[netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 15 May 2019 19:38 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BF3301200B1; Wed, 15 May 2019 12:38:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-netconf-restconf-notif@ietf.org, Kent Watsen <kent+ietf@watsen.net>, netconf-chairs@ietf.org, kent+ietf@watsen.net, netconf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.96.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <155794911377.30630.11830718567923683706.idtracker@ietfa.amsl.com>
Date: Wed, 15 May 2019 12:38:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/-BL_jt2Iwh5OrVet_tAhlHtLvXI>
Subject: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 19:38:34 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-netconf-restconf-notif-13: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-notif/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Per Section 9, [draft-ietf-netconf-netconf-event-notifications] and
[draft-ietf-netconf-subscribed-notifications] mention concerns about a
“malicious or buggy subscriber sends a number of establish-subscription
requests” in their Security Considerations.  Is that not a concern here too?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

(1) Section 3.1.  “A subscriber can then attempt to re-establish the dynamic
subscription by using the procedure described in Section 3.”  This seems like a
circular reference.  This guidance (to go read Section 3) is being given in
Section 3.1 (which is inside Section 3).

(2) Section 3.3.  Missing word.
s/requests with publisher/requests with the publisher/

(3) Section 3.4.  “This initiates the publisher to initiate the flow …”.  I
stumbled over the double use of “initiate”.  Do you mean “This signals to the
publisher to initiate the flow …”?

(4) Section 3.4 suggests that NACM/related methods should be used to authorize
“modify-subscription, resync-subscription and delete-subscription” RPCs. 
Section 9, Security Considerations, says “Therefore, even if an attacker
succeeds in guessing the subscription URI, a RESTCONF username [RFC8040] with
the required administrative permissions must be used to be able to access or  
modify that subscription.”  Is there a reason not to say the obvious thing in
the Security Considerations that these particular RPCs should be protected
(with NACM/related methods like was stated in Section 3.4).