Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS)
"Acee Lindem (acee)" <acee@cisco.com> Wed, 02 October 2019 13:51 UTC
Return-Path: <acee@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AF8D120048; Wed, 2 Oct 2019 06:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BoOsmA6c; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=E51GesZM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pLBAxh71xlyS; Wed, 2 Oct 2019 06:51:45 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F559120020; Wed, 2 Oct 2019 06:51:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2896; q=dns/txt; s=iport; t=1570024305; x=1571233905; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=HrCoYkp6KfIA/o3iY/hjnvekSEol9FFpTpj2nRQszb4=; b=BoOsmA6c/0MCRAseM5GDpCabpNwlL2ywaqoyFBoTroIt24zIA/95G3MK yqz0ulXrn4YYLlg0H08zgC9f2Rp3fQXx3ZTH2LMPJYBZx3jt4SaNMjLiX RgBvgi0cPGfEaLjIzfEq7XsLG0TuZ69+HlpUPIG+wXkX2CP5ZK1c2z41i E=;
IronPort-PHdr: 9a23:pV2/sBbpwe8pe6x7Gpb00H7/LSx94ef9IxIV55w7irlHbqWk+dH4MVfC4el20QKbRp3VvvRDjeee87vtX2AN+96giDgDa9QNHwQAld1QmgUhBMCfDkiuJfXnYgQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANAACAqpRd/5hdJa1mGgEBAQEBAgEBAQEMAgEBAQGBVAQBAQEBCwGBSlADbVYgBAsqhCKDRwOKPZpTgS4UgRADVAkBAQEMAQEjCgIBAYRAAheCJSM1CA4CAwkBAQQBAQECAQUEbYUtDIVMAgQSEREMAQE3AQ8CAQgODAImAgICMBUQAgQBDQUigwABgWoDHQECDKUZAoE4iGF1gTKCfQEBBYFIQYJ8GIIXAwaBDCgBjA0YgX+BEAEnH4JMPoJhAgECAYEXEwESAYMsMoImjQOCLjedRwqCIocIigyEAhuCOIdOjzOOJogekQ4CBAIEBQIOAQEFgVQBNkQjWBEIcBU7KgGCQVAQFIFPg3OFFIU/dAGBKI1WgkUBAQ
X-IronPort-AV: E=Sophos;i="5.64,574,1559520000"; d="scan'208";a="349455032"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Oct 2019 13:51:44 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x92Dph6D009591 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Oct 2019 13:51:44 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 08:51:43 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 09:51:42 -0400
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 2 Oct 2019 08:51:42 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AMHVKlgh5AnbH0DfCXTENu8tAZk96OM1sav4zuuI+5rsHI3rLsI5dD5ZmT5LpR4bg7EWi5o/t4sYf0+jFEJYbfiT4RlMtyBpc77cFIyhd4jYUqGQ8ACINfGBJzJSpvuwpYvgCcbQyd+wYw5jqzhxo9aUACCt6rDXNib2jLdK1xII95W/VbpwGKuZHPHmQ49b8oKbv1TcjXKivXDBZb3RFiROYpfmCA2FN/Lf49I26o+cG0C808ErqzYP3knxDYiW5NW4PIBUvib/TSb62kFD6S6z6BBAtdVvowz73kF1sf5A+MrlaoFrXLr6hi3dtvzQhT0JI96MwarhMT+qg5VsdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HrCoYkp6KfIA/o3iY/hjnvekSEol9FFpTpj2nRQszb4=; b=HiT1WSh5i1oNSoyGGjYInn7SW90yHIQuxteNZtaOveO7fx6FRlOPyNEW5MMO+OnNAnqGb6wdnKOMq9z+HOzNG3cpMDybDZXxVQdv7zoSp7VsB0Wi8APWcrCCnXgGF5wFpygHzSxJDSQCIvMx+S3KdZHgpmH8xD4xjMHPlg3RpOGpdbcQWR9Os7zQbky9SRKVWJFJkOUh+ui0H5T5F0oJuObjQrv1DBn2K7sOV9+ObW2q8X4jdYgfgBfVIht09wZRf8fK5Gb6qDPQ1/tFry9zOJzDbliSsBPaRVyvJexYSf5/NxHQOmCEGwNX1zSzlzpEYjOXyHOiLkfGKWoFnUnZnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HrCoYkp6KfIA/o3iY/hjnvekSEol9FFpTpj2nRQszb4=; b=E51GesZMD9CYTrIfxddyvbqq98wNLk6kb1aX9UPfRO3fD71AtezYn8XIjFZpG5KzlnppwAxPFlJUrysd7nFmxdvenJUK680f90zVYMOtzX+GSRe8ycxbAyVpaIuLZ9RNBAKtsv+OB94g+1bUbKmELS9FBkZoRN440ykFhC8tWtM=
Received: from MN2PR11MB4221.namprd11.prod.outlook.com (52.135.38.14) by MN2PR11MB3678.namprd11.prod.outlook.com (20.178.254.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Wed, 2 Oct 2019 13:51:41 +0000
Received: from MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::787e:8cf4:6217:9f56]) by MN2PR11MB4221.namprd11.prod.outlook.com ([fe80::787e:8cf4:6217:9f56%4]) with mapi id 15.20.2305.023; Wed, 2 Oct 2019 13:51:41 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-isis-yang-isis-cfg@ietf.org" <draft-ietf-isis-yang-isis-cfg@ietf.org>, Yingzhen Qu <yingzhen.ietf@gmail.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS)
Thread-Index: AQHVeJbV3oCQA3LHR0KTUohMFE09TKdHHMuA
Date: Wed, 02 Oct 2019 13:51:40 +0000
Message-ID: <164712DE-28D8-45F6-BD17-56AF47C13301@cisco.com>
