Re: [netconf] Benjamin Kaduk's No Objection on draft-ietf-netconf-notification-capabilities-18: (with COMMENT)
Benoit Claise <benoit.claise@huawei.com> Wed, 13 October 2021 12:19 UTC
Return-Path: <benoit.claise@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A15E03A0964; Wed, 13 Oct 2021 05:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lygO1iLe6OEB; Wed, 13 Oct 2021 05:19:16 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63F043A095A; Wed, 13 Oct 2021 05:19:16 -0700 (PDT)
Received: from fraeml736-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HTs1P3qXKz67bZh; Wed, 13 Oct 2021 20:15:21 +0800 (CST)
Received: from [10.47.73.222] (10.47.73.222) by fraeml736-chm.china.huawei.com (10.206.15.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Wed, 13 Oct 2021 14:19:09 +0200
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, draft-ietf-netconf-notification-capabilities@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, Kent Watsen <kent+ietf@watsen.net>
References: <163358716560.8876.10980384443834818241@ietfa.amsl.com> <30e25627-ff5f-bf43-e939-6980c2aa5f28@huawei.com> <20211012213923.GC4103@kduck.mit.edu>
From: Benoit Claise <benoit.claise@huawei.com>
Message-ID: <14f4705e-383c-d9af-da8c-4886684697a1@huawei.com>
Date: Wed, 13 Oct 2021 14:18:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <20211012213923.GC4103@kduck.mit.edu>
Content-Type: multipart/alternative; boundary="------------A4186B11DD1AE5C34A42C7CB"
Content-Language: en-GB
X-Originating-IP: [10.47.73.222]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To fraeml736-chm.china.huawei.com (10.206.15.217)
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/BGXsUDhxjNKgzAGQwQxsFAvOjwM>
Subject: Re: [netconf] Benjamin Kaduk's No Objection on draft-ietf-netconf-notification-capabilities-18: (with COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Oct 2021 12:19:25 -0000
Hi Ben, See in-line. On 10/12/2021 11:39 PM, Benjamin Kaduk wrote: >>> Section 6 >>> >>> I agree with Roman that it would be nice to be able to say something >>> about the potential scope of security considerations for future >>> augmentations, if nothing else to aid authors of such future >>> augmentations in documenting their own security considerations. >> We now have in the security considerations section. >> >> All protocol-accessible data nodes in augmented modules are >> read-only >> and cannot be modified > Thanks, that's worth stating clearly. > I was also imagining something like "This document outlines a framework for > conveying system capability information that is inherently flexible and > extensible. While the full set of use cases is not known now, they may range > as wide as conveying the minimum update period for periodic subscription > updates and what protocols might be used for such notifications. Knowledge > of this type of value might, for example, allow an attacker to gain insight > into how long unauthorized configuration changes might be active prior to > detection, and what communications channels might be disrupted to extend > the period of non-detection. Documents adding additional capabilities via > augmenting this module are encouraged to document the security > considerations of the new YANG nodes, according to the guidance in BCP > 216." > That's a nice addition, now added in my temp version. Thanks and regards, Benoit
- [netconf] Benjamin Kaduk's No Objection on draft-… Benjamin Kaduk via Datatracker
- Re: [netconf] Benjamin Kaduk's No Objection on dr… Benoit Claise
- Re: [netconf] Benjamin Kaduk's No Objection on dr… Benjamin Kaduk
- Re: [netconf] Benjamin Kaduk's No Objection on dr… Benoit Claise