Re: [i2rs] Ben Campbell's No Objection on draft-ietf-i2rs-protocol-security-requirements-08: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 18 August 2016 02:59 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64F0E12D84D; Wed, 17 Aug 2016 19:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.147
X-Spam-Level:
X-Spam-Status: No, score=-3.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKLF3TG9goG8; Wed, 17 Aug 2016 19:59:17 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB30312B063; Wed, 17 Aug 2016 19:59:17 -0700 (PDT)
Received: from [10.0.1.4] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u7I2xGql012178 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 17 Aug 2016 21:59:16 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.4]
From: Ben Campbell <ben@nostrum.com>
To: Susan Hares <shares@ndzh.com>
Date: Wed, 17 Aug 2016 21:59:16 -0500
Message-ID: <83E3F6F1-ED04-4744-BC42-84C67653EC34@nostrum.com>
In-Reply-To: <000801d1f8fb$dd471d00$97d55700$@ndzh.com>
References: <147148830474.23714.14742463076688973726.idtracker@ietfa.amsl.com> <000801d1f8fb$dd471d00$97d55700$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/f1KUCdYo61ljupr4RnZqef35z7I>
Cc: Jeffrey Haas <jhaas@pfrc.org>, i2rs@ietf.org, The IESG <iesg@ietf.org>, i2rs-chairs@ietf.org, draft-ietf-i2rs-protocol-security-requirements@ietf.org
Subject: Re: [i2rs] Ben Campbell's No Objection on draft-ietf-i2rs-protocol-security-requirements-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 02:59:19 -0000
Yes, that would address my concern, especially if you think implementers will pay attention :-) There may be interaction with the SHOULD in the previous paragraph, but I will leave the word-smithing to you. Thanks! Ben. On 17 Aug 2016, at 21:54, Susan Hares wrote: > Ben: > > I'd be glad to take any further suggestions on section 3.2 that > improves it for you. Does modifying this section from > > Old/ > A non-secure transport can be used for publishing telemetry data > or other operational state that was specifically indicated to > non-confidential in the data model in the Yang syntax. > / > > New/ > A non-secure transport can be used for publishing telemetry data > or other operational state that was specifically indicated to > non-confidential in the data model in the Yang syntax. > Anything not specifically marked as "non-confidential" MUST > be transmitted over a secure transport connection. > / > > Help your concerns on version 3.2? > > Sue > > > -----Original Message----- > From: Ben Campbell [mailto:ben@nostrum.com] > Sent: Wednesday, August 17, 2016 10:45 PM > To: The IESG > Cc: draft-ietf-i2rs-protocol-security-requirements@ietf.org; Jeffrey > Haas; i2rs-chairs@ietf.org; jhaas@pfrc.org; i2rs@ietf.org > Subject: Ben Campbell's No Objection on > draft-ietf-i2rs-protocol-security-requirements-08: (with COMMENT) > > Ben Campbell has entered the following ballot position for > draft-ietf-i2rs-protocol-security-requirements-08: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut > this introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-i2rs-protocol-security-requirements/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Version 8 resolved my discuss point for section 3.4. Thanks! > > I don't think it resolved my discuss point for 3.2. I'm clearing > anyway, because I think my point has been made. I would prefer the > language to say that anything not explicitly marked as > non-confidential in the relevant data model MUST be sent over a > protected transport. But I will leave it to the authors to do the > right thing. > > I will leave my non-discuss comments below for reference. I think > version > 8 resolves at least some of them. Any remaining are up to you; none of > them are show stoppers. > >> -2.1: I am on the fence about other's comments about copying >> definitions here--but if you do copy them here, it seems strange to >> not mention "client" or "agent". > > [Sue] Removed definitions. > >> I agree with Alissa about equating privacy and confidentiality. > [Sue]: Removed definition with this text. > > -3.1,: >> ? I’m confused by the first paragraph. I don’t find strings of >> the form of SEC-REQ-XX in 7921. I think _this_ doc sets these >> requirements, right? > > This document restates the concepts in RFC7921, and adds specific > numbers. The restatement in this form allows requirements to be > checked against the developed protocol. > > >> It’s not clear to me how 5 and 6 differ. Is it just a matter of the >> additional “before establishing a connection” part in 6? > > Version 08 has these two merged. > > >> -3.4: Isn't 15 simply a restatement of the third item under 14? > > Changed this text. Please review the new 13 and 14. > > 3.5: The MAYs in 19 and 20 seem like statements of fact. (That is, do > they simply recognize reality, or to they grant permission?) > > They provide a list of approved examples so that the NETCONF/RESTCONF > can review these examples. These examples will help the > NETCONF/RESTCONF in their design discussions. > > Sue
- Re: [i2rs] Ben Campbell's No Objection on draft-i… Ben Campbell
- Re: [i2rs] Ben Campbell's No Objection on draft-i… Susan Hares
- [i2rs] Ben Campbell's No Objection on draft-ietf-… Ben Campbell