Last Call Review of draft-ietf-netmod-yang-usage-
review-ietf-netmod-yang-usage-secdir-lc-yu-2010-07-11-00
| Request | Review of | draft-ietf-netmod-yang-usage |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-07-08 | |
| Requested | 2010-06-24 | |
| Authors | Andy Bierman | |
| Draft last updated | 2010-07-11 | |
| Completed reviews |
Secdir Last Call review of -??
by
Taylor Yu
|
|
| Assignment | Reviewer | Taylor Yu |
| State | Completed | |
| Review |
review-ietf-netmod-yang-usage-secdir-lc-yu-2010-07-11
|
|
| Completed | 2010-07-11 |
review-ietf-netmod-yang-usage-secdir-lc-yu-2010-07-11-00
This document provides usage guidelines for the YANG data modeling
language so that standards track YANG data models will be more
readable and interoperable.
The Security Considerations section of this document states that it
does not introduce any new or increased risks to the management
system. In fact, the document includes advice for consistently
communicating those risks in the context of YANG modules.
The Security Considerations section makes reference to a URL
http://www.ops.ietf.org/yang-security-considerations.txt
which had no content when I last visited it, so I was unable to review
it.
Section 3.4 lists the items whose security risks must be documented in
a conforming specification. It omits the requirement, stated in Section
4.13, that potentially harmful operations must be mentioned in the
Security Considerations section of the conforming specification.
Section 3.4 should probably include the requirement from 4.13.
Editorial:
Is the use of "<CODE BEGINS>" in the example in Section 3.1 adequately
protected from tools that might interpret that string as beginning a
code component that is never completed?