[netconf] Roman Danyliw's Discuss on draft-ietf-netconf-ssh-client-server-38: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 27 February 2024 19:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B9F2C14F60D; Tue, 27 Feb 2024 11:46:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-ssh-client-server@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, perander@cisco.com, mjethanandani@gmail.com, perander@cisco.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <170906316523.59504.6213641304185326185@ietfa.amsl.com>
Date: Tue, 27 Feb 2024 11:46:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/1Fl5oreC5YJgIR7vy5mzNK4W_Kc>
Subject: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-ssh-client-server-38: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2024 19:46:05 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-netconf-ssh-client-server-38: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-ssh-client-server/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I struggle to understand when it is assumed that the security considerations of the imported modules apply, and when they will be surfaced as issues in the module that is using them. With that confusion in mind: ** Section 5.7. The ietf-ssh-server module is described as having no readable data nodes that are sensitive. Consider the example in Section 4.2. Wouldn’t enumerating the list of users for which there is a client-authentication configuration be sensitive? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 5.1, 5.2, 5.3 and 5.4? The protocol-accessible read-only node for the algorithms supported by a server is mildly sensitive, but not to the extent that special NACM annotations are needed to prevent read-access to regular authenticated administrators. What is meant by “mildly sensitive” to call it out? ** Section 5.5. Does this section need a disclaimer that there are groupings that importing modules need to fully consider in their own Security Considerations? Same as in draft-ietf-netconf-tcp-client-server? ** Appendix A. Please provide an informative reference to Python for this non-normative (?) section.
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Kent Watsen