IETF Logo Mail Archive

Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)

Simon Pietro Romano <spromano@unina.it> Fri, 03 June 2016 11:16 UTC

Return-Path: <spromano@unina.it>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACC7712D0F0 for <clue@ietfa.amsl.com>; Fri, 3 Jun 2016 04:16:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.327
X-Spam-Level:
X-Spam-Status: No, score=-3.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gv0B4UleH44P for <clue@ietfa.amsl.com>; Fri, 3 Jun 2016 04:16:20 -0700 (PDT)
Received: from brc2.unina.it (brc2.unina.it [192.132.34.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F05F12D0D3 for <clue@ietf.org>; Fri, 3 Jun 2016 04:16:20 -0700 (PDT)
X-ASG-Debug-ID: 1464951757-05f27567411023a0001-dOUo1C
Received: from smtp2.unina.it (smtp2.unina.it [192.132.34.62]) by brc2.unina.it with ESMTP id awFDDac5xbitOadx (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO); Fri, 03 Jun 2016 13:02:37 +0200 (CEST)
X-Barracuda-Envelope-From: spromano@unina.it
X-Barracuda-Apparent-Source-IP: 192.132.34.62
Received: from [192.168.178.20] ([151.70.17.237]) (authenticated bits=0) by smtp2.unina.it (8.14.4/8.14.4) with ESMTP id u53B2ZcB019013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 3 Jun 2016 13:02:36 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Simon Pietro Romano <spromano@unina.it>
X-ASG-Orig-Subj: Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)
In-Reply-To: <4A74E266-B15A-4449-9258-7AB19449D1C7@gmail.com>
Date: Fri, 03 Jun 2016 13:02:34 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <6153C106-3498-4EF3-845F-0D4E9883C407@unina.it>
References: <20160531213800.20195.51327.idtracker@ietfa.amsl.com> <45F69808-DBC1-4A03-95B2-7E8357F59034@cooperw.in> <4A74E266-B15A-4449-9258-7AB19449D1C7@gmail.com>
To: kathleen.moriarty.ietf@gmail.com
X-Mailer: Apple Mail (2.2104)
X-Barracuda-Connect: smtp2.unina.it[192.132.34.62]
X-Barracuda-Start-Time: 1464951757
X-Barracuda-Encrypted: AES256-SHA
X-Barracuda-URL: http://192.132.34.42:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at unina.it
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0 tests=BSF_SC0_MISMATCH_TO
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.30139 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 BSF_SC0_MISMATCH_TO Envelope rcpt doesn't match header
Archived-At: <http://mailarchive.ietf.org/arch/msg/clue/WX4i2DWbrAMsdlSOepEvWYC7d80>
Cc: CLUE <clue@ietf.org>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-clue-data-model-schema@ietf.org" <draft-ietf-clue-data-model-schema@ietf.org>
Subject: Re: [clue] Kathleen Moriarty's Discuss on draft-ietf-clue-data-model-schema-14: (with DISCUSS)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 11:16:22 -0000

Hello Kathleen,

as far as point 2 below is concerned:

>>> 2. Schema drafts tend to cover the need for well-formed schemas as part
>>> of the security considerations.  Can you add something in about that (not
>>> much is required, but it's good for implementers to know this is
>>> important)?  You can see two recent examples for guidance:
>>> YANG - https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc6020bis/
>>> IODEF - https://datatracker.ietf.org/doc/draft-ietf-mile-rfc5070-bis/

…are you sure this is really needed? This seems definitely pleonastic to me. This said, if you think we’d better explicitly mention such a point, would you be ok with the following text
(entirely borrowed from the YANG RFC)?

"XML parsers need to be robust with respect to malformed documents. Reading malformed documents from unknown or untrusted sources could result in an attacker gaining 
privileges of the user running the XML parser. In an extreme situation, the entire machine could be compromised.”

Thanks,

Simon





                     					       _\\|//_
                           				      ( O-O )
   ~~~~~~~~~~~~~~~~~~~~~~o00~~(_)~~00o~~~~~~~~~~~~~~~~~~~~~~~~
                    				Simon Pietro Romano
             				 Universita' di Napoli Federico II
                		     Computer Engineering Department 
	             Phone: +39 081 7683823 -- Fax: +39 081 7683816
                                           e-mail: spromano@unina.it

		    <<Molti mi dicono che lo scoraggiamento è l'alibi degli 
		    idioti. Ci rifletto un istante; e mi scoraggio>>. Magritte.
               			                     oooO
  ~~~~~~~~~~~~~~~~~~~~~~~(   )~~~ Oooo~~~~~~~~~~~~~~~~~~~~~~~~~
					                 \ (            (   )
			                                  \_)          ) /
                                                                       (_/

v2.23.0 | Report a Bug | By Email