| rfc9907v9.txt | rfc9907.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) A. Bierman | Internet Engineering Task Force (IETF) A. Bierman | |||
| Request for Comments: 9907 YumaWorks | Request for Comments: 9907 YumaWorks | |||
| BCP: 216 M. Boucadair, Ed. | BCP: 216 M. Boucadair, Ed. | |||
| Obsoletes: 8407 Orange | Obsoletes: 8407 Orange | |||
| Updates: 8126 Q. Wu | Updates: 8126 Q. Wu | |||
| Category: Best Current Practice Huawei | Category: Best Current Practice Huawei | |||
| ISSN: 2070-1721 February 2026 | ISSN: 2070-1721 March 2026 | |||
| Guidelines for Authors and Reviewers of Documents Containing YANG Data | Guidelines for Authors and Reviewers of Documents Containing YANG Data | |||
| Models | Models | |||
| Abstract | Abstract | |||
| This document provides guidelines for authors and reviewers of | This document provides guidelines for authors and reviewers of | |||
| specifications containing YANG data models, including IANA-maintained | specifications containing YANG data models, including IANA-maintained | |||
| YANG modules. Recommendations and procedures are defined, which are | YANG modules. Recommendations and procedures are defined, which are | |||
| intended to increase interoperability and usability of Network | intended to increase interoperability and usability of Network | |||
| skipping to change at line 731 ¶ | skipping to change at line 731 ¶ | |||
| <BEGIN TEMPLATE TEXT> | <BEGIN TEMPLATE TEXT> | |||
| X. Security Considerations | X. Security Considerations | |||
| This section is modeled after the template described in Section 3.7.1 | This section is modeled after the template described in Section 3.7.1 | |||
| of [RFC9907]. | of [RFC9907]. | |||
| The "<module-name>" YANG module defines a data model that is | The "<module-name>" YANG module defines a data model that is | |||
| designed to be accessed via YANG-based management protocols, | designed to be accessed via YANG-based management protocols, | |||
| such as Network Configuration Protocol (NETCONF) [RFC6241] | such as the Network Configuration Protocol (NETCONF) [RFC6241] | |||
| and RESTCONF [RFC8040]. These YANG-based management protocols | and RESTCONF [RFC8040]. These YANG-based management protocols | |||
| (1) have to use a secure transport layer (e.g., Secure Shell (SSH) | (1) have to use a secure transport layer (e.g., Secure Shell (SSH) | |||
| [RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and (2) have to use | [RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and (2) have to use | |||
| mutual authentication. | mutual authentication. | |||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| RESTCONF users to a preconfigured subset of all available NETCONF or | RESTCONF users to a preconfigured subset of all available NETCONF or | |||
| RESTCONF protocol operations and content. | RESTCONF protocol operations and content. | |||
| skipping to change at line 776 ¶ | skipping to change at line 776 ¶ | |||
| -- or a "nacm:default-deny-all" extensions statement, then those | -- or a "nacm:default-deny-all" extensions statement, then those | |||
| -- subtrees and data nodes must be listed, with an explanation of the | -- subtrees and data nodes must be listed, with an explanation of the | |||
| -- associated security risks with a focus on how they can be | -- associated security risks with a focus on how they can be | |||
| -- disruptive if abused. Otherwise, state: | -- disruptive if abused. Otherwise, state: | |||
| -- | -- | |||
| -- "There are no particularly sensitive writable data nodes." | -- "There are no particularly sensitive writable data nodes." | |||
| -- Readable nodes section: | -- Readable nodes section: | |||
| -- | -- | |||
| -- If the data model contains any readable data nodes (i.e., those | -- If the data model contains any readable data nodes (i.e., those | |||
| -- that are "config false" nodes, but also all other nodes, because | -- that are "config false" nodes, but also all other nodes because | |||
| -- they can also be read via operations like get or get-config), then | -- they can also be read via operations like get or get-config), then | |||
| -- include the following text: | -- include the following text: | |||
| Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
| sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
| important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
| notification) to these data nodes. Specifically, the following | notification) to these data nodes. Specifically, the following | |||
| subtrees and data nodes have particular sensitivities/ | subtrees and data nodes have particular sensitivities/ | |||
| vulnerabilities: | vulnerabilities: | |||
| -- You must evaluate whether the data model contains any readable | -- You must evaluate whether the data model contains any readable | |||
| -- data nodes (those are all the "config false" nodes, but also all | -- data nodes (those are all the "config false" nodes, but also all | |||
| -- other nodes, because they can also be read via operations like get | -- other nodes because they can also be read via operations like get | |||
| -- or get-config) that are particularly sensitive or vulnerable | -- or get-config) that are particularly sensitive or vulnerable | |||
| -- (e.g., if they might reveal customer information or violate | -- (e.g., if they might reveal customer information or violate | |||
| -- personal privacy laws). Typically, particularly sensitive | -- personal privacy laws). Typically, particularly sensitive | |||
| -- readable data nodes are ones that are protected by a | -- readable data nodes are ones that are protected by a | |||
| -- "nacm:default-deny-read" or a "nacm:default-deny-all" extensions | -- "nacm:default-deny-read" or a "nacm:default-deny-all" extensions | |||
| -- statement. | -- statement. | |||
| -- | -- | |||
| -- Otherwise, state: | -- Otherwise, state: | |||
| -- "There are no particularly sensitive readable data nodes." | -- "There are no particularly sensitive readable data nodes." | |||
| End of changes. 4 change blocks. | ||||
| 4 lines changed or deleted | 4 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||