Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-iana-class-type-yang-03: (with COMMENT)
Ladislav Lhotka <ladislav.lhotka@nic.cz> Fri, 04 June 2021 07:20 UTC
Return-Path: <ladislav.lhotka@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40AEE3A2CEF; Fri, 4 Jun 2021 00:20:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xsp41nWFAeKD; Fri, 4 Jun 2021 00:20:10 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 602773A2CEB; Fri, 4 Jun 2021 00:20:08 -0700 (PDT)
Received: from localhost (unknown [IPv6:2a01:5e0:29:ffff:fc73:fa64:57e6:2115]) by mail.nic.cz (Postfix) with ESMTPSA id 9646A1408C2; Fri, 4 Jun 2021 09:20:01 +0200 (CEST)
From: Ladislav Lhotka <ladislav.lhotka@nic.cz>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-dnsop-iana-class-type-yang@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, benno@NLnetLabs.nl, benno@NLnetLabs.nl
In-Reply-To: <162265919256.4095.5387300297626974526@ietfa.amsl.com>
References: <162265919256.4095.5387300297626974526@ietfa.amsl.com>
Date: Fri, 04 Jun 2021 09:20:01 +0200
Message-ID: <87im2uhza6.fsf@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.102.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rwQNrwHsI0FVufuRlGVZXltVvgA>
Subject: Re: [DNSOP] Roman Danyliw's No Objection on draft-ietf-dnsop-iana-class-type-yang-03: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2021 07:20:14 -0000
Hi Roman, thanks for your comments, please see below. Roman Danyliw via Datatracker <noreply@ietf.org> writes: ... > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Valery Smyslov for the SECDIR review. > > I applaud the clever use of XSLT to autogenerate and keep the YANG module up to > date. > > ** Section 5. Recommend refining the security considerations to defer security > issues to the modules that use import the data types defined in this document. > Roughly: > > OLD > This documents translates two IANA registries into YANG data types > and otherwise introduces no technology or protocol. Consequently, > there are no security issues to be considered for this document. > > NEW > > This document translates two IANA registries into YANG data types for use by > other YANG modules. When imported and used, the resultant module schema will > have data nodes that can be writable or readable via a network management > protocol. Access or modification to such data nodes may be considered > sensitive in some network environments, and this risk should be evaluated by > the importing module. > The iana-dns-class-rr-type module only defines data types, so it doesn't contribute any data nodes when imported or used. I suggest to use the following formulation, adopted from RFC 6991: NEW This documents translates two IANA registries into YANG data types and otherwise introduces no technology or protocol. The definitions themselves have no security impact on the Internet, but their use in concrete YANG modules might have. The security considerations spelled out in the YANG specification [RFC7950] apply for this document as well. Is it sufficient? Thanks, Lada > > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
- [DNSOP] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Ladislav Lhotka
- Re: [DNSOP] Roman Danyliw's No Objection on draft… Roman Danyliw