Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Mon, 22 August 2016 10:08 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0FEC12D0B3; Mon, 22 Aug 2016 03:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GV_oddqkNlgc; Mon, 22 Aug 2016 03:08:01 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CA5C12D096; Mon, 22 Aug 2016 03:08:01 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 58EB080E; Mon, 22 Aug 2016 12:07:59 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.205]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id kp0_ZRI8Fmbj; Mon, 22 Aug 2016 12:07:43 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Mon, 22 Aug 2016 12:07:44 +0200 (CEST)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id EC74D200A8; Mon, 22 Aug 2016 12:07:43 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id mXqSf1Mg0yEV; Mon, 22 Aug 2016 12:07:42 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id D5B3E200AB; Mon, 22 Aug 2016 12:07:40 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id D95603C2A981; Mon, 22 Aug 2016 12:07:38 +0200 (CEST)
Date: Mon, 22 Aug 2016 12:07:38 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Susan Hares <shares@ndzh.com>
Message-ID: <20160822100738.GA12248@elstar.local>
Mail-Followup-To: Susan Hares <shares@ndzh.com>, 'Andy Bierman' <andy@yumaworks.com>, 'Lou Berger' <lberger@labn.net>, i2rs@ietf.org, 'Alissa Cooper' <alissa@cooperw.in>, i2rs-chairs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'IESG' <iesg@ietf.org>, 'Jeffrey Haas' <jhaas@pfrc.org>, 'Joel Halpern' <joel.halpern@ericsson.com>, draft-ietf-i2rs-protocol-security-requirements@ietf.org
References: <20160819085756.GA6759@elstar.local> <01e501d1fa07$6d613fe0$4823bfa0$@ndzh.com> <9c53ff98-3268-f6e2-fbe6-862fc3948794@labn.net> <027a01d1fa12$3879b270$a96d1750$@ndzh.com> <a0e36f97-b62d-228f-f8f7-fadefd1570a1@labn.net> <CABCOCHStcL9-j_ZzG+J+Gj2=kx+N_F9WVzAVTU2pdnLo5dOF+g@mail.gmail.com> <036801d1fa2a$466e9e00$d34bda00$@ndzh.com> <001501d1fa30$46d0ac70$d4720550$@ndzh.com> <CABCOCHSO=oK+dzxOoAqngF45-+Nu47Gv3gc8LZt0ZsW5vpVjhA@mail.gmail.com> <00e701d1fa3a$8cf41a70$a6dc4f50$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: 8bit
In-Reply-To: <00e701d1fa3a$8cf41a70$a6dc4f50$@ndzh.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/FFj-O68pcFg6KNLlysQ_r8N-PFQ>
X-Mailman-Approved-At: Mon, 22 Aug 2016 06:09:04 -0700
Cc: i2rs@ietf.org, 'Alissa Cooper' <alissa@cooperw.in>, 'Andy Bierman' <andy@yumaworks.com>, i2rs-chairs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'IESG' <iesg@ietf.org>, 'Jeffrey Haas' <jhaas@pfrc.org>, 'Joel Halpern' <joel.halpern@ericsson.com>, 'Lou Berger' <lberger@labn.net>, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2016 10:08:04 -0000

On Fri, Aug 19, 2016 at 12:55:53PM -0400, Susan Hares wrote:
> Andy: 
> 
>  
> 
> The easy of reviewing per leaf – is why I suggested the per leaf.  
> 
> I also agree it is important to mention this non-secure/secure requirement to the PUSH work team we are both on. 
> 
>  
> 
> Should I change: 
> 
> Old: /
> 
>    A non-secure transport can be used for publishing telemetry data or
> 
>    other operational state that was specifically indicated to non-
> 
>    confidential in the data model in the Yang syntax. /
> 
> New: 
> 
> /   A non-secure transport can be used for publishing telemetry data or
> 
>    other operational state that was specifically indicated to non-
> 
>    confidential in the data model. /
>

Tagging something in the data model as 'non-confidential' remains a
flawed idea. What can be considered 'non-confidential' depends on the
deployment scenario. It is even worse to standardize some piece of
information as 'non-confidential'. How can the IETF claim that
something is always 'non-confidential'? (And note, a non-secure
transport is not just about confidentiality, it also implies that
boxes on the path can arbitrarily change the information.)

In case this is not clear: What we have done for ~30 years is to have
the decision which information goes into an insecure transport be
taken by an access control model. This makes the decision runtime
configurable and thus things can be deployment specific. This has
worked for 30 years and I have no problem with this. What I am
struggling with is the idea to standardize parts of YANG data models
as 'non-confidential'.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>