Last Call Review of draft-ietf-netconf-rfc6536bis-04
review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06-00
| Request | Review of | draft-ietf-netconf-rfc6536bis |
|---|---|---|
| Requested rev. | no specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2017-09-15 | |
| Requested | 2017-08-22 | |
| Requested by | Mahesh Jethanandani | |
| Authors | Andy Bierman, Martin Björklund | |
| Draft last updated | 2017-09-06 | |
| Completed reviews |
Yangdoctors Last Call review of -04 by Radek Krejčí
(diff)
Opsdir Last Call review of -04 by Linda Dunbar (diff) Genart Telechat review of -07 by Stewart Bryant (diff) |
|
| Comments | Although this is only a bis document, the original RFC does not seem have gotten a OPS-DIR review. The entire document should be reviewed from a OPS-DIR perspective. |
|
| Assignment | Reviewer | Linda Dunbar |
| State | Completed | |
| Review | review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06 | |
| Reviewed rev. | 04 (document currently at 09) | |
| Review result | Has Issues | |
| Review completed: | 2017-09-06 |
Review
review-ietf-netconf-rfc6536bis-04-opsdir-lc-dunbar-2017-09-06
I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the operational area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Document: draft-ietf-netconf-rfc6536bis-04 Reviewer: Linda Dunbar Review result: Has issues. Comments: Page 6: Section 2.1 Access Control Points (first sentence) NETCONF is a protocol. What does it mean by saying NETCONF allow other new protocols operations? Can you provide some examples? Do you mean the operations other than Create, Read, Update and Delete? Page 13: Here is the description of the <action> operation defined by RFC7950. I would think that the client should have the “update” privilege (not just “read) to trigger it, should it? More general question: The document is to specify the mechanism to restrict NETCONF for particular users. Intuitively, I would think that the restriction should be applied to specific data store (or data model) on servers. For example, for the data model specified by “draft-ietf-netmod-acl-model-11”, can’t you set up the (CRUD) permission right for setting up <access-lists> by specific user id? Best Regards, Linda Dunbar