Alissa Cooper has entered the following ballot position for draft-ietf-softwire-yang-14: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-softwire-yang/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The security considerations do not seem to follow the YANG security guidelines <https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines>. They do not list the specific writeable and readable subtrees/nodes and why they are sensitive. The fact that all the writeable nodes could "negatively affect network operations" seems trivially true for most writeable YANG module nodes. In the case of these modules, there seem to be multiple different threats relevant to different nodes, including exposure of data about individual users/customers, potential for disruption of the operations of the BR or CE, etc. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I think "external party" would make more sense than "abuse party." _______________________________________________ Softwires mailing list Softwires@ietf.org https://www.ietf.org/mailman/listinfo/softwires
