IETF Logo Mail Archive

Re: [i2rs] I2RS Interim Meeting - June 1, 2016 - 10:00am - 11:00am - Topic: Ephemeral State Requirements

"Eric Voit (evoit)" <evoit@cisco.com> Thu, 02 June 2016 14:32 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8D412D73E for <i2rs@ietfa.amsl.com>; Thu, 2 Jun 2016 07:32:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4n_2baU3qXw for <i2rs@ietfa.amsl.com>; Thu, 2 Jun 2016 07:32:44 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BE4E12D73A for <i2rs@ietf.org>; Thu, 2 Jun 2016 07:32:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1507; q=dns/txt; s=iport; t=1464877964; x=1466087564; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8wh0OOJWjV7HG7Q5E/72RoRdzcpQSf4GVb7VHoxIDGo=; b=N7Lo98onha6oGE6RQVG1jpNDUj7C/bPHFKTWNF8O1kZ/Y58dEeNRpjM2 W/lo9AVsIF9K19qIsx9ffH8lnxVjhIW1CE4DOKrD3PBDxgS63oUucJj90 Gv9aDj4961S3yeTCNfyKFIV4E3BQFWaaj1+VBSVE4onnrEdsOGbGEUtkA M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D2AQA4Q1BX/4oNJK1UCYM6Vn0GuiiBeRcLhXACgS84FAEBAQEBAQFlJ4RFAQEBAwEBAQE3NAsFCwIBCA4XEQULJwslAgQBDQUIiB8IDsIPAQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWGJ4RNgTmCWQcKAYV2BYgOhwmJIAGOGIFwh3uFOI9LAR42gjmBNW6JRzZ/AQEB
X-IronPort-AV: E=Sophos;i="5.26,406,1459814400"; d="scan'208";a="109070522"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Jun 2016 14:32:20 +0000
Received: from XCH-RTP-008.cisco.com (xch-rtp-008.cisco.com [64.101.220.148]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u52EWJto015497 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 2 Jun 2016 14:32:19 GMT
Received: from xch-rtp-013.cisco.com (64.101.220.153) by XCH-RTP-008.cisco.com (64.101.220.148) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 2 Jun 2016 10:32:18 -0400
Received: from xch-rtp-013.cisco.com ([64.101.220.153]) by XCH-RTP-013.cisco.com ([64.101.220.153]) with mapi id 15.00.1104.009; Thu, 2 Jun 2016 10:32:18 -0400
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, Andy Bierman <andy@yumaworks.com>
Thread-Topic: [i2rs] I2RS Interim Meeting - June 1, 2016 - 10:00am - 11:00am - Topic: Ephemeral State Requirements
Thread-Index: AQHRu3XPM7ljbP1C/TwjkI20GPnld5/WMB0w
Date: Thu, 02 Jun 2016 14:32:18 +0000
Message-ID: <d24de921d26b4a179461b491bd791a71@XCH-RTP-013.cisco.com>
References: <000601d1bad5$70523090$50f691b0$@ndzh.com> <20160531063840.GA21289@elstar.local> <00d501d1bb45$0da83500$28f89f00$@ndzh.com> <20160531142540.GA22420@elstar.local> <001401d1bb4e$cfaefd10$6f0cf730$@ndzh.com> <20160531171304.GA22857@elstar.local> <CABCOCHR2JChAg1zmKDy_qxVOGYVeTm9wGVLyxzpChb5Ht0uaww@mail.gmail.com> <20160531195123.GN17462@pfrc.org>
In-Reply-To: <20160531195123.GN17462@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.56.228]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/fSupARSD6Q_Cqvv-QHwfqcHafc8>
Cc: "Benoit Claise (bclaise)" <bclaise@cisco.com>, "i2rs@ietf.org" <i2rs@ietf.org>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Susan Hares <shares@ndzh.com>, Alia Atlas <akatlas@gmail.com>
Subject: Re: [i2rs] I2RS Interim Meeting - June 1, 2016 - 10:00am - 11:00am - Topic: Ephemeral State Requirements
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2016 14:32:46 -0000

> Jeffrey Haas, Tuesday, May 31, 2016 3:51 PM
> 
> yang-push covers much of our desired pub-sub behavior. (Yay!)

Excellent
 
> Discussion is required for how to tag security considerations impacting transport
> into the yang model, in particular for notification.

We have been working two mechanisms being worked in the pub-sub drafts:

(1) For dynamically established subscriptions, the security credentials used for establishing the transport connection will also be used to determine either (a) access to an Event stream, or (b) access to nodes in a YANG datastore.  For (b) if the subscription has no read access to the target node then the subscription is rejected; if subtree nodes have no read access, then they are filtered out of the response.

(2) For subscriptions statically configured on a device, minimum security expectations and transport requirements will be included as part of the subscription.  Once the transport connectivity is established, the process in (1) above would be followed.

Are these addressing the security concerns you have about the subscription mechanisms?   Is something else needed?

> Proposals for secondary identity and priority are also needed.

Per my other email, mechanisms for priority might be adoptable from the Subscription drafts.

Eric
 
> -- Jeff
> 
> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs

v2.23.0 | Report a Bug | By Email