> On Feb 25, 2018, at 10:59 AM, Paul Wouters <[email protected]> wrote: > > Reviewer: Paul Wouters > Review result: Has Issues > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. > Document editors and WG chairs should treat these comments just like any > other last call comments. > > The summary of the review is Has Issues. > > This Informational draft specifies an information model for routing > information > bases (RIBs) , and hints at how a read/write API would look like. I think the > document should be improved to clarify this API beyond a simple mention of SSH > and TLS in its own section, outside of the Security Consideration section. For > example, if this is TLS, what is used? Something restful? xml? json? What > would > the URI be? And for ssh, what kind of access would be given? How is this > restricted to the RIB API ?
When I was reviewing the draft, I was wondering if the document needs a Security Considerations section. I would say that the information model should describe the routing information. I do not think it should specify it. It is more the data model (draft-ietf-i2rs-rib-data-model) that defines or specifies the model, and should have security considerations documented. Suggest /specifies/describes/g > > > _______________________________________________ > i2rs mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2rs Mahesh Jethanandani [email protected]
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
