And as additional context to what Med is asking, here is some text from draft-ietf-netconf-udp-client-server:
The module by itself does not expose any data nodes that are writable, data nodes that contain read-only state, or RPCs. As such, there are no additional security issues related to the YANG module that need to be considered. Granted, in this case the draft is defining only groupings. Regardless, the question is if the draft is not defining e.g., any writable nodes, should the draft be silent about it, or call out explicitly? Cheers. > On Oct 29, 2024, at 1:33 AM, [email protected] wrote: > > Hi all, > > Mahesh raised a comment for a document I'm editing: > > ==== >> >> Do the authors want to add a statement that says no rpcs are defined, >> and therefore no security considerations need to be documented for >> them. > > [Med] Not sure that is needed. Please note that the template only requests to > add RPC cons where these are defined: > > -- if your YANG module has defined any RPC operations > -- describe their specific sensitivity or vulnerability. > > Do you see a value in saying it explicitly? If so, we need to have this > included in the template. > ==== > > Any preference about updating the template? > > Cheers, > Med > ____________________________________________________________________________________________________________ > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > Mahesh Jethanandani [email protected]
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
