IETF Logo Mail Archive

Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)

Andy Bierman <andy@yumaworks.com> Thu, 19 January 2017 18:56 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 156E61294AC for <i2rs@ietfa.amsl.com>; Thu, 19 Jan 2017 10:56:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMgHANAXzexW for <i2rs@ietfa.amsl.com>; Thu, 19 Jan 2017 10:56:26 -0800 (PST)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77DC1129512 for <i2rs@ietf.org>; Thu, 19 Jan 2017 10:56:23 -0800 (PST)
Received: by mail-yb0-x22c.google.com with SMTP id w194so31339724ybe.0 for <i2rs@ietf.org>; Thu, 19 Jan 2017 10:56:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IjGcy3qaOTk/QQdf/Ytsjw1MZu+MGuTZK/4zVySbg9E=; b=igZQxmVY4otJTqtJI5cC0WV8W+wynM4Cfg6igXI4hpTaL0TpVf7y2wUxv30+ipJ/dU 4r/b99vO+SmpJpqpjrtJ2vazoSvDivH3JYdiSx3qRebEb7qZ4GcAWmc2bts/sbmlsyX3 CIBruLVy/DEbWXDZRZlG6YffPSHkNWqzYePvRfEY1rPPmjmL5HFaBsOO5VuEdG1Zo4gN XzDRhcXql5QoadCuY1JvGq03Qmw4m/XwK7Nefkfll+4E/qoPaLFPGG5W4cKM9cPtWq6z hHl11eV6O/XhhzMxKWzzBoc4AmCtEz25EfbQWslLeXP7R3vWaC3siT5fgho60Ar3vSFC 9gdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IjGcy3qaOTk/QQdf/Ytsjw1MZu+MGuTZK/4zVySbg9E=; b=NTfwB2KVq77U8RVs7UlsMBRB4+w0yYjITT0EcCxWyEfbx7vi5TeuiHaIocPSZZoix8 dTJK5ny7XDp5/3iG67FVPvW8wWxlZw1gLxedEb4/nQ/mcF/8znaAKnzPP/NXYmoLpQmA 2Mz3GfjZz4aY93hH5o6NXpDF4lLu/EjUX1sTfMtSzyVOOni7j4YpKjAznM7NbwEJealP +j2bAzx5A+wZyXXkZVsG2MwiM6u0QMuqy3/IBX9cwydWpjeNStFkFMvweEAVrcVECwuI lTaeWlAlkmnNkvGWw+c/36WBib2uVd1VB6HhvH1ZnXDZRrjAStGinErKusbaiyQ651d6 Bxxw==
X-Gm-Message-State: AIkVDXITFs9VTbO2XzE4qlawYvibynzCmf6W8nK/1APq6jjxk1rYXrXXGb14SWUtJ/lCnKsigRI2QGUBTWOVhQ==
X-Received: by 10.55.135.197 with SMTP id j188mr9224411qkd.71.1484852182649; Thu, 19 Jan 2017 10:56:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.145.66 with HTTP; Thu, 19 Jan 2017 10:56:22 -0800 (PST)
In-Reply-To: <038c01d27284$72ff01d0$58fd0570$@ndzh.com>
References: <148479382192.2016.17507851181705214581.idtracker@ietfa.amsl.com> <026f01d27260$45554a10$cfffde30$@ndzh.com> <20170119153400.GA8004@elstar.local> <036401d2727f$fc114910$f433db30$@ndzh.com> <CABCOCHS9DLkD9rgn_a48nRWMEqV5Qi=QgPLD+DkVRdzJYLem-Q@mail.gmail.com> <038c01d27284$72ff01d0$58fd0570$@ndzh.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Thu, 19 Jan 2017 10:56:22 -0800
Message-ID: <CABCOCHQftUToL9ifESfx8ju62jFfe4hb9Aeq5n=J8Ez-duD1OQ@mail.gmail.com>
To: Susan Hares <shares@ndzh.com>
Content-Type: multipart/alternative; boundary="94eb2c0777e6e4503705467716b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2rs/g25y2szKijUYDI5b9FagcL8NtVQ>
Cc: "i2rs@ietf.org" <i2rs@ietf.org>, draft-ietf-i2rs-yang-l3-topology@ietf.org, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, i2rs-chairs@ietf.org, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
Subject: Re: [i2rs] Kathleen Moriarty's No Objection on draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jan 2017 18:56:28 -0000

Hi,

I realized that the NACM "default-deny-write" and "default-deny-all" tags
are
very similar.  We are deciding (in the data model) that the data node
can never be sent without an explicit NACM rule allowing it.
(I have never heard from a customer that they want this NACM rule ignored).
We do not abuse these NACM tags. They are rarely used.
I think the same will be true for the I2RS extension.


