Skip to main content

Last Call Review of draft-ietf-ccamp-l1csm-yang-24
review-ietf-ccamp-l1csm-yang-24-secdir-lc-sheffer-2024-01-28-00

Request Review of draft-ietf-ccamp-l1csm-yang
Requested revision No specific revision (document currently at 26)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-02-01
Requested 2024-01-18
Authors Young Lee , Kwang-koog Lee , Haomian Zheng , Oscar Gonzalez de Dios , Daniele Ceccarelli
I-D last updated 2024-01-28
Completed reviews Intdir Telechat review of -25 by Antoine Fressancourt (diff)
Genart Last Call review of -24 by Dan Romascanu (diff)
Secdir Last Call review of -24 by Yaron Sheffer (diff)
Yangdoctors Early review of -07 by Robert Wilton (diff)
Yangdoctors Last Call review of -15 by Joe Clarke (diff)
Rtgdir Last Call review of -19 by Adrian Farrel (diff)
Rtgdir Last Call review of -19 by Nicolai Leymann (diff)
Assignment Reviewer Yaron Sheffer
State Completed
Request Last Call review on draft-ietf-ccamp-l1csm-yang by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/7ikvcMo2x2zqGgugYagK78gyVcs
Reviewed revision 24 (document currently at 26)
Result Has nits
Completed 2024-01-28
review-ietf-ccamp-l1csm-yang-24-secdir-lc-sheffer-2024-01-28-00
The document describes a simple YANG model for L1 service management. IMO it is
ready to go, with a few nits:

Sec. 1.2: the actual YANG module in Sec. 4 says "Refer to MEF 63 for all
terms", so I would expect MEF 63 to be used as a reference for terminology here
(and that document does have a very nice glossary).

Sec. 2, 2nd paragraph: the word "includes" is redundant.

Sec. 5: I'm a bit puzzled about the three IDs that were called out as
sensitive: uni-id, service-id and endpoint-id. One reason for sensitivity is
that they may disclose interesting information. Another reason is that "they
must also be correctly configured to ensure the Subscriber and Service Provider
connection is established." But I think the latter reason applies to everything
else, e.g. "protocol", "optical-interface". In other words, just about
everything in this module can be used to bring down the UNI, and therefore all
attributes should be considered sensitive.

Sec. 5: "These are the subtrees and data nodes and their
sensitivity/vulnerability" - but then we list the subtrees but no specific
details about sensitivity/vulnerability.