Last Call Review of draft-ietf-tictoc-1588v2-yang-10
review-ietf-tictoc-1588v2-yang-10-secdir-lc-weiler-2018-10-03-00
| Request | Review of | draft-ietf-tictoc-1588v2-yang |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-09-07 | |
| Requested | 2018-08-24 | |
| Authors | Yuanlong Jiang , Xian Liu , Jinchun Xu , Rodney Cummings | |
| I-D last updated | 2018-10-03 | |
| Completed reviews |
Intdir Early review of -07
by Dave Thaler
(diff)
Opsdir Last Call review of -09 by Sheng Jiang (diff) Genart Last Call review of -09 by Linda Dunbar (diff) Secdir Last Call review of -10 by Samuel Weiler (diff) Genart Telechat review of -10 by Linda Dunbar (diff) Yangdoctors Early review of -10 by Radek Krejčí (diff) |
|
| Assignment | Reviewer | Samuel Weiler |
| State | Completed | |
| Request | Last Call review on draft-ietf-tictoc-1588v2-yang by Security Area Directorate Assigned | |
| Reviewed revision | 10 (document currently at 11) | |
| Result | Has issues | |
| Completed | 2018-10-03 |
review-ietf-tictoc-1588v2-yang-10-secdir-lc-weiler-2018-10-03-00
I wonder whether there should be a requirement to use authentication when making updates. As the doc says: Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. I'm sure someone will argue "if this is used in a closed network, we can avoid the use of authentication". Prudence suggests that "closed" networks don't remain that way forever, and defense-in-depth is advisable. Let's add a MUST or at least a SHOULD.