Last Call Review of draft-ietf-netconf-restconf-15

Request Review of draft-ietf-netconf-restconf
Requested rev. no specific revision (document currently at 18)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-08-03
Requested 2016-07-14
Authors Andy Bierman, Martin Björklund, Kent Watsen
Draft last updated 2016-07-21
Completed reviews Genart Early review of -09 by Robert Sparks (diff)
Genart Last Call review of -15 by Robert Sparks (diff)
Genart Last Call review of -15 by Dale Worley (diff)
Genart Telechat review of -17 by Dale Worley (diff)
Secdir Early review of -09 by Liang Xia (diff)
Secdir Last Call review of -15 by Liang Xia (diff)
Opsdir Early review of -13 by Lionel Morand (diff)
Assignment Reviewer Liang Xia 
State Completed
Review review-ietf-netconf-restconf-15-secdir-lc-xia-2016-07-21
Reviewed rev. 15 (document currently at 18)
Review result Ready
Review completed: 2016-07-21



I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just like any other last call comments.


This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in NETCONF.


I have reviewed draft-ietf-netconf-restconf-09 as the Secdir before. My general thoughts about it is:


Firstly, the document appears in reasonably good shape.


Secondly, in general, the RESTCONF is an application protocol layered on the HTTP protocol. As mentioned in the document, just using the HTTPS (with TLS) can address most of the security issues such as confidentiality,
 integrity, authentication, etc. In other words, RESTCONF is designed inherently based on a good security base.



Now, after several rounds of update, this draft has became better in the aspect of security considerations. I don’t see further security issues in addition to the description in the sections of “Transport Protocol Requirements”
 and “Security Considerations”. 


In summary, I think this draft is Ready!