Last Call Review of draft-ietf-ccamp-alarm-module-07
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14-00
| Request | Review of | draft-ietf-ccamp-alarm-module |
|---|---|---|
| Requested rev. | no specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-03-20 | |
| Requested | 2019-03-06 | |
| Authors | Stefan Vallin, Martin Björklund | |
| Draft last updated | 2019-03-14 | |
| Completed reviews |
Yangdoctors Last Call review of -06 by Carl Moberg
(diff)
Rtgdir Last Call review of -06 by Joel Halpern (diff) Secdir Last Call review of -07 by Shawn Emery (diff) Genart Last Call review of -07 by Dan Romascanu (diff) Opsdir Last Call review of -07 by Joe Clarke (diff) Genart Telechat review of -09 by Dan Romascanu |
|
| Assignment | Reviewer | Shawn Emery |
| State | Completed | |
| Review | review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14 | |
| Reviewed rev. | 07 (document currently at 09) | |
| Review result | Has Nits | |
| Review completed: | 2019-03-14 |
Review
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a YANG module for the purpose of network device alarm management. The security considerations section does exist and follows the yang-security-guidelines. I believe the data nodes and operations of concern are covered in this section, but it seems that alarm-profiles could also be sensitive if an attacker were to downgrade the severity of an alarm by changing the alarm-severity-assignment-profile. General comments: None. Editorial comments: s/northbound/north-bound/ s/definition also focus/definition also focuses/ s/an hierarchy/a hierarchy/ s/raised again etc/raised again, etc/ s/sent Notifications/sent. Notifications/ s/alarn/alarm/ s/The NETCONF access control model/The Network Configuration Access Control Model (NACM)/ s/notify-status-change:/notify-status-changes:/ OLD: This leaf controls whether an alarm should notify only raise and clear or all severity level changes. Unauthorized access to leaf could have a negative impact on operational procedures relying on fine-grained alarm state change reporting. NEW: This leaf controls whether an alarm should notify based on various state changes. Unauthorized access to this leaf could have a negative impact on operational procedures relying on fine-grained alarm state change reporting. Shawn. --