Last Call Review of draft-ietf-rtgwg-yang-key-chain-17

Request Review of draft-ietf-rtgwg-yang-key-chain
Requested rev. no specific revision (document currently at 24)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-04-07
Requested 2017-03-17
Other Reviews Rtgdir Early review of -02 by Ines Robles (diff)
Yangdoctors Early review of -13 by Ladislav Lhotka (diff)
Genart Last Call review of -17 by Matthew Miller (diff)
Genart Telechat review of -20 by Matthew Miller (diff)
Review State Completed
Reviewer Vincent Roca
Review review-ietf-rtgwg-yang-key-chain-17-secdir-lc-roca-2017-04-13
Posted at
Reviewed rev. 17 (document currently at 24)
Review result Has Nits
Draft last updated 2017-04-13
Review completed: 2017-04-13



I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: ready with nits

** Question: when saying:

        "When configured, the key-strings can be encrypted using the AES Key Wrap algorithm"

   you do not provide any recommendation. I understand it is possible, but is there any good
   reason to recommend it or do you believe the NETCONF access control feature is sufficient?
   Are there environments where recommending it would be meaningful? I'd like to have more
   This is a bit surprising when I compare with last paragraph where keys are RECOMMENDED
   to be encrypted when stored within network devices.

** Minor comment: I don't see any good reason to separate paragraphs 2 and 4.

Other comments:

** section 1.2: it says:
        " o  Brackets "[" and "]" enclose list keys."
   There may be a confusion with the term "keys" here (i.e., something different from
   a cryptographic key).

   For instance, in section 3.3:
        |  +--rw key-chain* [name]
   name is not a cryptographic key.

** section 2.2: there's something I don't understand. It says:
    3.  When the send lifetime of the new key becomes valid, the network
        devices within the domain of key chain will start sending the new

  I have the feeling you mean that this new key will start to be used for transmissions
  (instead of "start sending the new key"). Did I misunderstood something?