References: <156996172314.23773.16929190076258777891.idtracker@ietfa.amsl.com>
In-Reply-To: <156996172314.23773.16929190076258777891.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=acee@cisco.com;
x-originating-ip: [2001:420:c0c4:1005::97]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab8076e2-552f-4887-c9a3-08d7473fa73d
x-ms-traffictypediagnostic: MN2PR11MB3678:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB3678BAB6A72C7153729B743AC29C0@MN2PR11MB3678.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0178184651
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(396003)(366004)(346002)(136003)(199004)(189003)(6246003)(102836004)(76116006)(66476007)(478600001)(486006)(110136005)(966005)(81166006)(66556008)(8936002)(2616005)(476003)(11346002)(446003)(46003)(66446008)(81156014)(6506007)(54906003)(186003)(33656002)(305945005)(64756008)(76176011)(25786009)(2906002)(256004)(316002)(6116002)(71190400001)(71200400001)(99286004)(6486002)(7736002)(66946007)(6436002)(4326008)(229853002)(6306002)(6512007)(86362001)(36756003)(5660300002)(14454004)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3678; H:MN2PR11MB4221.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KZ+LFMIg3ylP2i3WjgquSez4wLGkeoYp2Wh37Yxfs6y2eSENFpqUhEtSRDVY055BLd4d6paHcQEoR2gGk4oOKXCwldeX0ohAjMvk3xAYu+xx3mr9AnfHzj2i1CnXUfC7cH5UsvRZufwAjV+MzuQnUnSj1+qQAPytHN0Y4LNbBu21wvRMEeh5tDwYcDLeRsg495t/v0n9D/sSNGFb6mkAnfYts1MlfdDVAtUxP3uNJpNqGd1m8wtaUgdfr0UuN0k5PhXp6s8tFWUNTP3SDRP50Y8dNBKIsOvUX73eLSQY6j2bbhmtHDAXf37rUpCa6pj7BYxIUK1T9GCxVZ73a5LBlwr9Fc87axDc0GyPDY27AlqlA4ZyYZJQ8YB3i7Ef0kx670U0+3RxXlYcrTeD/SePWAbuqg6fdDDLXMTjYXjLp7C8exaF5XbUjcrryj4FVsX8Us+AD+XAje3txjUS4UQNrQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <9A107177DE0E90459E8FF27041AF9C56@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ab8076e2-552f-4887-c9a3-08d7473fa73d
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2019 13:51:40.9381 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uVRbXbLOYLfOACBh9I6BLs5adw4e9PrnkozVckpqPJfZXYBlecArUGW3fMRlakAS
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3678
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/FFqEz3Sb_FtvOJZtryefEMUgWz8>
Subject: Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2019 13:51:48 -0000
Hi Roman, On 10/1/19, 4:28 PM, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote: Roman Danyliw has entered the following ballot position for draft-ietf-isis-yang-isis-cfg-40: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-isis-yang-isis-cfg/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 7. A DISCUSS for discussion. Thanks for this enumeration of writeable and readable nodes which could be considered sensitive. Per the list of nodes that could expose the topology of the network, wouldn’t the following also have sensitive topology information: -- /isis/local-rib Although not as detailed as the Link State Database, a case could also be made for the local RIB. I'll add it to the sensitive operational data. -- /isis/hostnames These is basically a mapping of hostnames to ISO System IDs. The ISO System ID is really only used by IS-IS (native CLNS is a thing of the past). I really don't see this as being all that useful to an attacker. Furthermore, shouldn’t the log files also be protected as the errors or status posted there could also leak topology information: -- /isis/spf-log -- /isis/lsp-log This doesn't include the contents of the LSP - only the LSP ID that caused the SPF. I don't see how this would that sensitive - other than that someone accessing the SPF and LSP logs could determine that the IS-IS Routing domain is volatile. Thanks, Acee
- [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-… Roman Danyliw via Datatracker
- Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-i… Acee Lindem (acee)
- Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-i… Roman Danyliw