Last Call Review of draft-ietf-teas-yang-te-types-09
review-ietf-teas-yang-te-types-09-secdir-lc-smyslov-2019-05-08-00
| Request | Review of | draft-ietf-teas-yang-te-types |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-05-16 | |
| Requested | 2019-05-02 | |
| Authors | Tarek Saad , Rakesh Gandhi , Xufeng Liu , Vishnu Pavan Beeram , Igor Bryskin | |
| I-D last updated | 2019-05-08 | |
| Completed reviews |
Yangdoctors Early review of -01
by Jan Lindblad
(diff)
Rtgdir Last Call review of -06 by Ines Robles (diff) Secdir Last Call review of -09 by Valery Smyslov (diff) Genart Last Call review of -09 by Linda Dunbar (diff) |
|
| Assignment | Reviewer | Valery Smyslov |
| State | Completed | |
| Request | Last Call review on draft-ietf-teas-yang-te-types by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/UXVej8W-ylOb1n0fH8Gsl5jWNDI | |
| Reviewed revision | 09 (document currently at 13) | |
| Result | Has nits | |
| Completed | 2019-05-08 |
review-ietf-teas-yang-te-types-09-secdir-lc-smyslov-2019-05-08-00
Reviewer: Valery Smyslov Review result: Ready with Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft defines a set of common YANG elements (typedefs, identities and groupings) that are intended to be used in Traffic Engineering related YANG modules. The draft as such doesn't have security implications. The Security Considerations section contains general advices on using YANG with data management protocols (like NETCONF or RESTCONF), which are applicable when these definitions are imported and used in other YANG modules. The advices include using secure protocols (SSH for NETCONF and TLS1.3 for RESTCONF) and implementing access control for sensitive YANG data nodes. Nit: I don't think that reference to TLS1.3 (RFC8446) should be normative. In my understanding readers of this document are not obliged to read and fully understand the details of TLS to be able to import the definitions and create a TE-related YANG module.