Last Call Review of draft-ietf-teas-yang-te-topo-20
review-ietf-teas-yang-te-topo-20-secdir-lc-shore-2019-05-14-00
| Request | Review of | draft-ietf-teas-yang-te-topo |
|---|---|---|
| Requested revision | No specific revision (document currently at 22) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-05-15 | |
| Requested | 2019-05-01 | |
| Authors | Xufeng Liu , Igor Bryskin , Vishnu Pavan Beeram , Tarek Saad , Himanshu C. Shah , Oscar Gonzalez de Dios | |
| I-D last updated | 2019-05-14 | |
| Completed reviews |
Yangdoctors Last Call review of -08
by Mahesh Jethanandani
(diff)
Secdir Last Call review of -15 by Melinda Shore (diff) Genart Last Call review of -15 by Russ Housley (diff) Genart Last Call review of -20 by Russ Housley (diff) Secdir Last Call review of -20 by Melinda Shore (diff) |
|
| Assignment | Reviewer | Melinda Shore |
| State | Completed | |
| Request | Last Call review on draft-ietf-teas-yang-te-topo by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/m0PnRzUzRZW9RR2qYxE4YL069HM | |
| Reviewed revision | 20 (document currently at 22) | |
| Result | Not ready | |
| Completed | 2019-05-14 |
review-ietf-teas-yang-te-topo-20-secdir-lc-shore-2019-05-14-00
This review updates my previous review of the -15 draft (see https://datatracker.ietf.org/doc/review-ietf-teas-yang-te-topo-15-secdir-lc-shore-2018-06-07/). I'm pleased to see the update to the security considerations sections, although it's still fairly generic and doesn't describe the threat environment (this may seem like a nit but it's not: describing how changes to individual subtrees may impact the system does not really detail how a malicious actor may subvert or disable the system). I think this section arguably does conform to the yang-security-guidelines template despite the missing detail and modulo the missing mandatory references to 5246 and 6536. I'm torn between marking this has "Has Issues" (because of the lack of threat description in the Security Considerations) and "Not Ready" (because of the missing mandatory references) but am going with the latter, and it's up to the IESG how heavily they'd like to weight the generic descriptions of modified subtree impacts.