Last Call Review of draft-ietf-teas-yang-te-topo-15
review-ietf-teas-yang-te-topo-15-secdir-lc-shore-2018-06-07-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with issues

This document defines a technology-agnostic YANG data model for
representation of traffic engineering topologies, and is intended to
serve as a base model for other technology-specific traffic engineering
topology models.

The document is clearly written and appears comprehensive with respect
to its subject matter.  I suspect that sections 1-4 would be a useful
reference for people wanting to learn about TE topologies in general,
and I enjoyed reading it.

The security considerations section is scanty and, unfortunately,
insufficient.  The statement "The data-model by itself does not create
any security implications" seems questionable at best, since it contains
information about network topology and the treatment of traffic,
which may be of value to an attacker.  The lack of discussion of
the threat environment is particularly problematic given that the
model is intended to be used for manipulating TE topologies.  The
authors may want to look to draft-ietf-i2rs-yang-network-topo as
a model (no pun intended) of a good security considerations
section for a topology model.  I don't see how this document can
be published with the security considerations section in its current
condition.

This is really a trivial nit, but a nit nevertheless - the second
paragraph of the terminology section probably belongs in the
introduction instead, as it lays out expectations for the reader
and contains a pointer to introductory material for readers
unfamiliar with the IETF's traffic engineering work.

Melinda