmet Ersue (diff) Rtgdir Telechat review of -10 by Matthew Bocci (diff) Genart Last Call review of -10 by Joel M. Halpern (diff) Genart Telechat review of -11 by Joel M. Halpern (diff) |
|
| Assignment | Reviewer | Shawn M Emery |
| State | Completed | |
| Review |
review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27
|
|
| Reviewed revision | 10 (document currently at 12) | |
| Result | Has Nits | |
| Completed | 2018-06-27 |
review-ietf-netmod-schema-mount-10-secdir-lc-emery-2018-06-27-00
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a schema for YANG module mount points for yet another specified schema location. The security considerations section does exist and refers to transport security through SSH and HTTPS for NETCONF and RESTCONF, respectively. For authorization, the spec refers to RFC 8341 for controlling NETCONF and RESTCONF user access. Data that would be considered sensitive or subject to attack is briefly described and prescribes read access controls for said data. I agree with the authors' assertions. General comments: None. Editorial comments: OLD: These are the subtrees and data nodes and their sensitivity/vulnerability: NEW: The following should be considered for subtrees/data nodes and their corresponding sensitivity/vulnerability: Shawn. --