IETF Logo Mail Archive

Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt

Andy Bierman <biermana@Brocade.com> Wed, 06 October 2010 23:14 UTC

Return-Path: <biermana@Brocade.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 61FFB3A7072 for <netconf@core3.amsl.com>; Wed, 6 Oct 2010 16:14:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.612
X-Spam-Level:
X-Spam-Status: No, score=-1.612 tagged_above=-999 required=5 tests=[AWL=-0.224, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_SORBS_DUL=0.877]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id htnkszPhrSMY for <netconf@core3.amsl.com>; Wed, 6 Oct 2010 16:14:15 -0700 (PDT)
Received: from mx0b-000f0801.pphosted.com (mx0b-000f0801.pphosted.com [67.231.152.113]) by core3.amsl.com (Postfix) with ESMTP id B5F663A707D for <netconf@ietf.org>; Wed, 6 Oct 2010 16:14:15 -0700 (PDT)
Received: from pps.filterd (m0000700 [127.0.0.1]) by mx0b-000f0801.pphosted.com (8.14.3/8.14.3) with SMTP id o96NFAFO032016; Wed, 6 Oct 2010 16:15:14 -0700
Received: from hq1-exedge.brocade.com (hq1-exedge.brocade.com [144.49.141.11]) by mx0b-000f0801.pphosted.com with ESMTP id rs04fg38f-6 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 06 Oct 2010 16:15:13 -0700
Received: from HQ1WP-EXHUB01.corp.brocade.com (10.70.36.14) by HQ1WP-EXEDGE02.corp.brocade.com (144.49.141.11) with Microsoft SMTP Server (TLS) id 8.2.254.0; Wed, 6 Oct 2010 16:17:17 -0700
Received: from HQ1-EXCH01.corp.brocade.com ([fe80::ed42:173e:fe7d:d0a6]) by HQ1WP-EXHUB01.corp.brocade.com ([::1]) with mapi; Wed, 6 Oct 2010 16:12:45 -0700
From: Andy Bierman <biermana@Brocade.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Ladislav Lhotka <lhotka@cesnet.cz>
Date: Wed, 06 Oct 2010 16:12:44 -0700
Thread-Topic: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt
Thread-Index: ActlqEeXwkDSRufBQT29v4XnWmLzHQAA6PTg
Message-ID: <B11AB91666F22D498EEC66410EB3D3C4F412BEC51B@HQ1-EXCH01.corp.brocade.com>
References: <CB69B162C87647AE97AB749466633F54@BertLaptop> <4C9B3E60.5030000@bwijnen.net> <80A0822C5E9A4440A5117C2F4CD36A640106532D@DEMUEXC006.nsn-intra.net> <20101003172455.GA16616@elstar.local> <80A0822C5E9A4440A5117C2F4CD36A640106533B@DEMUEXC006.nsn-intra.net> <20101003205540.GA16936@elstar.local> <87y6abodxw.fsf@cesnet.cz> <20101006103533.GB52604@elstar.local> <1286390271.13680.12.camel@missotis> <20101006224535.GA55303@elstar.local>
In-Reply-To: <20101006224535.GA55303@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15, 1.0.148, 0.0.0000 definitions=2010-10-06_12:2010-10-06, 2010-10-06, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=5 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1004200000 definitions=main-1010060161
Cc: Netconf <netconf@ietf.org>
Subject: Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 23:14:17 -0000

I agree with this solution proposal from Juergen.


Andy


-----Original Message-----
From: netconf-bounces@ietf.org [mailto:netconf-bounces@ietf.org] On Behalf Of Juergen Schoenwaelder
Sent: Wednesday, October 06, 2010 3:46 PM
To: Ladislav Lhotka
Cc: Netconf
Subject: Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt

On Wed, Oct 06, 2010 at 08:37:51PM +0200, Ladislav Lhotka wrote:
> On St, 2010-10-06 at 12:35 +0200, Juergen Schoenwaelder wrote:
> > On Wed, Oct 06, 2010 at 11:42:03AM +0200, Ladislav Lhotka wrote:
> > > On Sun, 3 Oct 2010 22:55:40 +0200, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> > > > On Sun, Oct 03, 2010 at 09:42:25PM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote:
> > > > > > > Section 9. Security Considerations
> > > > > > >
> > > > > > > I would suggest to add a few sentences for the EOM handling
> > > > > > > and the possible thread concerning section 3. It would be
> > > > > > > interesting to recommend a possible reaction if this happens
> > > > > > > frequently, e.g. to drop the NETCONF session.
> > > > > > 
> > > > > > 4741bis does not have an EOM marker - so how can we discuss it in
> > > > > > the security considerations?
> > > > > 
> > > > > EOM handling is for sure not part of NETCONF but the possible 
> > > > > thread concerning EOM handling is. I think security considerations 
> > > > > section should discuss the related security thread, as we did on 
> > > > > NETCONF ML with a long mail thread.
> > > > 
> > > > There is no EOM issue if you run NETCONF over BEEP. We should stick to
> > > > modularity and discuss things where they belong. Perhaps you want
> > > > different text than the one I currently image you want...
> > > 
> > > SSH is the *mandatory* transport, so any appearance of ']]>]]>' in the
> > > Messages, Operation or Content layer necessarily has an impact on
> > > operation and is a potential security hole. So I agree with Mehmet that
> > > 4741bis should not dismiss this issue completely. The protocol
> > > modularity has been damaged by the unfortunate EOM choice.
> > > 
> > > Apart from Security Considerations, text in Sec. 3 should be changed as
> > > follows:
> > > 
> > > OLD
> > > 
> > >   All NETCONF messages MUST be well-formed XML, encoded in UTF-8.
> > > 
> > > NEW
> > > 
> > >   All NETCONF messages MUST be well-formed XML, encoded in UTF-8, and
> > >   MUST NOT contain the character sequence ']]>]]>'.
> > 
> > Still I believe it is the transport that has to deal with this. If a
> > message contains ']]>]]>', a transport that can not handle this should
> > either not accept to transport that message or have a mechanism to
> > deal with it by quoting it or whatever. Pushing this issue up to the
> > content layer just on the ground that the mandatory SSH transport is
> > not totally robust seems odd from an architectural point of view.
> 
> OK, but according to section 2.4 the mandatory transport protocol is RFC
> 4742, which does not handle the EOM issue properly. So sec. 2.4 in fact
> says that every compliant implementation MUST have that security hole.
> 

I am willing to accept an addition to the security considerations that
says that readers should consult the security considerations of the
NETCONF transports in addition to the 4741bis security considerations
section since the 4741bis security considerations only covers the base
message layer and the base operations of NETCONF. A first quick
attempt:

	This section provides security considerations for the base
	NETCONF message layer and the base operations of the NETCONF
	protocol. Security considerations for the NETCONF transports
	are provided in the transport documents and security
	considerations for the content manipulated by NETCONF can be
	found in the document defining data models.

We could add this right at the beginning of section 9 and then it
should be clear even to the causal reader that just reading section 9
of 4741bis is not sufficient to understand all security aspects of
NETCONF.

Note that this approach allows to add/fix security problems in all our
transports without causing any text in 4741bis to become obsolete or
incomplete.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email