Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)

"Reshad Rahman (rrahman)" <rrahman@cisco.com> Thu, 16 May 2019 17:48 UTC

Return-Path: <rrahman@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E371120143; Thu, 16 May 2019 10:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=a51MBfx0; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=SDZ9q2O/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBX34GKPFO9g; Thu, 16 May 2019 10:48:35 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F3B6120025; Thu, 16 May 2019 10:47:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4816; q=dns/txt; s=iport; t=1558028876; x=1559238476; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=axzevODMdFUDSi0/0vd4hCO3Gl35UVGTZK37R8iobNI=; b=a51MBfx0Nqv5bQODiUt1T4OcKuDAYFiXS+OoQfYfgn5uAf1t/9Iel5eB RrwI1SOUep7ZtDWlIaikOoBNEnnhCK6Q+lCIK5KDGDLojdl+iSGJqZEjU AS8ek80jaPMxP/UhO4vsU/3AI0mMIJxsoHxUPmZfwQFBihor0ZkyYn2Gl g=;
IronPort-PHdr: =?us-ascii?q?9a23=3AbF3wIRSBC9cATegTdkpnoqAnq9psv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOjYgFcRHXVlN9HCgOk8TE8H7NBXf?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B+AAAdot1c/4sNJK1kHgEGBwaBUQk?= =?us-ascii?q?LAYE9KScDaVUgBAsohBGDRwOOdZl9gS4UgRADVAkBAQEMAQEjCgIBAYRAAhe?= =?us-ascii?q?CFyM0CQ4BAwEBBAEBAgEEbRwMhUsCAQMSEREMAQE3AQ8CAQYCDgwCCR0CAgI?= =?us-ascii?q?wFRACBAENBSKCNUsBgWoDHQEOkBWQYAKBNYhfcYEvgnkBAQWBRkGCfxiCDwM?= =?us-ascii?q?GgQsoAYl8gVMXgUA/gREnH4JMPoJhAgECAYEqARIBHxchAoJQMoImiy2CQJo?= =?us-ascii?q?bCQKCCYYphD2ENINTG4IbhlKDd4kljEWGZY5GAgQCBAUCDgEBBYFPOCk9WBE?= =?us-ascii?q?IcBVlAYJBgg83gziFFIU/cgGBKIxVDxcDgikBAQ?=
X-IronPort-AV: E=Sophos;i="5.60,477,1549929600"; d="scan'208";a="274030097"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 May 2019 17:47:36 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x4GHlZbt010939 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 16 May 2019 17:47:36 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 16 May 2019 12:47:35 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 16 May 2019 13:47:34 -0400
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 16 May 2019 12:47:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=axzevODMdFUDSi0/0vd4hCO3Gl35UVGTZK37R8iobNI=; b=SDZ9q2O/BtZzVa6+xZFoFa22Tcinm9kyA87zf2f6PvMT5CzHT9rkkHR5WGLfF2VTNBRsw0LC9W0C7bhACrfkscmr32a80QH+cp0qCHDt0Oa5AoHcRS4qgCJmIF9bx0dWptTsj9UjZCVNfJvOiwU25UiMYRfIbx94pEvlD909CMc=
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com (10.174.104.151) by DM5PR1101MB2202.namprd11.prod.outlook.com (10.174.104.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Thu, 16 May 2019 17:47:33 +0000
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::6ce2:350d:6bed:7dde]) by DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::6ce2:350d:6bed:7dde%2]) with mapi id 15.20.1900.010; Thu, 16 May 2019 17:47:33 +0000
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-netconf-restconf-notif@ietf.org" <draft-ietf-netconf-restconf-notif@ietf.org>, Kent Watsen <kent+ietf@watsen.net>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
Thread-Index: AQHVC1XMPpSgw/G1oUetILMzNrmjL6ZtxSWA
Date: Thu, 16 May 2019 17:47:32 +0000
Message-ID: <21BFDD8B-ACFC-42D4-A95C-49CD92ED7420@cisco.com>
References: <155794911377.30630.11830718567923683706.idtracker@ietfa.amsl.com>
In-Reply-To: <155794911377.30630.11830718567923683706.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rrahman@cisco.com;
x-originating-ip: [2001:420:2840:1250:2421:2f0a:1dbc:638e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 89cd5804-d359-49df-413c-08d6da26930d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM5PR1101MB2202;
x-ms-traffictypediagnostic: DM5PR1101MB2202:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR1101MB220284D96153A0B31E3A96A2AB0A0@DM5PR1101MB2202.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0039C6E5C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(376002)(346002)(366004)(396003)(189003)(199004)(256004)(6512007)(6306002)(6246003)(446003)(2906002)(8936002)(478600001)(5660300002)(25786009)(33656002)(966005)(81156014)(14444005)(76176011)(6436002)(99286004)(6486002)(305945005)(7736002)(8676002)(102836004)(4326008)(14454004)(229853002)(6506007)(81166006)(11346002)(476003)(2616005)(486006)(83716004)(316002)(71200400001)(53936002)(64756008)(46003)(68736007)(66556008)(54906003)(86362001)(58126008)(82746002)(6116002)(36756003)(66476007)(91956017)(186003)(66946007)(73956011)(71190400001)(76116006)(66446008)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1101MB2202; H:DM5PR1101MB2105.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: W3VVZzfrCsxJczgO7bbF7KvkSli37aarBHf82gIPpsjzRK38fXKrvxfFy7YGf5Nk2tFX+vqC45J/QAxZN62n1ftBZ27g0xyTncfDop3jtsoTiLwl+qXkh0pzy1P+sRQJQRRBrGa8XhmyAqbDTNPmWqiZY2fZjDf64xse4Kds+oWY3Os8KZIfMY8QIxUj5sU4QZ05ZZ7EgvnVhcjiTJiPAAp6kUElvDBhb87Ex7RNc1nRG2dxNtH9z40F/nlOe89V6iSEgWUCsoHZWS+lwV8wXjgQCYzudnEtOurXDBI0RrVRZnEJzGlmgIryZ/k3vvB/8Am5vm1UazEnsjp/+oEqMZSv7BH+O0mIczR++TGt9zk2+AXUmj/w1UWhR8rDK3cOsSkmkbqNwLTM6QO9zJ19xV8a5QfjAEMXOIe+Efak4W4=
Content-Type: text/plain; charset="utf-8"
Content-ID: <3252B49B6F54F648BEC230C742C02E79@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 89cd5804-d359-49df-413c-08d6da26930d
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2019 17:47:32.8634 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2202
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/I6tR8XHm0cYozUNK9s1CHQEpcWg>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 17:48:40 -0000

