Last Call Review of draft-ietf-ccamp-l1csm-yang-24
review-ietf-ccamp-l1csm-yang-24-secdir-lc-sheffer-2024-01-28-00
review-ietf-ccamp-l1csm-yang-24-secdir-lc-sheffer-2024-01-28-00
The document describes a simple YANG model for L1 service management. IMO it is ready to go, with a few nits: Sec. 1.2: the actual YANG module in Sec. 4 says "Refer to MEF 63 for all terms", so I would expect MEF 63 to be used as a reference for terminology here (and that document does have a very nice glossary). Sec. 2, 2nd paragraph: the word "includes" is redundant. Sec. 5: I'm a bit puzzled about the three IDs that were called out as sensitive: uni-id, service-id and endpoint-id. One reason for sensitivity is that they may disclose interesting information. Another reason is that "they must also be correctly configured to ensure the Subscriber and Service Provider connection is established." But I think the latter reason applies to everything else, e.g. "protocol", "optical-interface". In other words, just about everything in this module can be used to bring down the UNI, and therefore all attributes should be considered sensitive. Sec. 5: "These are the subtrees and data nodes and their sensitivity/vulnerability" - but then we list the subtrees but no specific details about sensitivity/vulnerability.