Last Call Review of draft-ietf-ccamp-alarm-module-07
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14-00

• Status
• Email expansions
• History

• Versions
• 00

Review
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG module for the purpose of network device alarm
management.

The security considerations section does exist and follows the
yang-security-guidelines.
I believe the data nodes and operations of concern are covered in this
section, but it seems
that alarm-profiles could also be sensitive if an attacker were to
downgrade the severity of
an alarm by changing the alarm-severity-assignment-profile.

General comments:

None.

Editorial comments:

s/northbound/north-bound/
s/definition also focus/definition also focuses/
s/an hierarchy/a hierarchy/
s/raised again etc/raised again, etc/
s/sent Notifications/sent.  Notifications/
s/alarn/alarm/
s/The NETCONF access control model/The Network Configuration Access Control
Model (NACM)/
s/notify-status-change:/notify-status-changes:/

OLD:
This leaf controls whether an alarm should notify only raise and clear or
all severity level
changes.  Unauthorized access to leaf could have a negative impact on
operational procedures
relying on fine-grained alarm state change reporting.

NEW:
This leaf controls whether an alarm should notify based on various state
changes.  Unauthorized
access to this leaf could have a negative impact on operational procedures
relying on
fine-grained alarm state change reporting.

Shawn.
--