Thank you for addressing the key issues! After reading draft-17 I see few minor nits I'd recommend correcting:
1. Section 6.1 says "If system configuration changes, <running> SHOULD remain a valid configuration data tree." I think this statement needs to be either changed to MUST or clarified under which circumstances <running> may have invalid configuration data tree. Invalid configuration may also pose a security risk - especially if an attacker has a creative way of triggering such a condition intentionally. 2. Section 7.2 YANG module copyright year needs to be updated to 2026 3. Typo is section 7.3: "could be reterieved" -> "could be retrieved" 4. Section 7.3: "in an NETCONF" -> "in a NETCONF" 5. First example is Section A.1: "additional leafs" -> "additional leaves" -yaroslav On Wed, Jan 7, 2026 at 1:26 PM maqiufang (A) <maqiufang1= [email protected]> wrote: > Hi, Yaroslav, > > Thanks a lot for the review. Thought I believe it is the documents that > define the data nodes/subtree themselves should take care of their > sensitivity, it does no harm to reiterate these concerns in this document. > The authors have added a new subsection inside section 9 (Security > Considerations) to incorporate your comments below. Please review the diff > at : > https://author-tools.ietf.org/diff?url_1=https://raw.githubusercontent.com/QiufangMa/system-config/refs/heads/main/draft-ietf-netmod-system-config-17.txt, > and let us know if you have further comments. > > Thanks a lot! > > Best Regards, > Qiufang // co-author > > -----Original Message----- > From: Yaroslav Rosomakho via Datatracker [mailto:[email protected]] > Sent: Sunday, January 4, 2026 8:39 PM > To: [email protected] > Cc: [email protected]; [email protected]; > [email protected] > Subject: draft-ietf-netmod-system-config-16 ietf last call Secdir review > > Document: draft-ietf-netmod-system-config > Title: System-defined Configuration > Reviewer: Yaroslav Rosomakho > Review result: Has Issues > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > The document is straightforward and easy to read, but the security > considerations section would benefit from some improvements. 1. While the > document does not introduce new protocol mechanisms, it normatively > specifies in sections 6.2-6.4 how existing mechanisms can be used to modify > system configuration. The Security Considerations section does not > explicitly discuss the implications of granting write access. 2. Even > though the defined <system> is read-only it may contain extremely sensitive > information. The current NACM reference seems to be too shallow for the > sensitivity involved. It would be great to explicitly mention authorization > granularity and audit best practices. > 3. The security implications of potential merge conflicts or precedence > rules between <system> configuration and <running> or <operational> > configuration are not discussed. Misconfiguration in these interactions > could lead to unintended system behavior including security policy bypass > and availability risks. This should be acknowledged in the Security > Considerations section. 4. The document currently references RFC 8446. > Given ongoing updates, this reference should be updated to > draft-ietf-tls-rfc8446bis (RFC-to-be 9846). > > > _______________________________________________ > secdir mailing list -- [email protected] > To unsubscribe send an email to [email protected] > wiki: https://wiki.ietf.org/group/secdir/SecDirReview -- This communication (including any attachments) is intended for the sole use of the intended recipient and may contain confidential, non-public, and/or privileged material. Use, distribution, or reproduction of this communication by unintended recipients is not authorized. If you received this communication in error, please immediately notify the sender and then delete all copies of this communication from your system.
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
