[netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 06 October 2021 14:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1213A1D1C; Wed, 6 Oct 2021 07:46:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-notification-capabilities@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, Kent Watsen <kent+ietf@watsen.net>, kent+ietf@watsen.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.38.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <163353160729.6935.6720178743008561525@ietfa.amsl.com>
Date: Wed, 06 Oct 2021 07:46:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XDoIn2Vw5kDX8rV9s_lb7Sj6RJk>
Subject: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 14:46:48 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-netconf-notification-capabilities-18: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capabilities/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The text contains contradictions on how to handle implementation-time use case that might use the YANG file format. (a) Section 2. “The file MUST be available already at implementation time, retrievable in a way that does not depend on a live network node. E.g., download from product website.” (b) Section 2. “The YANG modules specified in this document define a schema for data that is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. … The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users” (c) Section 2. “When that data is in file format, data should be protected against modification or unauthorized access using normal file handling mechanisms.” (a) – (c) cannot all be satisfied at the same time. (b) seems to only apply to the run-time use cases. (a) and (b) seem to apply to the implementation time use cases. Please make this clearer. Per (c), it might be clearer to keep this text, but also noting that using the YANG file format inherits all of the security considerations of draft-ietf-netmod-yang-instance-file-format which has additional considerations about read protections; and distinguishes between data at rest and in motion. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Barry Lieba for the SECDIR review. ** Section 6. I’m surprised by the statement that “The data in these modules is not security sensitive” given that the specific YANG module that might be annotated is unknown. Would it be possible for an attacker to glean any topology information by reviewing the notification properties of module? Could they poll this interface to inform real-time targeting since Section 1 notes that “capabilities might change during run-time”?
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Andy Bierman
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Balázs Lengyel
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Roman Danyliw
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise