Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-sid-16: (with DISCUSS and COMMENT)

[Benjamin Kaduk <kaduk@mit.edu>]

On Wed, Jul 14, 2021 at 03:32:41PM -0400, Michael Richardson wrote:
> 
> {again, not an author of this document}

(thanks for the reminder!)

> Benjamin Kaduk <kaduk@mit.edu> wrote:
>     >> (I don't think we have resolved the question of how/if/when we provide the sid
>     >> file to IANA when part of another RFC. In theory, IANA creates the sid file
>     >> when the YANG module is first provided. In practice, we need it for interop
>     >> work prior to WGLC)
> 
>     > (Also an interesting question, but probably not something that needs to be
>     > enshrined in the RFC.)
> 
> Someone has to document some interaction with IANA.
> I guess draft-ietf-anima-constrained-voucher, close to WGLC, will show us
> whether we got things right or not :-)
> {insert curse about living in interesting times}
> 
> ...
> 
>     >> Conceptually, SID files could be processed by unconstrained target
>     >> systems such as network management systems.  Such systems need to take
>     >> extra care to make sure that they are only processing SID files from the
>     >> same authoritative source as the YANG modules that they are using.
> 
>     > This topic also seems worth covering, so thanks for including it.
>     > It's not entirely clear to me that it's a security requirement to use the
>     > exact same source for YANG module and SID files or some other trustworthy
>     > authority might be acceptable, so we might want to think about this some
>     > more.
> 
> I'm just trying to say: if you trusted IANA for the .yang, then trust them
> for .sid.  If your source of truth was IEEE, then get the .sid from them too.

And I'm saying that doing that is clearly safe and a defensible course of
action.  There may also be other safe courses of action, though, so I don't
want to commit us to "need to use the same source for YANG modules and SID
files" without having it be a considered decision.

-Ben