Telechat Review of draft-ietf-i2rs-rib-data-model-10

Request Review of draft-ietf-i2rs-rib-data-model
Requested rev. no specific revision
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2018-03-06
Requested 2018-02-15
Other Reviews Rtgdir Early review of -05 by John Scudder (diff)
Yangdoctors Early review of -09 by Ebben Aries (diff)
Genart Telechat review of -10 by Stewart Bryant
Review State Completed
Reviewer Derrell Piper
Review review-ietf-i2rs-rib-data-model-10-secdir-telechat-piper-2018-02-22
Posted at
Reviewed rev. 10
Review result Ready
Draft last updated 2018-02-22
Review completed: 2018-02-22


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The summary of the review is Ready.

This document defines a YANG data model for the Routing Information Base

The Security Considerations section states that it's intended to run
over SSH (NETCONF) or TLS (RESTCONF) and thus relies on discretionary
access control defined by these underlying protocols along with the
security of SSH/TLS.  It further calls out the 'RIB', 'route', and
'nexthop' subtrees being defined, as being sensitive.

Useful references: RFC6536 defines the network access control
mechanism, RFC7921 explains the security environment for I2RS, and
RFC8241 discusses the specific security requirements for I2RS.