Last Call Review of draft-ietf-netmod-system-mgmt-10
review-ietf-netmod-system-mgmt-10-secdir-lc-eastlake-2014-01-30-00
| Request | Review of | draft-ietf-netmod-system-mgmt |
|---|---|---|
| Requested revision | No specific revision (document currently at 16) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2014-01-21 | |
| Requested | 2014-01-09 | |
| Authors | Andy Bierman , Martin Björklund | |
| I-D last updated | 2014-01-30 | |
| Completed reviews |
Genart Last Call review of -11
by Brian E. Carpenter
(diff)
Genart Telechat review of -11 by Brian E. Carpenter (diff) Genart Telechat review of -13 by Brian E. Carpenter (diff) Genart Telechat review of -16 by Brian E. Carpenter Secdir Last Call review of -10 by Donald E. Eastlake 3rd (diff) Opsdir Early review of -09 by Susan Hares (diff) |
|
| Assignment | Reviewer | Donald E. Eastlake 3rd |
| State | Completed | |
| Request | Last Call review on draft-ietf-netmod-system-mgmt by Security Area Directorate Assigned | |
| Reviewed revision | 10 (document currently at 16) | |
| Result | Has issues | |
| Completed | 2014-01-30 |
review-ietf-netmod-system-mgmt-10-secdir-lc-eastlake-2014-01-30-00
Hi, Sorry this review is late. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. I believe this draft is ready with issues. This draft specifies a YANG data model for configuration and identification of NETCONF server device information. You might think there would not be much in the way of Security Considerations for a "data model" but the model includes User Authentication, sensitive writable data objects, and the like. For user password authentication, there are provisions for storing a plain text of the password or a salted hash. Hash functions available are MD5, SHA-256, and SHA-512. Security Considerations: The Security Considerations section seems pretty thorough in covering NETCONF security features such as SSH transport and access controls. However, I believe the Security Considerations should recommend not storing passwords as plaintext but rather as a salted hash. While the Security Considerations section refers to RFC 6151 for MD5 Security Considerations and having that reference is good, I believe this document should also recommend that MD5 not be used as the password salted hash function. For the list of sensitive readable data and sensitive remote procedure call operations, the draft is careful to say "It is thus important to control access to these operations." However, while it is pretty obvious, these words or equivalent seem to be missing in reference to the sensitive writable data. Trivial: Section 2.3, first line: "need" -> "needs" Section 2.3, 2nd paragraph, second line: "need" -> "needs" I believe RPC should be expanded to "remote procedure call" at its one use in the text of the draft, unless I've expanded the acronym wrong, which would be proof that whatever it stands for it should be spelled out. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3 at gmail.com