Hi Don! Thanks for the changes in -06.
To keep things moving, I'll start the IETF LC and we can handle my residual feedback below concurrently. > -----Original Message----- > From: IPsec <ipsec-boun...@ietf.org> On Behalf Of Roman Danyliw > Sent: Friday, May 6, 2022 4:25 PM > To: ipsec@ietf.org WG <ipsec@ietf.org> > Subject: [IPsec] AD Review of draft-ietf-ipsecme-yang-iptfs-05 [snip] > ** Section 5. Please use the YANG security template as a means to be specific > about the read and write implications of this module. > [Don]OK Cribbing from https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines, the consistency I was aiming for is roughly: (1) OLD The YANG module defined in this document can enable, disable and modify the behavior of IP traffic flow security, for the implications regarding these types of changes consult the [I-D.ietf-ipsecme-iptfs] which defines the functionality. NEW Certain data nodes defined in this YANG module are writable/creatable/deletable. These changes can enable, disable and modify the behavior of IP traffic flow security, for the implications regarding these types of changes consult the [I-D.ietf-ipsecme-iptfs] which defines the functionality. The relevant sub-trees or nodes are <insert module reference>. (2) OLD IP-TFS hides the traffic flows through the network, however anywhere that IP-TFS YANG statistics access is enabled, can reveal some information about traffic flows as well. Therefore, access to IP-TFS YANG statistics also needs to be protected from third party observation. NEW Certain readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. While IP-TFS hides the traffic flows through the network, IP-TFS YANG statistics could reveal some information about traffic flows. Therefore, access to IP-TFS YANG statistics also needs to be protected from third party observation. These IP-TFS YANG statistics can be found at <insert appropriate list of sub-trees or data nodes>. Regards, Roman _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
