Reviewer: Linda Dunbar Review result: Not Ready I have reviewed this document as part of the SEC area directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments. Summary: The document defines extensions to the ACLs YANG Model specified in RFC 8519. While the description is clear, it lacks details on the mitigation methods for ACL Manipulation Risks. New features such as defined-sets, aliasing, and payload-based filtering introduce potential security risks if not properly authenticated and authorized. An attacker could: a) Modify ACL entries to bypass security policies (e.g., allow the malicious traffic); b) Introduce denial-of-service (DoS) conditions by blocking legitimate traffic. To mitigate these risks, the document should include recommendations for security best practices, such as, requiring the ACL configuration changes to be digitally signed using PKI-based certificates or HMAC (Hash-based Message Authentication Code); maintaining a detailed log of ACL modifications; storing a hash of ACL configurations in a tamper-resistant database; implementing anomaly detection mechanisms to trigger alerts for unusual ACL modification; restricting ACL modifications only during maintenance windows to minimize accidental or unauthorized changes, etc. Adding these security controls would significantly enhance the document's robustness against ACL manipulation attacks. Best Regards, Linda Dunbar -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
