Re: [Gen-art] [OPSAWG] some YANG thoughts on draft-ietf-opsawg-sbom-access-03
tom petch <ietfc@btconnect.com> Tue, 04 January 2022 17:02 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DBE23A1E64; Tue, 4 Jan 2022 09:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYh80QdD2mGm; Tue, 4 Jan 2022 09:02:26 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40110.outbound.protection.outlook.com [40.107.4.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EE853A1E45; Tue, 4 Jan 2022 09:02:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gq19P8B/DdcBYU6yAih7sqzIY0DhCvbA0BLmjkMOJ77vZwaAttQaTx125ZWFnjt3DTpIC/qbcKeBjDL/pqvDovOYDd8ISomjk7f+ZgrURsORNLgRcSIniJHV//LeO8o7j/rd5Z5Nk4Y7MmX8VUtCWvyICTUAw4G7IRz0V12ev++GUMzBH6ddjO56L8LeRvRq5/+OrLc6Ao8Tohp/2fPmVP8bWCqBU8ubt53nALJ8wCX5tat2RY2X2NpUFP08uFh5InRZLVhJDmLGcm60c8RY8Vs8N/oumUEnpQDmIyxWnYGEXA/uLbKA6Szx7EsWTWkzS3XTyJ435n2ls/KT5mWceA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IZNa+v+CBMbAnqOr31r4Iv+8RDdQBsPQ2NPcJRcvzAI=; b=g3VxEJEk+djftiBUHMzEObklZLrZU0DPdY/cjqSK3/R8eINsD81gy/rTqUFnHWbA1C0HXofx17X1r1H0KQaacb5KQVXVu/UTOz81NwBisrWjL5Ko+x7uwKz1uIGvldKNdf/s9Ik2o37gCIAN4mkf+N5ZRoTo6f4GdX5leyBib8j9bQmU3RuVnxb7zn8vK3s2r69r1eTrK86ciGhyFZsEe02UwPLo0LbJGsVTDbWaWfBhjY415FdcW7cXUxZd3qN9DJfDeRYZAfPRb30dKf9VlESjSNRJSfza0HLuJqxBy6HwSjw6SbMAyK35g5JViqZ91PxgXetSoX4apPGfSpxQpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IZNa+v+CBMbAnqOr31r4Iv+8RDdQBsPQ2NPcJRcvzAI=; b=eMO0ZEYQQRZWtEnTpPzztS6qx7qdTVHv4ePnUEnYp4upos8SRk2fzqw911Q8VuKX7if8rV0pHxqcEaW8ZTa+WzdsXvsy3JRzc7GqaskDL+cZiChENYZDcdpSS0+dZp91Tqi+P4CNSUy0gYQOAaUsXRgagYIl7FsCXZFFHa6PlTU=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by DB9PR07MB7706.eurprd07.prod.outlook.com (2603:10a6:10:21c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.4; Tue, 4 Jan 2022 17:02:21 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::719a:2b70:b9fd:d912]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::719a:2b70:b9fd:d912%8]) with mapi id 15.20.4867.006; Tue, 4 Jan 2022 17:02:20 +0000
From: tom petch <ietfc@btconnect.com>
To: Eliot Lear <lear@lear.ch>, "gen-art@ietf.org" <gen-art@ietf.org>, Russ Housley <housley@vigilsec.com>
CC: "draft-ietf-opsawg-sbom-access.all@ietf.org" <draft-ietf-opsawg-sbom-access.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] some YANG thoughts on draft-ietf-opsawg-sbom-access-03
Thread-Index: AQHYAYqzN45JXzu2lkiYCgtQhOC5/A==
Date: Tue, 04 Jan 2022 17:02:20 +0000
Message-ID: <AM7PR07MB6248972EC0B8A9E75D42C9E3A04A9@AM7PR07MB6248.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: d8ebc0bf-de75-104f-7d2c-37dce2e033ad
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1a34574c-55b6-4f13-3293-08d9cfa3f8c2
x-ms-traffictypediagnostic: DB9PR07MB7706:EE_
x-microsoft-antispam-prvs: <DB9PR07MB77064C0EA34337164E1FC069A04A9@DB9PR07MB7706.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vu6iD7UqJhSD8oRWnOo32zmBnnuQGvy4Q5j3pMffRwMeN1FVptSrrcudHVhtHDgKjtP4RIZdxkgNCVXjsHrvEfyqne7diX4tTjCxY7X9nS3bMHMbneKpB3eIM8r9K1F/zbE/MwrWdBwIX8xgetWXLtgFW7fjlorNftK7npr3O7+F0q39i5gREh6WKrZf9qV9C3azwPRX8peNVBJY3O/yGVQudF0HSOJsJmKRr58AtbNHQVmJFQH8HsTxTxUAPyGQJV+9gXqGTDtJnnrhHazJ4WYFLQbd15scXx6OjA3UtIMU2TyfLoWxErlmoB8RvmWpSzLyi/rHPlexQ5JGVHSHmIlh0ghpbzvBW//BqeBITMihckmSYp2gTK8chMEfkK50STEMQbVKD4rHhUpBsVG1XyIGFJTJxszNWT8OdPkgdsdrSVgUe5MQy3sQSX4Tgfdmnl78NAnhpXbcSdn5oRFu1fXvzSRp0vwl3EknzH1dwXeHYJYSCHGdXR5JqqGnBWwXDtyY/00+ZL8B9If0Dnqs0DBSMsJuVAtSRDetl7DPCyzjpZqZhq1p4ebau6LBXTRnBYhoIJcUS96GP3PGCaL6CF+rTNkiDp9UW+kXK05VwEVrpJ3OqQrx8EMXtEUQvzFypzWTp6bYXSz+fabh9efz4lDHIChzTIhbhE06BIh93BqinfDgVxF+PYFyqD8ooD6bwySg8CvVaGls9dj4kRtAG7qxLL+2RKw09Yq1j98ZMow2DLfbVQcUvqx94VLgMmey