Hi,

Thank you for the review, please see inline.

On 2019-05-15, 3:38 PM, "Roman Danyliw via Datatracker" <noreply@ietf.org>; wrote:

    Roman Danyliw has entered the following ballot position for
    draft-ietf-netconf-restconf-notif-13: Discuss
    
    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)
    
    
    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.
    
    
    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-notif/
    
    
    
    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------
    
    Per Section 9, [draft-ietf-netconf-netconf-event-notifications] and
    [draft-ietf-netconf-subscribed-notifications] mention concerns about a
    “malicious or buggy subscriber sends a number of establish-subscription
    requests” in their Security Considerations.  Is that not a concern here too?
<RR> Good catch. I can add similar text to the Security Considerations of this draft, would the following text be satisfactory?
    If a buggy or
    compromised RESTCONF subscriber sends a number of "establish-
    subscription" requests, then these subscriptions accumulate and may
    use up system resources.  In such a situation, the
    publisher MAY also suspend or terminate a subset of the active
    subscriptions from that RESTCONF subscriber in order to reclaim resources
    and preserve normal operation for the other subscriptions.    
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    (1) Section 3.1.  “A subscriber can then attempt to re-establish the dynamic
    subscription by using the procedure described in Section 3.”  This seems like a
    circular reference.  This guidance (to go read Section 3) is being given in
    Section 3.1 (which is inside Section 3).
<RR> Ack, will change reference to 3.4.
    
    (2) Section 3.3.  Missing word.
    s/requests with publisher/requests with the publisher/
<RR> Ok.
    
    (3) Section 3.4.  “This initiates the publisher to initiate the flow …”.  I
    stumbled over the double use of “initiate”.  Do you mean “This signals to the
    publisher to initiate the flow …”?
<RR> Yes, will make the change.    
    (4) Section 3.4 suggests that NACM/related methods should be used to authorize
    “modify-subscription, resync-subscription and delete-subscription” RPCs. 
    Section 9, Security Considerations, says “Therefore, even if an attacker
    succeeds in guessing the subscription URI, a RESTCONF username [RFC8040] with
    the required administrative permissions must be used to be able to access or  
    modify that subscription.”  Is there a reason not to say the obvious thing in
    the Security Considerations that these particular RPCs should be protected
    (with NACM/related methods like was stated in Section 3.4).
<RR> We got similar comments from another reviewer. We will be adding text to the Security Considerations.

Regards,
Reshad.