[netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 15 May 2019 19:38 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BF3301200B1; Wed, 15 May 2019 12:38:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-restconf-notif@ietf.org, Kent Watsen <kent+ietf@watsen.net>, netconf-chairs@ietf.org, kent+ietf@watsen.net, netconf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <155794911377.30630.11830718567923683706.idtracker@ietfa.amsl.com>
Date: Wed, 15 May 2019 12:38:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/-BL_jt2Iwh5OrVet_tAhlHtLvXI>
Subject: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 19:38:34 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-netconf-restconf-notif-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-notif/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Per Section 9, [draft-ietf-netconf-netconf-event-notifications] and [draft-ietf-netconf-subscribed-notifications] mention concerns about a “malicious or buggy subscriber sends a number of establish-subscription requests” in their Security Considerations. Is that not a concern here too? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) Section 3.1. “A subscriber can then attempt to re-establish the dynamic subscription by using the procedure described in Section 3.” This seems like a circular reference. This guidance (to go read Section 3) is being given in Section 3.1 (which is inside Section 3). (2) Section 3.3. Missing word. s/requests with publisher/requests with the publisher/ (3) Section 3.4. “This initiates the publisher to initiate the flow …”. I stumbled over the double use of “initiate”. Do you mean “This signals to the publisher to initiate the flow …”? (4) Section 3.4 suggests that NACM/related methods should be used to authorize “modify-subscription, resync-subscription and delete-subscription” RPCs. Section 9, Security Considerations, says “Therefore, even if an attacker succeeds in guessing the subscription URI, a RESTCONF username [RFC8040] with the required administrative permissions must be used to be able to access or modify that subscription.” Is there a reason not to say the obvious thing in the Security Considerations that these particular RPCs should be protected (with NACM/related methods like was stated in Section 3.4).
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Reshad Rahman (rrahman)