Hi Xufeng Thanks, I have updated a preliminary version 15 @ https://github.com/detnet-wg/draft-ietf-detnet-yang. Most updates were straightforward - the security section I think everything is sensitive on write and anything that shows application is sensitive on read. Here is how the section reads now: (Please comment if this is OK). There are a number of data nodes defined in the module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can break or incorrectly connect DetNet flows. Since this is a configured Data Plane any changes that are not coordinated with all devices along the path the whole DetNet module is considered vulnerable and should have authorized access only. Similarly, the data nodes in these YANG modules may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data node and their sensitivity/vulnerability: detnet/app-flows: This controls the application details so it could be considered sensitive. detnet/traffic-profile/member-app: This links traffic profiles to applications. detnet/service/incoming/app-flow: This links applications to services. detnet/service/outgoing/app-flow: This links applications to services. Cheers Don -----Original Message----- From: Xufeng Liu via Datatracker <noreply@xxxxxxxx> Sent: Tuesday, November 9, 2021 3:07 PM To: yang-doctors@xxxxxxxx Cc: detnet@xxxxxxxx; draft-ietf-detnet-yang.all@xxxxxxxx; last-call@xxxxxxxx Subject: Yangdoctors last call review of draft-ietf-detnet-yang-14 Reviewer: Xufeng Liu Review result: Ready with Nits Thanks to authors for addressing the previous review comments. The updates look good. The followings are a few additional nits: 1) In the model, “container flow-spec” has been changed to “container traffic-spec”, but the description has not been updated, shown as below: container traffic-spec { description "Flow-specification specifies how the Source transmits packets for the flow. This is the promise/request of the Source to the network. The network uses this flow specification to allocate resources and adjust queue parameters in network nodes."; 2) Most names of list and leaf-list have been fixes. The following three were missed: “leaf-list member-apps” should be “leaf-list member-app” “leaf-list member-services” should be “leaf-list member-service” “leaf-list member-fwd-sublayers” should be “leaf-list member-fwd-sublayer” 3) Section 10. Security Considerations would need to include a list of “sensitive or vulnerable” nodes. RFC 8349 shows an example. Thanks, - Xufeng -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
