IETF Logo Mail Archive

Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

Balázs Lengyel <balazs.lengyel@ericsson.com> Thu, 10 October 2019 08:37 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3618120BFF for <netconf@ietfa.amsl.com>; Thu, 10 Oct 2019 01:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8Y4LR6LJyXl for <netconf@ietfa.amsl.com>; Thu, 10 Oct 2019 01:37:41 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10088.outbound.protection.outlook.com [40.107.1.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E05EF1200CE for <netconf@ietf.org>; Thu, 10 Oct 2019 01:37:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=obtjVskrPPJUQmkcsBPdcNHYtUsVsdi7qpXP8z1t8vjaCYWNi+nTPw0lS3apiV27ksSdD/vbc6azDjgkki9bZ6W9hCDfPt2xRiGL3lq3Y2LwfBh4/Lsqd8VMrU45DqzLjguzjuSkqj3vVnT8IfnPAxvsbwB09RsC1oDd/qEUWw219HKXfgTW+tFUmT5ktv288mtzCMIFrUzn9AEauJCUkONlIf2EjyvSWoqPw/a2k/RinSQiujgAIwgK3IJ8is31N5Qe/kdkKWnYUmjsuntkJ3lLPvuBXODdZFW0T63x7jx9QycTBZb3xV05ZdcpIvI6uFvO+psd7D20Y04D1QnlzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=puk3m8iRN5vJgdpZv+TvOjOEzkpiLEPXR6Ip7UzgciA=; b=KXLODAVBXYSZt9seaLSSCerDMckq5PdHulvR3Ck47iBMmQs/d3CCkTM5qAKwGTsTFToWKyjJLVwae/l6uK4oP8qCzgeicwessdyTmjsGGbXSHUjAvXjKRAavvL1qpXGswigtaP60Gl+HlP9pLBXJ7+Vqio6tJSAnzGcZ+9AfAr48mDi+urOjoLAjqVw/Jp3KNaML6oMTwsg+RqA+RG1jVmx0HZFCkuxMTGyKyp/bEPNczopN23MWmLNq0JtTFw59wplBZXYNDimi0INodTPqoTJjU63qkGcyUUI7TD207ZLMhDTigOrXJAlmXEti1qNv4vxiNiTg+gh2k/w2+zlvpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=puk3m8iRN5vJgdpZv+TvOjOEzkpiLEPXR6Ip7UzgciA=; b=R17nq5VWyhyrzX+e/iP/ZRkeizAu/LUK0BoI1NOhfBCOWvyfaM8+CgtuSp9Jv13Mj54ZcT5Vhh+YfaZw7wfTkmgB5mnvC/VMCwooFQ3q5jLltJnfQMb5qTH3UiBneBNQW+UuJTQkvPiOFyV3YQzFBNaXnHSGhPD02m63JkTiOKk=
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2126.eurprd07.prod.outlook.com (10.169.136.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.15; Thu, 10 Oct 2019 08:37:38 +0000
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc%12]) with mapi id 15.20.2347.016; Thu, 10 Oct 2019 08:37:36 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "Eric Voit (evoit)" <evoit@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Alexander Clemm <ludwig@clemm.org>, Benoit Claise <bclaise@cisco.com>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAA5KYCAA/LsEIAFZuYAgARZyDCACYfTgIABFhoA
Date: Thu, 10 Oct 2019 08:37:35 +0000
Message-ID: <VI1PR0701MB228663740326DD0F34863856F0940@VI1PR0701MB2286.eurprd07.prod.outlook.com>
References: <D3B39347-DFB7-4BEE-8B22-0EE07AEB1F5A@gmail.com> <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <BN7PR11MB262749DCC86F32F725D1C67AA1840@BN7PR11MB2627.namprd11.prod.outlook.com> <VI1PR0701MB22864F116F517E960EC32A0AF0810@VI1PR0701MB2286.eurprd07.prod.outlook.com> <0100016d83c486c9-83aece79-684a-4999-b382-dd9c09f24c62-000000@email.amazonses.com> <VI1PR0701MB2286C0363CD0AA085F2B9CC1F09F0@VI1PR0701MB2286.eurprd07.prod.outlook.com> <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@email.amazonses.com>
In-Reply-To: <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 90ac9691-b20b-4836-30a4-08d74d5d1a7b
x-ms-traffictypediagnostic: VI1PR0701MB2126:
x-microsoft-antispam-prvs: <VI1PR0701MB212600DF392BC11D0E51E9D9F0940@VI1PR0701MB2126.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2803;
x-forefront-prvs: 018632C080
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(189003)(199004)(99936001)(66574012)(478600001)(11346002)(76116006)(8676002)(7110500001)(486006)(66446008)(6116002)(229853002)(64756008)(66556008)(66476007)(66616009)(8936002)(66946007)(790700001)(476003)(76176011)(6436002)(3846002)(15650500001)(81156014)(2420400007)(81166006)(33656002)(446003)(71200400001)(71190400001)(4326008)(2906002)(6246003)(316002)(26005)(186003)(55016002)(14454004)(66066001)(99286004)(9686003)(52536014)(6306002)(54896002)(102836004)(85182001)(25786009)(85202003)(74316002)(256004)(6506007)(14444005)(53546011)(7696005)(5660300002)(86362001)(9326002)(54906003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2126; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Mzopx0B/0WKKBWURmCv2VXsFs/M4kpnFSPuglxQl/e2flY+uqLmfj4yaSS6pKs2WknhuZsDf7/evP+Cdvg7i05zgD31U1co2AQLq9B7aEgxGzILsYNp/ggu+E1kbRHJ+YorP4XfRHeX+g7OEiD0sGrix+z6Tsx8m2/roGvjcxQ0ZgQljer3cw61Ni5cun+c8mQB0Cw5D/F8i5WA29p68AoZepy/QuqsCemcyeZDQR0C90HETl4GqUEyMJ2V6QTy21gu/i68L7NArCoOjC8WZg8n6d+RZvFynGARE0mO5phfBWQakWded47qqtiith4SeJC+mkJ2zZDkmKaTE+5KZk5+Hr1KuR01Tx9F0nAZYTZA3QhzsGGL471K+G1JJsquy6ya+qL3ElzQDAjmX66W2xM0tCyfgi2DInxu0pzi6rys=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_02D2_01D57F56.BA41B100"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 90ac9691-b20b-4836-30a4-08d74d5d1a7b
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 08:37:35.9196 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sP8tfJRQgceqSCQFE47W7dSW/7mBucLnt7eFMZQVE9KepeJLjxmU6SbHQTH0WGdRJB5vuam9ERiHML+yMjserTw5qm3iFqi1Oh6/AjY6sXQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2126
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/FYdpJyeCYnqzy65i4hn30njHcn8>
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 08:37:49 -0000

