Roman Danyliw has entered the following ballot position for draft-ietf-netmod-factory-default-14: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Please use YANG security considerations template from https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines. Specifically (as a DISCUSS item): ** (Per the template questions “for all YANG modules you must evaluate whether any readable data”) Would factory-default contain any sensitive information in certain network environments where the ACLs should be more restrictive that world readable for everyone? Per “The operational disruption caused by setting the config to factory default contents varies greatly depending on the implementation and current config”, it seems like it could be worse than just an operational disruption. Please note that a default configuration could be insecure or not have security controls enabled whereby exposing the network to compromise. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please use YANG security considerations template from https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines. Specifically (as a COMMENT item): ** Add “The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to …” _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
