Last Call Review of draft-ietf-netconf-rfc6536bis-04
review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06-00

Request Review of draft-ietf-netconf-rfc6536bis
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2017-09-15
Requested 2017-08-22
Requested by Mahesh Jethanandani
Other Reviews Yangdoctors Last Call review of -04 by Radek Krejčí (diff)
Comments
Although this is only a bis document, the original RFC does not seem have gotten a OPS-DIR review. The entire document should be reviewed from a OPS-DIR perspective.
Review State Completed
Reviewer Linda Dunbar
Review review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06
Posted at https://www.ietf.org/mail-archive/web/ops-dir/current/msg02814.html
Reviewed rev. 04 (document currently at 06)
Review result Has Issues
Last updated 2017-09-06

Review
review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06

I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the operational area directors.

Document editors and WG chairs should treat these comments just like any other last call comments.

 

Document: draft-ietf-netconf-rfc6536bis-04

 

Reviewer: Linda Dunbar

 

Review result: Has issues.

 

Comments:

 

Page 6:

Section 2.1 Access Control Points (first sentence)



 

NETCONF is a protocol.  What does it mean by saying NETCONF allow other new protocols operations? Can you provide some examples?

Do you mean the operations other than Create, Read, Update and Delete?

 

 

 

Page 13:

Here is the description of the <action> operation defined by RFC7950. I would think that the client should have the “update” privilege (not just “read) to trigger it, should it?

 



 

 

More general question:

The document is to specify the mechanism to restrict NETCONF for particular users.

 

Intuitively, I would think that the restriction should be applied to specific data store (or data model) on servers.

 

For example, for the data model specified by “draft-ietf-netmod-acl-model-11”, can’t you set up the (CRUD) permission right for setting up <access-lists> by specific user id?

 

Best Regards, Linda Dunbar