Last Call Review of draft-ietf-ccamp-alarm-module-07
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14-00

Request Review of draft-ietf-ccamp-alarm-module
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-03-20
Requested 2019-03-06
Draft last updated 2019-03-14
Completed reviews Yangdoctors Last Call review of -06 by Carl Moberg (diff)
Rtgdir Last Call review of -06 by Joel Halpern (diff)
Secdir Last Call review of -07 by Shawn Emery (diff)
Genart Last Call review of -07 by Dan Romascanu (diff)
Opsdir Last Call review of -07 by Joe Clarke (diff)
Genart Telechat review of -09 by Dan Romascanu
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14
Reviewed rev. 07 (document currently at 09)
Review result Has Nits
Review completed: 2019-03-14

Review
review-ietf-ccamp-alarm-module-07-secdir-lc-emery-2019-03-14

Reviewer: Shawn M. Emery
Review result: Ready with nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a YANG module for the purpose of network device alarm
management.

The security considerations section does exist and follows the
yang-security-guidelines.
I believe the data nodes and operations of concern are covered in this
section, but it seems
that alarm-profiles could also be sensitive if an attacker were to
downgrade the severity of
an alarm by changing the alarm-severity-assignment-profile.

General comments:

None.

Editorial comments:

s/northbound/north-bound/
s/definition also focus/definition also focuses/
s/an hierarchy/a hierarchy/
s/raised again etc/raised again, etc/
s/sent Notifications/sent.  Notifications/
s/alarn/alarm/
s/The NETCONF access control model/The Network Configuration Access Control
Model (NACM)/
s/notify-status-change:/notify-status-changes:/

OLD:
This leaf controls whether an alarm should notify only raise and clear or
all severity level
changes.  Unauthorized access to leaf could have a negative impact on
operational procedures
relying on fine-grained alarm state change reporting.

NEW:
This leaf controls whether an alarm should notify based on various state
changes.  Unauthorized
access to this leaf could have a negative impact on operational procedures
relying on
fine-grained alarm state change reporting.

Shawn.
--