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(86362001)(52536014)(4326008)(82960400001)(8676002)(8936002)(66446008)(66556008)(64756008)(66476007)(38100700002)(66946007)(122000001)(110136005)(91956017)(5660300002)(54906003)(76116006)(33656002)(316002)(38070700005)(83380400001)(2906002)(55016003)(71200400001)(186003)(26005)(9686003)(53546011)(6506007)(7696005)(19627405001)(508600001)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 02Mf2DG7jXey0eTQn1DPclVidVjZgGOsjjX3BMf3VPtl83Kv2icPeZcV7F28b7esWlJWyJzBeoRG3/HbzUSJheRaKCkm4ygY4bflvEYnwOw/4rg+92QJh3+35GHx+l1Sl7bCZkeVvl2jZRsHmWZMBWa3Nei60jlL9HpeKdedf7wn+0p7qD8mNqzK7WDcDvWoLX4OLihjYDIOedPDsNvtEN2IdZlApdauxc5Gk4AfDztNfDcLO2dhYfqUrdm2zCyir+BzQ+u1yYoRLoQhGi08t7MR+MJIEvAFBnWvAk7Y3d/uzc+RFdZGXwGQq7Pk1fCInTrnPBfvJhx6iX1dUVB6v1tbYw4ujKfOuUHEL26BxFwMhBTQXCWU/KdEngRUd90zKhWCXn0HmvYsZAdeKjkW9qwNcpm6I8ugtU5UqJiCi52+ORDXMQalHJJ5AU0SYfHbToHthqOCuZV1uPx+IeErfK/pMsQXmrhe17ROe0V0W0CEmOomEuOd9ngWJJWdgdp3FJ0DptTRXyMSZq3TOu4y6bXDrnmu72rKoljZqIhLIWSx3bKX+Z+T+2W/fCYHHPlJAoF4hk1KATyohljXcyPm+omq/FEZLNJApSNmdyrkkevuspWVOxqSs4zCr+Hr8eJU+OvmLSIU1cRkvWxvXtJYT3zceq0jaklSXL/iUx1pXau6YU0nrFqdCYYWwYX8/a//NWkoT3c/bTj/R3rFi8jJC75xyFIG7ChATznXYTUOAhTGP2BNG2gV4sM3N/ijwHZe3MjtDapLq6X6cR0sQS/UWExYNVl95Iy+yQGDPepa0pLZrTddNvtol5sKNCA5YdEoh5t0NhyWsLzZZzrMmVM0f5ez3eYiIMlFRaDiYBql1Kbf9i7a8k1ckeifEXFh5mOtbwb6WqR9Nk+nb1wrF19Yj08916MaKzD2SkCWsOXV8BQYCPSzCIObJ6t1rjTQWc798Gw7hguxhmD/7lgI5uymDpuo7+tjBwVu7SpYeJo4OE1PylqsY5bcgbJuOaXhpUY2wbXJJ5LaZvQR7x/EuPKm7INU9Arz6EWCH3vydhy9na6lk2AAP58P8KmztlSiC8XReGDo/c0CSktIfEb0oIfESY8uYjehBerrB9tqHaGWjhzlMneQjTUIfG4Me62b0A7bgfZb6Mmd0iL9DongcUEhHGDO55pfr0GbfJ7++YMr29NKXxgxQ8cMnXFVO44F3XncclWgyzkRJ9QT3sPqiT3EJI03rnhdnfjDurgr1jsJYK+RW0zllTXL9Gq8koa6gPvTVJLXUGcdhW118ju2WzgfD7GLpAo/urQM59ZGT91nbrQGwfAhRGhleTISpD087CthbtCgxZqpBq0ihtCenZ5RRs1b02ih9pfkm/A1F7UbIwYGi4O9cnbi8T3SgwIAPDo5m4njt5I7oC8L6FvJ/pJUr1hULF6LrqxmiHnu2WpPMiTQ1w8Nd/KKsSb5KrfF2cvnx0mwpNlF7hUZcY2G6o5RIK8SnGTb+EtLfQgRZu1JbwW2tiEzDL4Mefx10hAcwBBse2eNCuyoNnqQ8/ImWndmeTccaixSfwR58qaTZVdLDziD6ZopLh+j8dAvElM+v0KRn1DE6LmdYz7i0iMusv6PJQ==
Content-Type: multipart/alternative; boundary="_000_AM7PR07MB6248972EC0B8A9E75D42C9E3A04A9AM7PR07MB6248eurp_"
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a34574c-55b6-4f13-3293-08d9cfa3f8c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jan 2022 17:02:20.8310 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OxlaM4AiCyMz2xZuesMcRMzFhd4jfUG5YpKJI9WLtV5TtP944/ttnQ+HvJuBaqceo95SmuSbjhHoQSSQRG7jTA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7706
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/F_nODX9aOL9J_9dGaLHv8axbnIM>
Subject: Re: [Gen-art] [OPSAWG] some YANG thoughts on draft-ietf-opsawg-sbom-access-03
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2022 17:02:31 -0000
