Document: draft-ietf-netmod-system-config Title: System-defined Configuration Reviewer: Yaroslav Rosomakho Review result: Has Issues
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document is straightforward and easy to read, but the security considerations section would benefit from some improvements. 1. While the document does not introduce new protocol mechanisms, it normatively specifies in sections 6.2-6.4 how existing mechanisms can be used to modify system configuration. The Security Considerations section does not explicitly discuss the implications of granting write access. 2. Even though the defined <system> is read-only it may contain extremely sensitive information. The current NACM reference seems to be too shallow for the sensitivity involved. It would be great to explicitly mention authorization granularity and audit best practices. 3. The security implications of potential merge conflicts or precedence rules between <system> configuration and <running> or <operational> configuration are not discussed. Misconfiguration in these interactions could lead to unintended system behavior including security policy bypass and availability risks. This should be acknowledged in the Security Considerations section. 4. The document currently references RFC 8446. Given ongoing updates, this reference should be updated to draft-ietf-tls-rfc8446bis (RFC-to-be 9846). _______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
