Hi Vincent, Many thanks for your review. Please see inline below. Cheers, Ian
[if - I propose: Old: An attacker who is able to access the DHCPv6 server can undertake various attacks, such as: New: An attacker with read/write access the DHCPv6 server can undertake various attacks, such as: Same change for the relay text." ]
[if - The subtle attacks are properties of the DHCPv6 protocol and the elements which provide it, rather than specifically associated with NETCONF/YANG or other methods by which those elements are configured and managed. The text currently has: "Security considerations related to DHCPv6 are discussed in [RFC8415].” Do you think this covers it?]
[if - The current Security Considerations text contains the following: " Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. Therefore, it is important to control read access (e.g., only permitting get, get- config, or notifications) to these data nodes. These subtrees and data nodes can be misused to track the activity of a host: * Information the server holds about clients with active leases: (dhc6-srv/allocation-ranges/allocation-range/address-pools/ address-pool/active-leases) * Information the relay holds about clients with active leases: (dhc6-rly/relay-if/prefix-delegation/) MAC address/Client DUIDs and other client state information is held as part of these sub-trees. RFC7824 specfically covers DHCPv6 Privacy Considerations in some detail, so I can add The following text: “[RFC7824] covers privacy considerations for DHCPv6 and is applicable here." ]
[if - I’ve changed to the following: Modifying the relay's "destination-address" to send messages to a rogue DHCPv6 server. ]
[if - AFAIK, RESTCONF does not have an expanded acronym (there isn’t one given in RFC8040) The RFC Editor’s list of acronyms (https://www.rfc-editor.org/materials/abbrev.expansion.txt) has the following: NETCONF - Network Configuration Protocol (NETCONF) RESTCONF - No Expansion ]
|
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call