Skip to main content

Last Call Review of draft-ietf-teas-yang-te-topo-15

Request Review of draft-ietf-teas-yang-te-topo
Requested revision No specific revision (document currently at 22)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-05-30
Requested 2018-05-16
Authors Xufeng Liu , Igor Bryskin , Vishnu Pavan Beeram , Tarek Saad , Himanshu C. Shah , Oscar Gonzalez de Dios
I-D last updated 2018-06-07
Completed reviews Yangdoctors Last Call review of -08 by Mahesh Jethanandani (diff)
Secdir Last Call review of -15 by Melinda Shore (diff)
Genart Last Call review of -15 by Russ Housley (diff)
Genart Last Call review of -20 by Russ Housley (diff)
Secdir Last Call review of -20 by Melinda Shore (diff)
Assignment Reviewer Melinda Shore
State Completed
Request Last Call review on draft-ietf-teas-yang-te-topo by Security Area Directorate Assigned
Reviewed revision 15 (document currently at 22)
Result Has issues
Completed 2018-06-07
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with issues

This document defines a technology-agnostic YANG data model for
representation of traffic engineering topologies, and is intended to
serve as a base model for other technology-specific traffic engineering
topology models.

The document is clearly written and appears comprehensive with respect
to its subject matter.  I suspect that sections 1-4 would be a useful
reference for people wanting to learn about TE topologies in general,
and I enjoyed reading it.

The security considerations section is scanty and, unfortunately,
insufficient.  The statement "The data-model by itself does not create
any security implications" seems questionable at best, since it contains
information about network topology and the treatment of traffic,
which may be of value to an attacker.  The lack of discussion of
the threat environment is particularly problematic given that the
model is intended to be used for manipulating TE topologies.  The
authors may want to look to draft-ietf-i2rs-yang-network-topo as
a model (no pun intended) of a good security considerations
section for a topology model.  I don't see how this document can
be published with the security considerations section in its current

This is really a trivial nit, but a nit nevertheless - the second
paragraph of the terminology section probably belongs in the
introduction instead, as it lays out expectations for the reader
and contains a pointer to introductory material for readers
unfamiliar with the IETF's traffic engineering work.