IETF Last Call Review of draft-ietf-netmod-system-config-16
review-ietf-netmod-system-config-16-secdir-lc-rosomakho-2026-01-04-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

The document is straightforward and easy to read, but the security
considerations section would benefit from some improvements. 1. While the
document does not introduce new protocol mechanisms, it normatively specifies
in sections 6.2-6.4 how existing mechanisms can be used to modify system
configuration. The Security Considerations section does not explicitly discuss
the implications of granting write access. 2. Even though the defined <system>
is read-only it may contain extremely sensitive information. The current NACM
reference seems to be too shallow for the sensitivity involved. It would be
great to explicitly mention authorization granularity and audit best practices.
3. The security implications of potential merge conflicts or precedence rules
between <system> configuration and <running> or <operational> configuration are
not discussed. Misconfiguration in these interactions could lead to unintended
system behavior including security policy bypass and availability risks. This
should be acknowledged in the Security Considerations section. 4. The document
currently references RFC 8446. Given ongoing updates, this reference should be
updated to draft-ietf-tls-rfc8446bis (RFC-to-be 9846).