IETF Logo Mail Archive

Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)

Simon Pietro Romano <spromano@unina.it> Fri, 03 June 2016 13:46 UTC

Return-Path: <spromano@unina.it>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE6F12D188 for <clue@ietfa.amsl.com>; Fri, 3 Jun 2016 06:46:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bk8QQqACdM2M for <clue@ietfa.amsl.com>; Fri, 3 Jun 2016 06:46:21 -0700 (PDT)
Received: from brc2.unina.it (brc2.unina.it [192.132.34.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F3C112D187 for <clue@ietf.org>; Fri, 3 Jun 2016 06:46:20 -0700 (PDT)
X-ASG-Debug-ID: 1464959546-05f275679410bdd0001-dOUo1C
Received: from smtp2.unina.it (smtp2.unina.it [192.132.34.62]) by brc2.unina.it with ESMTP id Ct23vbnfX8n3wpu8 (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO); Fri, 03 Jun 2016 15:12:26 +0200 (CEST)
X-Barracuda-Envelope-From: spromano@unina.it
X-Barracuda-Apparent-Source-IP: 192.132.34.62
Received: from [192.168.178.20] ([151.70.17.237]) (authenticated bits=0) by smtp2.unina.it (8.14.4/8.14.4) with ESMTP id u53DBg5B000529 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 3 Jun 2016 15:12:24 +0200
Content-Type: multipart/alternative; boundary="Apple-Mail=_A5C17CDA-42AC-4E43-9710-23F934616D71"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Simon Pietro Romano <spromano@unina.it>
X-ASG-Orig-Subj: Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)
In-Reply-To: <7016B96C-B85B-4F1C-B599-8DDDDB043DAF@gmail.com>
Date: Fri, 03 Jun 2016 15:12:24 +0200
Message-Id: <C8369566-1B7D-4802-8C94-AAD1D450150A@unina.it>
References: <20160531213800.20195.51327.idtracker@ietfa.amsl.com> <45F69808-DBC1-4A03-95B2-7E8357F59034@cooperw.in> <4A74E266-B15A-4449-9258-7AB19449D1C7@gmail.com> <6153C106-3498-4EF3-845F-0D4E9883C407@unina.it> <7016B96C-B85B-4F1C-B599-8DDDDB043DAF@gmail.com>
To: kathleen.moriarty.ietf@gmail.com
X-Mailer: Apple Mail (2.2104)
X-Barracuda-Connect: smtp2.unina.it[192.132.34.62]
X-Barracuda-Start-Time: 1464959546
X-Barracuda-Encrypted: AES256-SHA
X-Barracuda-URL: http://192.132.34.42:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at unina.it
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0 tests=BSF_SC0_MISMATCH_TO, HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.30141 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 BSF_SC0_MISMATCH_TO Envelope rcpt doesn't match header 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <http://mailarchive.ietf.org/arch/msg/clue/9IEQDaIctM7YR182ix2jQA3c_48>
Cc: CLUE <clue@ietf.org>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-clue-data-model-schema@ietf.org" <draft-ietf-clue-data-model-schema@ietf.org>
Subject: Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 13:46:23 -0000

Perfect. Version -16 of the draft will embed the mentioned paragraph.

Thanx,

Simon & Roberta

> On 03/giu/2016, at 14:41, kathleen.moriarty.ietf@gmail.com wrote:
> 
> 
> 
> Sent from my iPhone
> 
>> On Jun 3, 2016, at 7:02 AM, Simon Pietro Romano <spromano@unina.it> wrote:
>> 
>> Hello Kathleen,
>> 
>> as far as point 2 below is concerned:
>> 
>>>>> 2. Schema drafts tend to cover the need for well-formed schemas as part
>>>>> of the security considerations.  Can you add something in about that (not
>>>>> much is required, but it's good for implementers to know this is
>>>>> important)?  You can see two recent examples for guidance:
>>>>> YANG - https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc6020bis/
>>>>> IODEF - https://datatracker.ietf.org/doc/draft-ietf-mile-rfc5070-bis/
>> 
>> …are you sure this is really needed? This seems definitely pleonastic to me. This said, if you think we’d better explicitly mention such a point, would you be ok with the following text
>> (entirely borrowed from the YANG RFC)?
>> 
>> "XML parsers need to be robust with respect to malformed documents. Reading malformed documents from unknown or untrusted sources could result in an attacker gaining 
>> privileges of the user running the XML parser. In an extreme situation, the entire machine could be compromised.”
> 
> Yes, this would be very good.  I liked the text in that document, hence the reference.
> 
> Thanks,
> Kathleen 
> 
>> 
>> Thanks,
>> 
>> Simon
>> 
>> 
>> 
>> 
>> 
>>                                               _\\|//_
>>                                                ( O-O )
>>  ~~~~~~~~~~~~~~~~~~~~~~o00~~(_)~~00o~~~~~~~~~~~~~~~~~~~~~~~~
>>                                   Simon Pietro Romano
>>                             Universita' di Napoli Federico II
>>                            Computer Engineering Department 
>>                Phone: +39 081 7683823 -- Fax: +39 081 7683816
>>                                          e-mail: spromano@unina.it
>> 
>>           <<Molti mi dicono che lo scoraggiamento è l'alibi degli 
>>           idioti. Ci rifletto un istante; e mi scoraggio>>. Magritte.
>>                                               oooO
>> ~~~~~~~~~~~~~~~~~~~~~~~(   )~~~ Oooo~~~~~~~~~~~~~~~~~~~~~~~~~
>>                                    \ (            (   )
>>                                             \_)          ) /
>>                                                                      (_/
>> 
>> 
>> 
>> 
>> 
>> 
> 

                     					       _\\|//_
                           				      ( O-O )
   ~~~~~~~~~~~~~~~~~~~~~~o00~~(_)~~00o~~~~~~~~~~~~~~~~~~~~~~~~
                    				Simon Pietro Romano
             				 Universita' di Napoli Federico II
                		     Computer Engineering Department 
	             Phone: +39 081 7683823 -- Fax: +39 081 7683816
                                           e-mail: spromano@unina.it

		    <<Molti mi dicono che lo scoraggiamento è l'alibi degli 
		    idioti. Ci rifletto un istante; e mi scoraggio>>. Magritte.
               			                     oooO
  ~~~~~~~~~~~~~~~~~~~~~~~(   )~~~ Oooo~~~~~~~~~~~~~~~~~~~~~~~~~
					                 \ (            (   )
			                                  \_)          ) /
                                                                       (_/

v2.23.0 | Report a Bug | By Email