Reviewer: Paul Wouters
Review result: Has Issues
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any
other last call comments.
The summary of the review is Has Issues.
This Informational draft specifies an information model for routing information
bases (RIBs) , and hints at how a read/write API would look like. I think the
document should be improved to clarify this API beyond a simple mention of SSH
and TLS in its own section, outside of the Security Consideration section. For
example, if this is TLS, what is used? Something restful? xml? json? What would
the URI be? And for ssh, what kind of access would be given? How is this
restricted to the RIB API ?
When I was reviewing the draft, I was wondering if the document needs a Security Considerations section. I would say that the information model should describe the routing information. I do not think it should specify it. It is more the data model (draft-ietf-i2rs-rib-data-model) that defines or specifies the model, and should have security considerations documented.
Suggest /specifies/describes/g _______________________________________________ i2rs mailing list i2rs@xxxxxxxxhttps://www.ietf.org/mailman/listinfo/i2rs
|
