On Wed, Oct 03, 2018 at 08:18:55AM -0700, Samuel Weiler wrote: > Reviewer: Samuel Weiler > Review result: Has Issues > > I wonder whether there should be a requirement to use authentication when > making updates. As the doc says: The NETCONF and RESTCONF secure transport layers already handle the authentication requirements. E.g., RFC 8040 Section 2.5: The RESTCONF server MUST authenticate client access to any protected resource. If the RESTCONF client is not authenticated, the server SHOULD send an HTTP response with a "401 Unauthorized" status-line, as defined in Section 3.1 of [RFC7235]. The error-tag value "access-denied" is used in this case. But thank you for doing the review, and you're right that this is important! -Ben > Write operations (e.g., edit-config) to these data nodes without > proper protection can have a negative effect on network operations. > > I'm sure someone will argue "if this is used in a closed network, we can avoid > the use of authentication". Prudence suggests that "closed" networks don't > remain that way forever, and defense-in-depth is advisable. Let's add a MUST > or at least a SHOULD. > >