Hello,

I added  your comments to the upcoming next version of the draft.

Regards Balazs

 

From: Kent Watsen <kent+ietf@watsen.net> 
Sent: 2019. október 9., szerda 18:01
To: Balázs Lengyel <balazs.lengyel@ericsson.com>
Cc: Eric Voit (evoit) <evoit@cisco.com>; Mahesh Jethanandani <mjethanandani@gmail.com>; Alexander Clemm <ludwig@clemm.org>; Benoit Claise <bclaise@cisco.com>; netconf@ietf.org
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

H Balazs,

 





BALAZS2: This drafts does not want to define a file format. It intends to use the “generic” file format defined in draft-ietf-netmod-yang-instance-file-format. IMHO the whole aim of draft-ietf-netmod-yang-instance-file-format is to avoid individual drafts defining file formats.

 

Okay. I see it in Section 3 now.

 





On the below:






I suspect that you will need to do a security analysis per YANG object.   This has been done the other YANG push family.

BALAZS: The full module is readOnly and not sensitive or private in any manner.  The security text for the readOnly parts of YangPush is the exact same text: not very informative, but gives you the illusion of security awareness.

 

I suspect that manipulating the reporting intervals could have some security implications.   E.g., a hacker could push up the damping period or periodic interval to a level where the information they are changing then becomes invisible to a monitoring system.

BALAZS: The full YAM is read-only so manipulating the data is not a concern.

 

 

The draft should say something like:

 

1. All protocol-accessible are read-only and cannot be modified.  The nature of the read-only data is not deemed to be sensitive in a way necessitating access-control restrictions (e.g., NACM) beyond the client being authenticated.

BALAZS2: OK,  Updated with first part, but Rob has asked for an extra sentence about the dangers of revealing read-only data, I added that too.

“All protocol-accessible data are read-only and cannot be modified. 

        The data in this module is not security sensitive.

        Access control may be configured, to avoid exposing 

        the read-only data.”

 

Okay.  s/protocol-accessible data/protocol-accessible data nodes/






2. When a file format, the protection afforded by a mutually authenticated transport protocol.  Protection of the data must be performed manually, so as to ensure that the data is neither seen nor modified in transit.

Reword as needed.

BALAZS2: Agreed. This is part of normal file handling, transport. So I reworded this to:

“When that data is in file format, data should be protected against 

        modification or unauthorized access using normal file handling and 

        secure and mutually authenticated file transport mechanisms.”

 

Okay.  The end can be shortened, i.e., just "file handling mechanisms".

 

 

Kent // contributor

v2.23.0 | Report a Bug | By Email