search

ietf-ccamp-wg / ietf-ccamp-optical-path-computation

Repository for the YANG modeling of OTN and optical layer path computation
Other
0 stars 1 forks source link

Complete Security Considerations #11

Open italobusi opened 2 years ago

italobusi commented 2 years ago

Propose text for the Security Considerations section

danielkinguk commented 2 years ago

Text for security section.

The YANG module defined in this document will be accessed via the NETCONF protocol [RFC6241] or RESTCONF protocol [RFC8040]. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS and the mandatory-to-implement secure transport is TLS [RFC8446].

The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access to particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.

Some of the RPC operations defined in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus essential to control access to these operations.

Operations defined in this document, and their sensitivities and possible vulnerabilities, will be discussed further in future versions of this document.

italobusi commented 2 years ago

The text on Security Considerations should be updated once the YANG model is stable.