On Mon, Jul 22, 2019 at 7:57 PM Rifaat Shekh-Yusef via Datatracker <noreply@xxxxxxxx> wrote: > > > Review is partially done. Another assignment may be needed to complete it. > > Reviewer: Rifaat Shekh-Yusef > Review result: Not Ready > > There is the open issue of the proper structure of this YANG model, which was > discussed with the security ADs and IESG, and still to be discussed with IANA. > > > Meanwhile, I have the following comments: > > Page 6, hash-algorithm_t > Why would you include SHA1 and indicate that it is obsolete? why not just drop it? > > Page 8, hash-algorithm-t > Why would the default be 0, i.e. NONE? > I think you should select a minimum algorithm that would be considered acceptable as the default. Along those lines why is RSA-1024 in there? The asymmetric algorithm doesn't differentiate between encryption and signing or other more exotic things, which I guess is defensible but raises some potential gotchas. We also have an IANA registry for AEAD schemes: why not use that? This would have avoided some omissions such as AES-SIV mode. Lastly one nit: it's elliptic curve not elliptical curve.
