italobusi
commented
10 months ago Haomian's reply:
** Section 1. Typo. s/ouside/outside/ [Haomian] Ok.
** Section 1.1. Editorial. It is worth noting that the SDN controller can be alternated by Network Management System (NMS) or Element Management System (EMS).
What does it mean to be “alternated” by the NMS or EMS? Is that the right verb? [Haomian] I was reminded that 'alternate' has different meaning in different countries to prefer to avoid using the term, how about the following?
OLD: It is worth noting that the SDN controller can be alternated by Network Management System (NMS) or Element Management System (EMS).
NEW: It is worth noting that in some scenarios, there can be a Network Management System (NMS) or Element Management System (EMS) performing the role of the SDN Controller.
** Section 2. Typo. s/ connectivities/connections/ [Haomian] Ok.
** Section 5.
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
uni:
uni-id
service:
service-id
endpoint-id
Thanks for using the YANG Security Considerations template. Could the text please be clear on inappropriate write operations. Why are the named nodes “sensitive”? The YANG SecCon template also note that reads might be sensitive. Does that apply here? If so, how?
[Haomian] Thank you, we have expanded the text to address your comments and suggestions.
OLD: Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations.
NEW: Write operations (e.g., edit-config) to these data nodes without proper protection can negatively affect network operations and services. It is susceptible to intentional (malicious) and unintentional (misconfiguration) configuration, adversely affecting the connection.UNI:
- uni-id
Service:
- service-id
- endpoint-id
The IDs above identify a connection between the subscriber and service provider; they will be unique and may contain sensitive information such as customer information, service type, port information, and location. They must also be correctly configured to ensure the Subscriber and Service Provider connection is established.
See: https://mailarchive.ietf.org/arch/msg/ccamp/LR5HJ_1HvKuiC8ddRj9cVCF-HjA/
See: https://mailarchive.ietf.org/arch/msg/ccamp/u4Z_rGbHR9rX751jTEnPiam2Ar4/