From: Eliot Lear Sent: Tuesday, January 04, 2022 16:28 To: tom petch; gen-art@ietf.org; Russ Housley Cc: draft-ietf-opsawg-sbom-access.all@ietf.org; opsawg@ietf.org Subject: Re: [OPSAWG] some YANG thoughts on draft-ietf-opsawg-sbom-access-03 Hi Tom, Thanks for your review. Please see below. <tp> On security, YANG Guidelines, RFC8407, says that there MUST be Security Considerations and that they MUST be patterned on the latest template. No exemption for read only or grouping only! For example, I note that you refer to HTTP whereas the template only uses HTTPS, underpinned by TLS. It is fine to say that the data is read only. It is also fine to say that the data is in the public domain and so privacy is not a concern. I have not yet seen a statement in an I-D that the integrity of the data is of no concern and so corruption by an evil actor e.g. by using HTTP insead of HTTPS is not a concern but perhaps that day will come:-) Whatever, I think that a number of AD will be looking for Security Considerations based on the template and you will be asked why not and I see that as easier to fix now rather than at IESG Review. Tom Petch On 14.12.21 11:15, tom petch wrote: > From: OPSAWG <opsawg-bounces@ietf.org> on behalf of Russ Housley via Datatracker <noreply@ietf.org> > Sent: 13 December 2021 22:02 > Subject: [OPSAWG] Genart early review of draft-ietf-opsawg-sbom-access-03 > > Reviewer: Russ Housley > Review result: Almost Ready > <snip> > > > Note: I am not a good persone to review the YANG specification. I > assume one of the YANG Doctors will have a look at this document too. > > <tp> > > You could say that there is no YANG Module as YANG Modules must be registered with IANA and the IANA Considerations in this I-D do not do so:-) > > So > IANA Considerations must register the module as per YANG Guidelines Added. > > Security Considerations must use the template referenced by YANG Guidelines This one's a little weird, since we are augmenting the MUD module, which isn't intended to be retrieved via NETCONF, and nothing here is intended to be writeable. I could add read-only to all of this stuff. > > The title in the revision reference clause bears little relationship to that of the I-D Corrected. > > YANG prefix must be unique and should be easy to use; I think that 'mud-transparency' is about 12 characters longer than I would class as easy to use (e.g. mudtx) Sold. > > URL is insecure and to an obsolete web site (tools) > > No mention of NMDA or lack of support thereof Text welcome for this. > > Lots of abbreviations not expanded on first use > > In our modern pageless format, Section one would be easier to refer to with more subsections such as one for terminology with expanded abbreviations Generally we should expand abbreviations on first use. I will clean those up. > > Why have a grouping and a uses which for me makes the module harder to understand? It is not as if this grouping is going to be imported in lots of places AFAICT. It may. That is why it's a grouping. Again, thanks for the review. Eliot
- [Gen-art] Genart early review of draft-ietf-opsaw… Russ Housley via Datatracker
- [Gen-art] some YANG thoughts on draft-ietf-opsawg… tom petch
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Eliot Lear
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… Eliot Lear
- Re: [Gen-art] [OPSAWG] Genart early review of dra… Dick Brooks
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… tom petch
- Re: [Gen-art] [OPSAWG] some YANG thoughts on draf… Eliot Lear
- Re: [Gen-art] Genart early review of draft-ietf-o… Lars Eggert