Hi Chris, Thank you for the review. Much appreciated. For the security guidelines, we are following this recommendation from RFC8407: This section MUST be patterned after the latest approved template (available at <https://trac.ietf.org/trac/ops/wiki/yang-security- guidelines>). Section 3.7.1 contains the security considerations template dated 2013-05-08 and last updated on 2018-07-02. Authors MUST check the web page at the URL listed above in case there is a more recent version available. Cheers, Med > -----Message d'origine----- > De : Chris Lonvick via Datatracker <noreply@xxxxxxxx> > Envoyé : dimanche 10 octobre 2021 18:21 > À : secdir@xxxxxxxx > Cc : draft-ietf-opsawg-l2nm.all@xxxxxxxx; last-call@xxxxxxxx; > opsawg@xxxxxxxx > Objet : Secdir last call review of draft-ietf-opsawg-l2nm-07 > > Reviewer: Chris Lonvick > Review result: Ready > > Hello, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. > Document editors and WG chairs should treat these comments just like any > other last call comments. > > The summary of the review is READY with some very minor nits in the > Security Considerations section. > > I'm not well versed in this area but I'll say that the entire document is > understandable and appears well written. I found no obvious errors or > problems in my brief review. > > The first paragraph in the Security Considerations section lists that this > work is built atop YANG, NETCONF, or RESTCONF, and lists the transport > protocols that are used for them, but stops short of providing guidance. > My recommendation is to address this by adding a sentence such as, > "Developers, implementers, and administrators of this specification should > be familiar with the Security Considerations sections of those RFCs." > > The remaining paragraphs of the Security Considerations section provide a > list of tools that may be used along with guidance on using them to secure > access to sensitive items. The authors may wish to summarize this by > adding a sentence such as, "Administrators may consider using these, and > perhaps other tools, to enforce a security policy." > > Regards, > Chris > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
