Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs-protocol-security-requirements-06: (with DISCUSS and COMMENT)
"Susan Hares" <shares@ndzh.com> Wed, 17 August 2016 23:59 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB98712D82E; Wed, 17 Aug 2016 16:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.738
X-Spam-Level: *
X-Spam-Status: No, score=1.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUpWWzqL--lY; Wed, 17 Aug 2016 16:59:11 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63B6D12D82C; Wed, 17 Aug 2016 16:59:10 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=174.124.169.225;
From: Susan Hares <shares@ndzh.com>
To: stephen.farrell@cs.tcd.ie, alissa@cooperw.in
References: <147144567895.12152.15403435188950086025.idtracker@ietfa.amsl.com> <CAG4d1rfSYjQLuZYi-g5eOukvMd86FyBs6oyeCk0pdjWYvvLWhA@mail.gmail.com> <5B604C19-7AEF-4C92-B452-A034749A5FCA@cooperw.in> <xu6csa.oc2ggp.1hge0yu-qmf@mercury.scss.tcd.ie>
In-Reply-To: <xu6csa.oc2ggp.1hge0yu-qmf@mercury.scss.tcd.ie>
Date: Wed, 17 Aug 2016 19:58:06 -0400
Message-ID: <008e01d1f8e3$33483590$99d8a0b0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQG3q3aG/0u2B1HfPippUnE2NxzEQwGi2QgoAk3GCFUB6JhdAKBTpYIw
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/CM6hEiPPEkd5QppKZoAt2gk0IPM>
Cc: i2rs@ietf.org, i2rs-chairs@ietf.org, akatlas@gmail.com, iesg@ietf.org, jhaas@pfrc.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs-protocol-security-requirements-06: (with DISCUSS and COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 23:59:13 -0000
Stephen: We have discussed these requirements with the NETCONF/RESTCONF group as part of the process. This WG group did not raise any issues of about the requirements not being realistic. Sue Hares -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of stephen.farrell@cs.tcd.ie Sent: Wednesday, August 17, 2016 2:24 PM To: alissa@cooperw.in Cc: i2rs@ietf.org; i2rs-chairs@ietf.org; akatlas@gmail.com; iesg@ietf.org; jhaas@pfrc.org; draft-ietf-i2rs-protocol-security-requirements@ietf.org Subject: Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs-protocol-security-requirements-06: (with DISCUSS and COMMENT) Hiya, I'm on vacation so won't be balloting this week and I only had a quick flick of this, but if I'd had time for a proper read I think I'd be asking how realistic are these requirements, possibly as a discuss ballot. If someone wanted to hit defer and blame me (sorry I don't have the right devices with me to do that) that'd be good. But if this draft is time-critical for the WG then please ignore the above. S. On Wed Aug 17 19:02:09 2016 GMT+0200, Alissa Cooper wrote: > Hi Alia, > > > On Aug 17, 2016, at 11:07 AM, Alia Atlas <akatlas@gmail.com> wrote: > > > > Hi Alissa, > > > > On Wed, Aug 17, 2016 at 10:54 AM, Alissa Cooper <alissa@cooperw.in <mailto:alissa@cooperw.in>> wrote: > > Alissa Cooper has entered the following ballot position for > > draft-ietf-i2rs-protocol-security-requirements-06: Discuss > > > > When responding, please keep the subject line intact and reply to > > all email addresses included in the To and CC lines. (Feel free to > > cut this introductory paragraph, however.) > > > > > > Please refer to > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > <https://www.ietf.org/iesg/statement/discuss-criteria.html> > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security-r > > equirements/ > > <https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security- > > requirements/> > > > > > > > > -------------------------------------------------------------------- > > -- > > DISCUSS: > > -------------------------------------------------------------------- > > -- > > > > == Section 3.2 == > > > > "A non-secure transport can be can be used for publishing telemetry > > data or other operational state that was specifically indicated to > > non-confidential in the data model in the Yang syntax." > > > > What kind of telemetry data is it that is of no potential interest > > to any eavesdropper? This is not my area of expertise so I'm having > > a hard time conceiving of what that could be. I'm also wondering, > > since I2RS agents and clients will have to support secure transports > > anyway (and RESTCONF can only be used over a secure transport), why > > can't they be used for all transfers, instead of allowing this > > loophole in the name of telemetry, which undoubtedly will end up > > being used or exploited for other data transfers? > > > > If the argument was that this loophole is needed for backwards > > compatibility with insecure deployments of NETCONF or something like > > that I think it would make more sense, but my impression from the > > text is that those will have to be updated anyway to conform to the > > requirements in this document. > > > > Data coming from a router can come from many different line-cards and processors. > > The line-cards that may be providing the data are not going to be > > supporting the secure transports anyway. > > Will they also not be supporting the I2RS protocol then, given the requirement for support of a secure transport? > > > > A goal is to allow easy distribution of streaming data and event > > notifications. As for what type of data, as far as I know, > > currently IPFIX streams telemetry data without integrity much less authorization protection. > > What I’m questioning is the choice to extend that model to cases where a third-party controller or application is one endpoint of the data exchange, which is what I thought was part of the motivation for I2RS (happy to be corrected though). > > > > > There are existing deployments that use gRPC now for streaming telemetry data. > > Ok. So is the implication that the requirements here are needed for backwards compatability with those deployments? > > Thanks, > Alissa > > > > > Regards, > > Alia > > > > -------------------------------------------------------------------- > > -- > > COMMENT: > > -------------------------------------------------------------------- > > -- > > > > In general I agree with Mirja that where other documents already > > provide definitions, they should be referenced, not copied or > > summarized, in this document. > > > > == Section 2.1 == > > > > Using "privacy" as a synonym for "confidentiality" is outmoded, I > > think, given current understanding of the many other facets of > > privacy (see, e.g., RFC 6793). I would suggest dropping the > > definition of data privacy and just using the word confidentiality when that is what you mean. > > > > == Section 2.2 == > > > > "The I2RS protocol exists as a higher-level protocol which may > > combine other protocols (NETCONF, RESTCONF, IPFIX and others) > > within a specific I2RS client-agent relationship with a specific > > trust for ephemeral configurations, event, tracing, actions, and > > data flow interactions." > > > > Reading the provided definition of "trust," I'm not sure what "with > > a specific trust for" means in the sentence above. > > > > "The I2RS architecture document [I-D.ietf-i2rs-architecture] > > defines a secondary identity as the entity of some non-I2RS entity > > (e.g. application) which has requested a particular I2RS client > > perform an operation." > > > > Per my comment above, I would suggest just referencing the > > definition from the architecture document. The text above is > > circular ("the entity of some ... entity") and conflates an identity with an identifier. > > > > == Section 3.1 == > > > > Agree with Mirja that this section is superfluous. > > > > == Section 3.3 == > > > > Since the normative recommendation here isn't to be enforced by the > > protocol, why is it SHOULD rather than MUST? Same question applies > > to SEC-REQ-17. > > > > == Section 3.5 == > > > > Is the omission of normative language from Sec-REQ-20 purposeful? > > _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Susan Hares
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Susan Hares
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Kathleen Moriarty
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Kathleen Moriarty
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Susan Hares
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Susan Hares
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… stephen.farrell
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [i2rs] Alissa Cooper's Discuss on draft-ietf-… Alia Atlas
- [i2rs] Alissa Cooper's Discuss on draft-ietf-i2rs… Alissa Cooper