Hi, Magnus, Thanks a lot for the review.
Your points make sense to me, and also are consistent with what has already stated in sec.2.2 of RFC 6241 (https://datatracker.ietf.org/doc/html/rfc6241#section-2.2) and sec.2.1 of RFC8040 (https://datatracker.ietf.org/doc/html/rfc8040#section-2.1). The authors have proposed a PR to address them: https://github.com/netmod-wg/immutable-flag/pull/25/changes. However, please also note that the paragraph you commented on is inherited from the Security Considerations template in RFC 9907. I have CC-ed Mahesh and also the WG to see if there is any intention to update the global template (https://wiki.ietf.org/group/ops/yang-security-guidelines) for future security considerations with YANG data models as well. Best Regards, Qiufang // co-author -----Original Message----- From: Magnus Nyström via Datatracker [mailto:[email protected]] Sent: Tuesday, June 9, 2026 4:29 AM To: [email protected] Cc: [email protected]; [email protected]; [email protected] Subject: draft-ietf-netmod-immutable-flag-11 ietf last call Secdir review Document: draft-ietf-netmod-immutable-flag Title: YANG Metadata Annotation for Immutable Flag Reviewer: Magnus Nyström Review result: Has Nits The netmod-immutable-flag I-D is well written as is it's Security Considerations section. However, I do have one suggestion which is to specify not just that secure transport layer "have to" (which BTW is not RFC2119) be used, but also the actual requirements of that layer - e.g., is confidentiality required? Is integrity? E.g., the need for mutual authentication is proscribed, but without integrity protection that could prove less valuable. _______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
