Last Call Review of draft-ietf-softwire-yang-14
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07-00
| Request | Review of | draft-ietf-softwire-yang |
|---|---|---|
| Requested revision | No specific revision (document currently at 16) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-10-11 | |
| Requested | 2018-09-27 | |
| Authors | Ian Farrer , Mohamed Boucadair | |
| I-D last updated | 2019-01-07 | |
| Completed reviews |
Secdir Last Call review of -14
by Phillip Hallam-Baker
(diff)
Genart Last Call review of -06 by Roni Even (diff) Yangdoctors Last Call review of -06 by Martin Björklund (diff) Tsvart Telechat review of -13 by Michael Tüxen (diff) Genart Telechat review of -13 by Roni Even (diff) |
|
| Assignment | Reviewer | Phillip Hallam-Baker |
| State | Completed | |
| Request | Last Call review on draft-ietf-softwire-yang by Security Area Directorate Assigned | |
| Reviewed revision | 14 (document currently at 16) | |
| Result | Has nits | |
| Completed | 2019-01-07 |
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07-00
The document describes a schema and has appropriately identified the read/write security concerns arising from it. One issue that I thing could be usefully spelled out is that the use of automated tools to decode structures of this type is not merely a programming convenience. Attempts to parse length delimited objects nested in length delimited structures using handwritten code is error prone and has led to introduction of numerous buffer overrun vulnerabilities.