Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
Benoit Claise <benoit.claise@huawei.com> Sun, 10 October 2021 20:26 UTC
Return-Path: <benoit.claise@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F8F13A0D6C; Sun, 10 Oct 2021 13:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id beAPbjTYk2X0; Sun, 10 Oct 2021 13:26:01 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D309B3A0EBF; Sun, 10 Oct 2021 13:25:45 -0700 (PDT)
Received: from fraeml736-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HSCyH1dZ8z67PcT; Mon, 11 Oct 2021 04:21:59 +0800 (CST)
Received: from [10.47.65.4] (10.47.65.4) by fraeml736-chm.china.huawei.com (10.206.15.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Sun, 10 Oct 2021 22:25:39 +0200
To: Balázs Lengyel <balazs.lengyel@ericsson.com>, Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-netconf-notification-capabilities@ietf.org" <draft-ietf-netconf-notification-capabilities@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
References: <163353160729.6935.6720178743008561525@ietfa.amsl.com> <AM8PR07MB82304034FEC17E5A77BA0296F0B09@AM8PR07MB8230.eurprd07.prod.outlook.com>
From: Benoit Claise <benoit.claise@huawei.com>
Message-ID: <fec3eb0e-a035-a283-89af-cbfcfc606642@huawei.com>
Date: Sun, 10 Oct 2021 22:25:06 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <AM8PR07MB82304034FEC17E5A77BA0296F0B09@AM8PR07MB8230.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-Originating-IP: [10.47.65.4]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To fraeml736-chm.china.huawei.com (10.206.15.217)
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/WADFO97JvUjBnHHJbWwYPkQAqYI>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Oct 2021 20:26:09 -0000
Hi Roman, The proposed changes discussed below have been applied to the draft-ietf-netconf-notification-capabilities-20. Please let us know what you think. Regards, Benoit On 10/6/2021 7:26 PM, Balázs Lengyel wrote: > Hello Danyliw, > Thank you for the review. We will use your comments to improve the draft, but I am not sure we understood some of your comments. See detailed answers below marked as BALAZS. > Regards Balazs > > -----Original Message----- > From: Roman Danyliw via Datatracker <noreply@ietf.org> > Sent: 2021. október 6., szerda 16:47 > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-netconf-notification-capabilities@ietf.org; netconf-chairs@ietf.org; netconf@ietf.org; Kent Watsen <kent+ietf@watsen.net>; kent+ietf@watsen.net > Subject: Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-netconf-notification-capabilities-18: Discuss > > When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capabilities/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The text contains contradictions on how to handle implementation-time use case that might use the YANG file format. > > (a) Section 2. “The file MUST be available already at implementation time, retrievable in a way that does not depend on a live network node. E.g., download from product website.” > > (b) Section 2. “The YANG modules specified in this document define a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. … The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users” > > (c) Section 2. “When that data is in file format, data should be protected against modification or unauthorized access using normal file handling mechanisms.” > > (a) – (c) cannot all be satisfied at the same time. (b) seems to only apply to the run-time use cases. (a) and (b) seem to apply to the implementation time use cases. Please make this clearer. > > Per (c), it might be clearer to keep this text, but also noting that using the YANG file format inherits all of the security considerations of draft-ietf-netmod-yang-instance-file-format which has additional considerations about read protections; and distinguishes between data at rest and in motion. > > BALAZS: > About (a) – (c): Why can't (a) and (c) be satisfied at the same time ? (a) states that the information should be available in a file. (c) states that the file must be protected. What is the problem? Please explain. > > About (b) OK. We will extend section 6 first sentence: > The YANG modules specified in this document define a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040] > + or as YANG instance data. > > The modify section 6 last paragraph to: > When that data is in file format, data should be protected against > modification or unauthorized access using normal file handling > + mechanisms. > + The data in file format also inherits all the security > + considerations of [draft-ietf-netmod-yang-instance-file-format] which > + has additional considerations about read protections; and distinguishes > + between data at rest and in motion. > > (a) and (b) are included in a paragraphs that start with > "For the implementation-time use case" > "For the run-time use case" > Please suggest some text, if needed. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Barry Lieba for the SECDIR review. > > ** Section 6. I’m surprised by the statement that “The data in these modules is not security sensitive” given that the specific YANG module that might be annotated is unknown. Would it be possible for an attacker to glean any topology information by reviewing the notification properties of module? Could they poll this interface to inform real-time targeting since Section 1 notes that “capabilities might change during run-time”? > BALAZS: Topology information is not exposed by ietf-system-capabilities or ietf-notification-capabilities. Information could be gleaned about supported modules (and the schema tree) but not about the instance data stored according those modules. So, you may learn that there is a module listing interfaces, but you will not be able to learn what specific interfaces are present. The same information about supported modules available is already available from the mandatory module ietf-yang-library.yang. >
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Andy Bierman
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Balázs Lengyel
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Roman Danyliw
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise