Last Call Review of draft-ietf-netconf-rfc6536bis-04

Request Review of draft-ietf-netconf-rfc6536bis
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2017-09-15
Requested 2017-08-22
Requested by Mahesh Jethanandani
Authors Andy Bierman, Martin Björklund
Draft last updated 2017-09-06
Completed reviews Yangdoctors Last Call review of -04 by Radek Krejčí (diff)
Opsdir Last Call review of -04 by Linda Dunbar (diff)
Genart Telechat review of -07 by Stewart Bryant (diff)
Although this is only a bis document, the original RFC does not seem have gotten a OPS-DIR review. The entire document should be reviewed from a OPS-DIR perspective.
Assignment Reviewer Linda Dunbar
State Completed
Review review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06
Reviewed rev. 04 (document currently at 09)
Review result Has Issues
Review completed: 2017-09-06


I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the operational area directors.

Document editors and WG chairs should treat these comments just like any other last call comments.


Document: draft-ietf-netconf-rfc6536bis-04


Reviewer: Linda Dunbar


Review result: Has issues.




Page 6:

Section 2.1 Access Control Points (first sentence)


NETCONF is a protocol.  What does it mean by saying NETCONF allow other new protocols operations? Can you provide some examples?

Do you mean the operations other than Create, Read, Update and Delete?




Page 13:

Here is the description of the <action> operation defined by RFC7950. I would think that the client should have the “update” privilege (not just “read) to trigger it, should it?




More general question:

The document is to specify the mechanism to restrict NETCONF for particular users.


Intuitively, I would think that the restriction should be applied to specific data store (or data model) on servers.


For example, for the data model specified by “draft-ietf-netmod-acl-model-11”, can’t you set up the (CRUD) permission right for setting up <access-lists> by specific user id?


Best Regards, Linda Dunbar