Last Call Review of draft-ietf-tictoc-1588v2-yang-10
review-ietf-tictoc-1588v2-yang-10-secdir-lc-weiler-2018-10-03-00
| Request | Review of | draft-ietf-tictoc-1588v2-yang |
|---|---|---|
| Requested rev. | no specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-09-07 | |
| Requested | 2018-08-24 | |
| Other Reviews |
Intdir Early review of -07 by Dave Thaler (diff) Opsdir Last Call review of -09 by Sheng Jiang (diff) Genart Last Call review of -09 by Linda Dunbar (diff) Genart Telechat review of -10 by Linda Dunbar (diff) Yangdoctors Early review of -10 by Radek Krejčí (diff) |
|
| Review | State | Completed |
| Reviewer | Samuel Weiler | |
| Review | review-ietf-tictoc-1588v2-yang-10-secdir-lc-weiler-2018-10-03 | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/6i2DCR6iGEjECRztOEuOViMkjOc | |
| Reviewed rev. | 10 (document currently at 11) | |
| Review result | Has Issues | |
| Draft last updated | 2018-10-03 | |
| Review completed: | 2018-10-03 |
Review
review-ietf-tictoc-1588v2-yang-10-secdir-lc-weiler-2018-10-03
I wonder whether there should be a requirement to use authentication when making updates. As the doc says: Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. I'm sure someone will argue "if this is used in a closed network, we can avoid the use of authentication". Prudence suggests that "closed" networks don't remain that way forever, and defense-in-depth is advisable. Let's add a MUST or at least a SHOULD.