Thanks for the feedback from Mahesh and Kent, much appreciated. We have just posted -12, which adheres to the existing Security Considerations template defined in RFC 9907 and keeps the original descriptive wording unchanged.
Please let us know if you have further comments. Thanks. Best regards, Qiufang // co-author From: Mahesh Jethanandani [mailto:[email protected]] Sent: Thursday, June 11, 2026 1:24 AM To: Kent Watsen <[email protected]> Cc: maqiufang (A) <[email protected]>; Magnus Nyström <[email protected]>; [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [netmod] draft-ietf-netmod-immutable-flag-11 ietf last call Secdir review I agree with Kent and Qiufang that we do not need to change the Security Considerations section. NETCONF [RFC6241] and RESTCONF[RFC8040] already talk about authentication, integrity, and confidentiality, and the Security Considerations section is reiterating the state as it exists today (though the language could be improved), not stipulating a new normative requirement. Thanks. On Jun 10, 2026, at 3:17 AM, Kent Watsen <[email protected]<mailto:[email protected]>> wrote: I disagree with the s/have to/MUST/ change. The paragraph’s intent is to state that which exists, without the auspice of creating new normative rules. Kent On Jun 10, 2026, at 2:43 AM, maqiufang (A) <[email protected]<mailto:[email protected]>> wrote: Hi, Magnus, Thanks a lot for the review. Your points make sense to me, and also are consistent with what has already stated in sec.2.2 of RFC 6241 (https://datatracker.ietf.org/doc/html/rfc6241#section-2.2) and sec.2.1 of RFC8040 (https://datatracker.ietf.org/doc/html/rfc8040#section-2.1). The authors have proposed a PR to address them: https://github.com/netmod-wg/immutable-flag/pull/25/changes. However, please also note that the paragraph you commented on is inherited from the Security Considerations template in RFC 9907. I have CC-ed Mahesh and also the WG to see if there is any intention to update the global template (https://wiki.ietf.org/group/ops/yang-security-guidelines) for future security considerations with YANG data models as well. Best Regards, Qiufang // co-author -----Original Message----- From: Magnus Nyström via Datatracker [mailto:[email protected]] Sent: Tuesday, June 9, 2026 4:29 AM To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: draft-ietf-netmod-immutable-flag-11 ietf last call Secdir review Document: draft-ietf-netmod-immutable-flag Title: YANG Metadata Annotation for Immutable Flag Reviewer: Magnus Nyström Review result: Has Nits The netmod-immutable-flag I-D is well written as is it's Security Considerations section. However, I do have one suggestion which is to specify not just that secure transport layer "have to" (which BTW is not RFC2119) be used, but also the actual requirements of that layer - e.g., is confidentiality required? Is integrity? E.g., the need for mutual authentication is proscribed, but without integrity protection that could prove less valuable. -- last-call mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Mahesh Jethanandani [email protected]<mailto:[email protected]>
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
