Last Call Review of draft-ietf-softwire-yang-14
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07-00

Request Review of draft-ietf-softwire-yang
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-10-11
Requested 2018-09-27
Other Reviews Genart Last Call review of -06 by Roni Even (diff)
Yangdoctors Last Call review of -06 by Martin Björklund (diff)
Tsvart Telechat review of -13 by Michael Tüxen (diff)
Genart Telechat review of -13 by Roni Even (diff)
Review State Completed
Reviewer Phillip Hallam-Baker
Review review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07
Posted at https://mailarchive.ietf.org/arch/msg/secdir/cyH8F3sZ47bVBOxh6JRcWaIfMvw
Reviewed rev. 14 (document currently at 16)
Review result Has Nits
Draft last updated 2019-01-07
Review completed: 2019-01-07

Review
review-ietf-softwire-yang-14-secdir-lc-hallam-baker-2019-01-07

The document describes a schema and has appropriately identified the read/write security concerns arising from it.

One issue that I thing could be usefully spelled out is that the use of automated tools to decode structures of this type is not merely a programming convenience. Attempts to parse length delimited objects nested in length delimited structures using handwritten code is error prone and has led to introduction of numerous buffer overrun vulnerabilities.