Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-sid-16: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 14 July 2021 19:32 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DA733A0CDC; Wed, 14 Jul 2021 12:32:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSnlxhP4tz6u; Wed, 14 Jul 2021 12:32:47 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D31623A0CC7; Wed, 14 Jul 2021 12:32:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id EB4CB389E6; Wed, 14 Jul 2021 15:35:43 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zplOzNcTKJDI; Wed, 14 Jul 2021 15:35:40 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6D1BB389E5; Wed, 14 Jul 2021 15:35:40 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id C6969486; Wed, 14 Jul 2021 15:32:41 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Benjamin Kaduk <kaduk@mit.edu>
cc: draft-ietf-core-sid@ietf.org, The IESG <iesg@ietf.org>, core-chairs@ietf.org, core@ietf.org
In-Reply-To: <20210714173223.GD74365@kduck.mit.edu>
References: <162621573715.1426.3300364400283622807@ietfa.amsl.com> <219605.1626281575@dooku> <20210714173223.GD74365@kduck.mit.edu>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Wed, 14 Jul 2021 15:32:41 -0400
Message-ID: <5344.1626291161@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/GAZy2fSe1NeJ5Fqqrjueb8yeD8g>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-sid-16: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 19:32:53 -0000

{again, not an author of this document}

Benjamin Kaduk <kaduk@mit.edu> wrote:
    >> (I don't think we have resolved the question of how/if/when we provide the sid
    >> file to IANA when part of another RFC. In theory, IANA creates the sid file
    >> when the YANG module is first provided. In practice, we need it for interop
    >> work prior to WGLC)

    > (Also an interesting question, but probably not something that needs to be
    > enshrined in the RFC.)

Someone has to document some interaction with IANA.
I guess draft-ietf-anima-constrained-voucher, close to WGLC, will show us
whether we got things right or not :-)
{insert curse about living in interesting times}

...

    >> Conceptually, SID files could be processed by unconstrained target
    >> systems such as network management systems.  Such systems need to take
    >> extra care to make sure that they are only processing SID files from the
    >> same authoritative source as the YANG modules that they are using.

    > This topic also seems worth covering, so thanks for including it.
    > It's not entirely clear to me that it's a security requirement to use the
    > exact same source for YANG module and SID files or some other trustworthy
    > authority might be acceptable, so we might want to think about this some
    > more.

I'm just trying to say: if you trusted IANA for the .yang, then trust them
for .sid.  If your source of truth was IEEE, then get the .sid from them too.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide