Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-sid-16: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 15 July 2021 04:29 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DB953A1AE2; Wed, 14 Jul 2021 21:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MFIB732u93Gv; Wed, 14 Jul 2021 21:29:06 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A98F23A1ADE; Wed, 14 Jul 2021 21:29:05 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 16F4Svl0013842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Jul 2021 00:29:03 -0400
Date: Wed, 14 Jul 2021 21:28:56 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: draft-ietf-core-sid@ietf.org, The IESG <iesg@ietf.org>, core-chairs@ietf.org, core@ietf.org
Message-ID: <20210715042856.GL74365@kduck.mit.edu>
References: <162621573715.1426.3300364400283622807@ietfa.amsl.com> <219605.1626281575@dooku> <20210714173223.GD74365@kduck.mit.edu> <5344.1626291161@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5344.1626291161@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/4qiHR7UguTF-YK0FZHO-n_DS6nM>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-sid-16: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 04:29:07 -0000

On Wed, Jul 14, 2021 at 03:32:41PM -0400, Michael Richardson wrote:
> 
> {again, not an author of this document}

(thanks for the reminder!)

> Benjamin Kaduk <kaduk@mit.edu> wrote:
>     >> (I don't think we have resolved the question of how/if/when we provide the sid
>     >> file to IANA when part of another RFC. In theory, IANA creates the sid file
>     >> when the YANG module is first provided. In practice, we need it for interop
>     >> work prior to WGLC)
> 
>     > (Also an interesting question, but probably not something that needs to be
>     > enshrined in the RFC.)
> 
> Someone has to document some interaction with IANA.
> I guess draft-ietf-anima-constrained-voucher, close to WGLC, will show us
> whether we got things right or not :-)
> {insert curse about living in interesting times}
> 
> ...
> 
>     >> Conceptually, SID files could be processed by unconstrained target
>     >> systems such as network management systems.  Such systems need to take
>     >> extra care to make sure that they are only processing SID files from the
>     >> same authoritative source as the YANG modules that they are using.
> 
>     > This topic also seems worth covering, so thanks for including it.
>     > It's not entirely clear to me that it's a security requirement to use the
>     > exact same source for YANG module and SID files or some other trustworthy
>     > authority might be acceptable, so we might want to think about this some
>     > more.
> 
> I'm just trying to say: if you trusted IANA for the .yang, then trust them
> for .sid.  If your source of truth was IEEE, then get the .sid from them too.

And I'm saying that doing that is clearly safe and a defensible course of
action.  There may also be other safe courses of action, though, so I don't
want to commit us to "need to use the same source for YANG modules and SID
files" without having it be a considered decision.

-Ben