Re: [Netconf] Kathleen Moriarty's Discuss on draft-ietf-netconf-yang-patch-12: (with DISCUSS and COMMENT)
Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 11 November 2016 14:04 UTC
Return-Path: <mjethanandani@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5FC7129486; Fri, 11 Nov 2016 06:04:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cy_PcBK8L8gg; Fri, 11 Nov 2016 06:04:36 -0800 (PST)
Received: from mail-pg0-x235.google.com (mail-pg0-x235.google.com [IPv6:2607:f8b0:400e:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C17A012945B; Fri, 11 Nov 2016 06:04:36 -0800 (PST)
Received: by mail-pg0-x235.google.com with SMTP id 3so13401403pgd.0; Fri, 11 Nov 2016 06:04:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=5GI4kIsRV1TQJEV020KXXdQyCif2x0OSV6DIFTElzGU=; b=ne5Lwl6CD7IsKE5IKlF3BiPOnZCPmPM//MZAvnFnc+IDmgqYIgEJS+rU2VifmHxEA9 X8/JHgJIb91cZdGMdGDScggkEWkJQMGh6O7ScfxSxnH0B6IfB9ee+Q/4UsP9WTPE2fFX VEFDaUsFjqc8clebfzcxEF47kpiUInb9ZOVH6voEUaffsFHjoQhvHlN8ZSOJKcnOwltO aLL9URDOtM+Xh5EhxVKnJ8yg/8fDQcygeTYp+2HMidhFQkKu0KcZ/+HDeWKoJkReRPUe nlhDqP0594qYm8btGRbet74+Ho/icXL69UY/qNZahFLC9TIuOUiVKgK2+tJhedibHiKQ LOzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=5GI4kIsRV1TQJEV020KXXdQyCif2x0OSV6DIFTElzGU=; b=SoXj+ex8wKs8TFa8iQRmI2e41KxUe6vhtZUDjKrajPPqH663euptPpOEjMtPokLPUj Sy93WSuPongDJ8nvmflxust40MxyfkJhQXFL5pgmV/HR9BnQGQ8uasr9U/VI/PH9K5+V +OzPebPqszGR6NcMXt9pku44CMzgqWtuwqiFq4Z5CcZgaMwfosEVvNPKzHJnL5f+zXrM 8T5n5H8Wa4jYsWdqsOM6Mdv95Mw3Us4pZAp/TH4lsZNTPgVRwmWKP4ZnIJjxs0Ez0vQi t5Ss5rUpS0GchF49Z4QY+DYKx4kmx8hfiKeOUXEQmjuEK8D0D4O4R3SDE/JhW/d7m6iz PvcQ==
X-Gm-Message-State: ABUngveVTFbzbXBI7ENtl4sOoTntvimu9Ygt9pmDC9FFI0XsRphdz5kuDCNi1LJSctsRfw==
X-Received: by 10.99.99.195 with SMTP id x186mr5085152pgb.100.1478873075706; Fri, 11 Nov 2016 06:04:35 -0800 (PST)
Received: from ?IPv6:2001:420:c0c8:1003::4b2? ([2001:420:c0c8:1003::4b2]) by smtp.gmail.com with ESMTPSA id pe4sm15624259pac.6.2016.11.11.06.04.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 11 Nov 2016 06:04:34 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_1190BE72-4DE5-4456-B4AA-AC1E1D2A9EFA"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Mahesh Jethanandani <mjethanandani@gmail.com>
In-Reply-To: <CAHbuEH5c4bS5+Sh99uCYkFxRknCiQ8cnTfdegVq=bFDW9Yc5ZA@mail.gmail.com>
Date: Fri, 11 Nov 2016 22:04:29 +0800
Message-Id: <37602BEB-A072-4ACC-80E9-704867789A90@gmail.com>
References: <147792772371.32484.10246456033559418730.idtracker@ietfa.amsl.com> <392E80E1-C6EC-4466-8327-A890145E6A06@gmail.com> <CABCOCHRqVoomQO-sa+HEVD5DpN5rBpwgWpG2R8+LXVBvgO6_Mg@mail.gmail.com> <CAHbuEH5c4bS5+Sh99uCYkFxRknCiQ8cnTfdegVq=bFDW9Yc5ZA@mail.gmail.com>
To: Andy Bierman <andy@yumaworks.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ApXEtAyo0ytP-Vq7p45YuaCNI7E>
Cc: Netconf <netconf@ietf.org>, draft-ietf-netconf-yang-patch@ietf.org, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>, NETCONF Working Group <netconf-chairs@ietf.org>
Subject: Re: [Netconf] Kathleen Moriarty's Discuss on draft-ietf-netconf-yang-patch-12: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2016 14:04:39 -0000
Andy, I am looking at -13 version of the document and following up on all the DISCUSS on the document to make sure they have been addressed. In particular - > On Nov 3, 2016, at 9:35 PM, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> wrote: > > Hi Andy, > > Thanks for your response and sorry I didn't see it sooner. Inline > > On Tue, Nov 1, 2016 at 5:21 PM, Andy Bierman <andy@yumaworks.com <mailto:andy@yumaworks.com>> wrote: > > > On Tue, Nov 1, 2016 at 7:15 AM, Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>> wrote: > Authors, > > Can we address Kathleen's comments? > > Mahesh Jethanandani > mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> > > > On Oct 31, 2016, at 8:28 AM, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com <mailto:Kathleen.Moriarty.ietf@gmail.com>> wrote: > > > > Kathleen Moriarty has entered the following ballot position for > > draft-ietf-netconf-yang-patch-12: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html <https://www.ietf.org/iesg/statement/discuss-criteria.html> > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-netconf-yang-patch/ <https://datatracker.ietf.org/doc/draft-ietf-netconf-yang-patch/> > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > This should be easy to resolve through discussion or some text tweaks. > > In the security considerations section, I see some text that hints at my > > questions below, but isn't clear enough, so I'd like to discuss it to see > > if these things are covered, or why they are not, and to see if we can > > tweak the text a bit. > > > > The following text is helpful, is PATCH described in > > [I-D.ietf-netconf-restconf]? > > This document defines edit processing > > instructions for a variant of the PATCH method, as used within the > > RESTCONF protocol. > > > > I see section 2.7 discusses error handling and validating the YANG > > module, but is there a way that the hash (or some other mechanism) of the > > patch could be validated to ensure the patch was not altered. Is that > > already described for PATCH? > > The YANG Patch requests are not signed. > These messages are sent within the RESTCONF protocol, which MUST use TLS. > > Sec 1. says: > > It may be possible to use YANG Patch with other protocols besides > RESTCONF. This is outside the scope of this document. It may be > possible to use YANG Patch with datastore types other than a > configuration datastore. This is outside the scope of this document. > > The security requirements for protocols other than RESTCONF are not discussed. > Should I add text somewhere to make it clear the document applies only > to RESTCONF use of YANG Patch? > > Yes, that text would be good. It might be good to mention that there is no capability to sign or validate patches with RESTCONF as well so this is clear in the considerations. Is this addressed somewhere? I looked at Section 1 and Security Considerations, but could not find any explicit mention. > > > > > > I also see this text in the security considerations section: > > It is important for RESTCONF server implementations to carefully > > validate all the edit request parameters in some manner. > > > > Is the source of the patch authenticated? Can the client receiving the > > patch be authenticated? Is this handled through RESTCONF? Since YANG > > modules could add in write capabilities, unauthenticated patches could > > result in opening backdoors or revealing information that was not > > intended. You are covering it with that statement, but it's not clear if > > both ends can be authenticated and there are attacks if they are not > > authenticated. > > > > > > > It is covered by RESTCONF. Both client and server are authenticated. > > Great, can you re-word the sentence to make sure it is clear that this is done with RESTCONF, but maybe not other protocols? And this. > > > However, security considerations sec. has this text > similar to sec. 1: > > It may be possible to use YANG Patch with other protocols besides > RESTCONF, which is outside the scope of this document. > > Regarding this text: > > > Since YANG > > modules could add in write capabilities, unauthenticated patches could > > result in opening backdoors or revealing information that was not > > intended. > > I am not aware how YANG allows this vulnerability. > The patch represents instance data which is supposed to conform to > the schema nodes in the YANG modules advertised by the server. > > RESTCONF doing server and client auth covers this. Thank you. > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Nit: In section 2.2 > > > > YANG Patch does not provide any access to specific datastores. It is > > am implementation detail > > > > s/am/an/ > > fixed > > > > > > > > Andy > > > > Thank you! > > > -- > > Best regards, > Kathleen Mahesh Jethanandani mjethanandani@gmail.com
- [Netconf] Kathleen Moriarty's Discuss on draft-ie… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Mahesh Jethanandani
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Mahesh Jethanandani
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… kathleen.moriarty.ietf