Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Thu, 18 August 2016 12:15 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5778A12DADD; Thu, 18 Aug 2016 05:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.447
X-Spam-Level:
X-Spam-Status: No, score=-5.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.247] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXhWXUAgLQY8; Thu, 18 Aug 2016 05:15:12 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02EAE12DADF; Thu, 18 Aug 2016 05:14:11 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id C79DD8DF; Thu, 18 Aug 2016 14:14:09 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.205]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id i4sMtcNCP4rt; Thu, 18 Aug 2016 14:14:08 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Thu, 18 Aug 2016 14:14:08 +0200 (CEST)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id B9D9F200A5; Thu, 18 Aug 2016 14:14:08 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 9tqARp_QHCOZ; Thu, 18 Aug 2016 14:14:07 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 716B1200A6; Thu, 18 Aug 2016 14:14:07 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 77F5C3C24F2C; Thu, 18 Aug 2016 14:14:06 +0200 (CEST)
Date: Thu, 18 Aug 2016 14:14:05 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Susan Hares <shares@ndzh.com>
Message-ID: <20160818121405.GA5282@elstar.local>
Mail-Followup-To: Susan Hares <shares@ndzh.com>, i2rs@ietf.org, i2rs-chairs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'The IESG' <iesg@ietf.org>, jhaas@pfrc.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
References: <147146974235.23784.4389421535496134619.idtracker@ietfa.amsl.com> <013b01d1f8ee$31fa09b0$95ee1d10$@ndzh.com> <20160818073203.GA4338@elstar.local> <04b501d1f949$116c63e0$34452ba0$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <04b501d1f949$116c63e0$34452ba0$@ndzh.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/IEi9u5RvcoMqc-gq5jMp1fP58xY>
Cc: i2rs@ietf.org, i2rs-chairs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'The IESG' <iesg@ietf.org>, jhaas@pfrc.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's Discuss on draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 12:15:15 -0000

Sue,

I still do not see why the 'mode of exposure' of data benefits from
being hard-wired in the data model. For me, it is a situational and
deployment specific question. But I shut up here since I aired this
concern before (and we simply seem to disagree).

/js

On Thu, Aug 18, 2016 at 08:07:18AM -0400, Susan Hares wrote:
> Juergen: 
> 
> My example is the looking glass servers for the BGP route views project
> (http://www.routeviews.org/) or a route indicating the presence of a
> web-server that is public.   For the BGP I2RS route, a yang model could
> replace the looking glass function, and provide events for these looking
> glass functions.    For the web-server route,  an event be sent when that
> one route is added.  
> 
> Sue 
> 
> 
> -----Original Message-----
> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
> Sent: Thursday, August 18, 2016 3:32 AM
> To: Susan Hares
> Cc: 'Kathleen Moriarty'; 'The IESG'; jhaas@pfrc.org; i2rs@ietf.org;
> i2rs-chairs@ietf.org;
> draft-ietf-i2rs-protocol-security-requirements@ietf.org
> Subject: Re: [i2rs] Kathleen Moriarty's Discuss on
> draft-ietf-i2rs-protocol-security-requirements-07: (with DISCUSS and
> COMMENT)
> 
> On Wed, Aug 17, 2016 at 09:16:48PM -0400, Susan Hares wrote:
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> > 
> > > Section 3: 
> > > Can you clarify the second to last sentence?  Do you mean there are
> sections that indicate an insecure transport should be used?
> > >   I2RS allows the use of an
> > >  insecure transport for portions of data models that clearly 
> > > indicate  insecure transport.
> > 
> > >  Perhaps:
> > >  I2RS allows the use of an
> > >  insecure transport for portions of data models that clearly 
> > > indicate the use of an  insecure transport.
> 
> I still wonder how a data model writer can reasonably decide whether a piece
> of information can be shipped safely over an insecure transport since this
> decision often depends on the specifics of a deployment situation.
> 
> /js
> 
> PS: I hope we do not end up with defining data multiple times (once
>     for insecure transport and once for secured transports).
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> 
> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>