IETF Logo Mail Archive

Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

"Susan Hares" <shares@ndzh.com> Thu, 19 January 2017 18:19 UTC

Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8989A12947D; Thu, 19 Jan 2017 10:19:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.945
X-Spam-Level:
X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvWVjI_5JLnD; Thu, 19 Jan 2017 10:19:33 -0800 (PST)
Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B6CF1293DB; Thu, 19 Jan 2017 10:19:32 -0800 (PST)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=50.36.89.227;
From: Susan Hares <shares@ndzh.com>
To: 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>
References: <148479382192.2016.17507851181705214581.idtracker@ietfa.amsl.com> <026f01d27260$45554a10$cfffde30$@ndzh.com> <20170119153400.GA8004@elstar.local>
In-Reply-To: <20170119153400.GA8004@elstar.local>
Date: Thu, 19 Jan 2017 13:15:15 -0500
Message-ID: <036401d2727f$fc114910$f433db30$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH+ufYYBtIA0WoGRREYM1y0KVh6/gG9jePVAbW2ZnWgy9qPcA==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/eTRUrT3sWRJU4_piUSgG6rM9PFE>
Cc: draft-ietf-i2rs-yang-l3-topology@ietf.org, i2rs@ietf.org, 'Kathleen Moriarty' <Kathleen.Moriarty.ietf@gmail.com>, 'The IESG' <iesg@ietf.org>, i2rs-chairs@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 18:19:34 -0000

Juergen: 

I recognize that dislike insecure communication.  You made a similar comment
during the WG LC and IETF review of
draft-ietf-i2rs-protocol-security-requirements.  However, the
draft-ietf-i2rs-protocol-security-requirements were passed by the I2RS WG
and approved by the IESG for RFC publication and it contains the non-secure
communication.  The mandate from the I2RS WG for this shepherd/co-chair is
clear.  

As the shepherd for the topology drafts, I try to write-up something that
might address Kathleen's Moriarty's concerns about the topology draft's
security issues about privacy and the I2RS ephemeral control plane data
store.   I welcome an open discussion on my ideas
(https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider).   The
yang doctor's YANG  security consideration template
(https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines) and the
privacy related RFCs (RFC6973) note that some information is sensitive.
Hopefully, this document extends these guidelines to a new data store. 

Cheerily, 
Sue Hares 

-----Original Message-----
From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
Sent: Thursday, January 19, 2017 10:34 AM
To: Susan Hares
Cc: 'Kathleen Moriarty'; 'The IESG';
draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs@ietf.org;
i2rs-chairs@ietf.org
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

For what it is worth, I find the notion that data models may be written for
a specific non-secure transport plain broken. There is hardly any content of
a data model I can think of which is generally suitable for insecure
transports.

Can we please kill this idea of _standardizing_ information that is suitable
to send over non-secure transports? I really do not see how the IETF can
make a claim that a given piece of information is never worth protecting (=
suitable for non-secure transports).

Note that I am fine if in a certain trusted tightly-coupled deployment
information is shipped in whatever way but this is then a property of the
_deployment_ and not a property of the _information_.

/js

On Thu, Jan 19, 2017 at 09:28:14AM -0500, Susan Hares wrote:
> Kathleen: 
> 
> I have written a draft suggesting a template for the I2RS YANG modules
which are designed to exist in the I2RS Ephemeral Control Plane data store
(configuration and operational state).    
> 
> Draft location: 
> https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider/
> 
> I would appreciate an email discussion with the security ADs, OPS/NM ADs,
and Routing AD (Alia Atlas).  I agree that this I2RS YANG data model (L3)
and the base I2RS topology model should both provide updated YANG Security
Considerations sections. I would appreciate if Benoit or you hold a discuss
until we sort out these issues. 
> 
> Thank you,
> 
> Sue
> 
> -----Original Message-----
> From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com]
> Sent: Wednesday, January 18, 2017 9:44 PM
> To: The IESG
> Cc: draft-ietf-i2rs-yang-l3-topology@ietf.org; shares@ndzh.com; 
> i2rs-chairs@ietf.org; shares@ndzh.com; i2rs@ietf.org
> Subject: Kathleen Moriarty's No Objection on 
> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
> 
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-i2rs-yang-l3-topology-08: No Objection
> 
> When responding, please keep the subject line intact and reply to all 
> email addresses included in the To and CC lines. (Feel free to cut 
> this introductory paragraph, however.)
> 
> 
> Please refer to 
> https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l3-topology/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> I agree with Alissa's comment that the YANG module security consideration
section guidelines need to be followed and this shouldn't go forward until
that is corrected.  I'm told it will be, thanks.
> 
> 
> 
> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email