Last Call Review of draft-ietf-softwire-yang-14
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07-00
Request | Review of | draft-ietf-softwire-yang |
---|---|---|
Requested revision | No specific revision (document currently at 16) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-10-11 | |
Requested | 2018-09-27 | |
Authors | Ian Farrer , Mohamed Boucadair | |
I-D last updated | 2019-01-07 | |
Completed reviews |
Secdir Last Call review of -14
by Phillip Hallam-Baker
(diff)
Genart Last Call review of -06 by Roni Even (diff) Yangdoctors Last Call review of -06 by Martin Björklund (diff) Tsvart Telechat review of -13 by Michael Tüxen (diff) Genart Telechat review of -13 by Roni Even (diff) |
|
Assignment | Reviewer | Phillip Hallam-Baker |
State | Completed | |
Request | Last Call review on draft-ietf-softwire-yang by Security Area Directorate Assigned | |
Reviewed revision | 14 (document currently at 16) | |
Result | Has nits | |
Completed | 2019-01-07 |
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07-00
The document describes a schema and has appropriately identified the read/write security concerns arising from it. One issue that I thing could be usefully spelled out is that the use of automated tools to decode structures of this type is not merely a programming convenience. Attempts to parse length delimited objects nested in length delimited structures using handwritten code is error prone and has led to introduction of numerous buffer overrun vulnerabilities.