Andy


On Thu, Jan 19, 2017 at 10:47 AM, Susan Hares <shares@ndzh.com> wrote:

> Andy:
>
>
>
> You are right to comment that – the “flip side of this extensions is that
> any node not properly tagged must not be SENT”.   The purpose of tagging is
> devices which test protocol conformation can test these portions of the
> model.  If buyers demand that these restrictions are followed, then these
> restrictions will not be ignored.  Like you and Juergen, I really hope that
> the IESG will very carefully evaluate any I2RS YANG Model that suggest
> sending data over non-secure transport.
>
>
>
> Sue Hares
>
>
>
> *From:* Andy Bierman [mailto:andy@yumaworks.com]
> *Sent:* Thursday, January 19, 2017 1:31 PM
> *To:* Susan Hares
> *Cc:* Juergen Schoenwaelder; draft-ietf-i2rs-yang-l3-topology@ietf.org;
> i2rs@ietf.org; Kathleen Moriarty; The IESG; i2rs-chairs@ietf.org
> *Subject:* Re: [i2rs] Kathleen Moriarty's No Objection on
> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
>
>
> Hi,
>
>
>
> I strongly agree with Juergen on this issue.
>
> But you can easily design a YANG extension that indicates a data node
>
> is OK for insecure transport.
>
>
>
> I trust that the IESG will evaluate every object of this type and
>
> decide whether it is really OK for disclosure in every possible
>
> usage scenario.
>
>
>
> The flip-side of this extension is that any node not properly tagged
>
> MUST NOT be sent without the proper security protocols.
>
> This rule will likely be ignored, since (as Juergen pointed out)
>
> this is a deployment decision, not a modeling decision.
>
>
>
>
>
> Andy
>
>
>
>
>
> On Thu, Jan 19, 2017 at 10:15 AM, Susan Hares <shares@ndzh.com> wrote:
>
> Juergen:
>
> I recognize that dislike insecure communication.  You made a similar
> comment
> during the WG LC and IETF review of
> draft-ietf-i2rs-protocol-security-requirements.  However, the
> draft-ietf-i2rs-protocol-security-requirements were passed by the I2RS WG
> and approved by the IESG for RFC publication and it contains the non-secure
> communication.  The mandate from the I2RS WG for this shepherd/co-chair is
> clear.
>
> As the shepherd for the topology drafts, I try to write-up something that
> might address Kathleen's Moriarty's concerns about the topology draft's
> security issues about privacy and the I2RS ephemeral control plane data
> store.   I welcome an open discussion on my ideas
> (https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider).
>  The
> yang doctor's YANG  security consideration template
> (https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines) and the
> privacy related RFCs (RFC6973) note that some information is sensitive.
> Hopefully, this document extends these guidelines to a new data store.
>
> Cheerily,
> Sue Hares
>
> -----Original Message-----
> From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de]
> Sent: Thursday, January 19, 2017 10:34 AM
> To: Susan Hares
> Cc: 'Kathleen Moriarty'; 'The IESG';
> draft-ietf-i2rs-yang-l3-topology@ietf.org; i2rs@ietf.org;
> i2rs-chairs@ietf.org
> Subject: Re: [i2rs] Kathleen Moriarty's No Objection on
> draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
>
> For what it is worth, I find the notion that data models may be written for
> a specific non-secure transport plain broken. There is hardly any content
> of
> a data model I can think of which is generally suitable for insecure
> transports.
>
> Can we please kill this idea of _standardizing_ information that is
> suitable
> to send over non-secure transports? I really do not see how the IETF can
> make a claim that a given piece of information is never worth protecting (=
> suitable for non-secure transports).
>
> Note that I am fine if in a certain trusted tightly-coupled deployment
> information is shipped in whatever way but this is then a property of the
> _deployment_ and not a property of the _information_.
>
> /js
>
> On Thu, Jan 19, 2017 at 09:28:14AM -0500, Susan Hares wrote:
> > Kathleen:
> >
> > I have written a draft suggesting a template for the I2RS YANG modules
> which are designed to exist in the I2RS Ephemeral Control Plane data store
> (configuration and operational state).
> >
> > Draft location:
> > https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider/
> >
> > I would appreciate an email discussion with the security ADs, OPS/NM ADs,
> and Routing AD (Alia Atlas).  I agree that this I2RS YANG data model (L3)
> and the base I2RS topology model should both provide updated YANG Security
> Considerations sections. I would appreciate if Benoit or you hold a discuss
> until we sort out these issues.
> >
> > Thank you,
> >
> > Sue
> >
> > -----Original Message-----
> > From: Kathleen Moriarty [mailto:Kathleen.Moriarty.ietf@gmail.com]
> > Sent: Wednesday, January 18, 2017 9:44 PM
> > To: The IESG
> > Cc: draft-ietf-i2rs-yang-l3-topology@ietf.org; shares@ndzh.com;
> > i2rs-chairs@ietf.org; shares@ndzh.com; i2rs@ietf.org
> > Subject: Kathleen Moriarty's No Objection on
> > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT)
> >
> > Kathleen Moriarty has entered the following ballot position for
> > draft-ietf-i2rs-yang-l3-topology-08: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l3-topology/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > I agree with Alissa's comment that the YANG module security consideration
> section guidelines need to be followed and this shouldn't go forward until
> that is corrected.  I'm told it will be, thanks.
> >
> >
> >
> > _______________________________________________
> > i2rs mailing list
> > i2rs@ietf.org
> > https://www.ietf.org/mailman/listinfo/i2rs
>
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>
> _______________________________________________
> i2rs mailing list
> i2rs@ietf.org
> https://www.ietf.org/mailman/listinfo/i2rs
>
>
>

v2.23.0 | Report a Bug | By Email