Telechat Review of draft-ietf-pim-igmp-mld-yang-12
review-ietf-pim-igmp-mld-yang-12-secdir-telechat-shekh-yusef-2019-05-14-00

Request Review of draft-ietf-pim-igmp-mld-yang
Requested rev. no specific revision (document currently at 15)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2019-05-28
Requested 2019-05-06
Authors Xufeng Liu, Feng Guo, Mahesh Sivakumar, Pete McAllister, Anish Peter
Draft last updated 2019-05-14
Completed reviews Yangdoctors Early review of -02 by Jan Lindblad (diff)
Yangdoctors Last Call review of -07 by Jan Lindblad (diff)
Rtgdir Last Call review of -10 by He Jia (diff)
Yangdoctors Telechat review of -10 by Jan Lindblad (diff)
Secdir Last Call review of -10 by Rifaat Shekh-Yusef (diff)
Genart Last Call review of -10 by Dale Worley (diff)
Secdir Telechat review of -12 by Rifaat Shekh-Yusef (diff)
Assignment Reviewer Rifaat Shekh-Yusef
State Completed
Review review-ietf-pim-igmp-mld-yang-12-secdir-telechat-shekh-yusef-2019-05-14
Posted at https://mailarchive.ietf.org/arch/msg/secdir/a_3CzB0F0Y_R9cDZKexD1cnZiX8
Reviewed rev. 12 (document currently at 15)
Review result Ready
Review completed: 2019-05-14

Review
review-ietf-pim-igmp-mld-yang-12-secdir-telechat-shekh-yusef-2019-05-14

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready

This document defines a YANG data model that can be used to
configure and manage Internet Group Management Protocol (IGMP) and
Multicast Listener Discovery (MLD) devices.

The security consideration section seems to follow a well defined template for 
new YANG models, and lists sensitive subtrees and data nodes accordingly.

The data nodes are accessible via well defined network management protocols, 
e.g. NETCONF and RESTCONF, and NACM is used to restrict access to a 
pre-configured subset per user.

Regards,
 Rifaat