IETF Logo Mail Archive

Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt

Ladislav Lhotka <lhotka@cesnet.cz> Wed, 06 October 2010 18:37 UTC

Return-Path: <lhotka@cesnet.cz>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 86BE83A718C for <netconf@core3.amsl.com>; Wed, 6 Oct 2010 11:37:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.159
X-Spam-Level:
X-Spam-Status: No, score=-1.159 tagged_above=-999 required=5 tests=[AWL=0.091, BAYES_00=-2.599, HELO_EQ_CZ=0.445, HOST_EQ_CZ=0.904]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RFG+GCVF2Vd5 for <netconf@core3.amsl.com>; Wed, 6 Oct 2010 11:37:33 -0700 (PDT)
Received: from office2.cesnet.cz (office2.cesnet.cz [195.113.144.244]) by core3.amsl.com (Postfix) with ESMTP id A53243A717B for <netconf@ietf.org>; Wed, 6 Oct 2010 11:37:24 -0700 (PDT)
Received: from [IPv6:2001:718:1a02:7:215:60ff:fead:16dc] (missotis.lhotka.cesnet.cz [IPv6:2001:718:1a02:7:215:60ff:fead:16dc]) by office2.cesnet.cz (Postfix) with ESMTPSA id 5B9582CDE059; Wed, 6 Oct 2010 20:37:52 +0200 (CEST)
From: Ladislav Lhotka <lhotka@cesnet.cz>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
In-Reply-To: <20101006103533.GB52604@elstar.local>
References: <CB69B162C87647AE97AB749466633F54@BertLaptop> <4C9B3E60.5030000@bwijnen.net> <80A0822C5E9A4440A5117C2F4CD36A640106532D@DEMUEXC006.nsn-intra.net> <20101003172455.GA16616@elstar.local> <80A0822C5E9A4440A5117C2F4CD36A640106533B@DEMUEXC006.nsn-intra.net> <20101003205540.GA16936@elstar.local> <87y6abodxw.fsf@cesnet.cz> <20101006103533.GB52604@elstar.local>
Content-Type: text/plain; charset="UTF-8"
Organization: CESNET
Date: Wed, 06 Oct 2010 20:37:51 +0200
Message-ID: <1286390271.13680.12.camel@missotis>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Cc: Netconf <netconf@ietf.org>
Subject: Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 18:37:35 -0000

On St, 2010-10-06 at 12:35 +0200, Juergen Schoenwaelder wrote:
> On Wed, Oct 06, 2010 at 11:42:03AM +0200, Ladislav Lhotka wrote:
> > On Sun, 3 Oct 2010 22:55:40 +0200, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> > > On Sun, Oct 03, 2010 at 09:42:25PM +0200, Ersue, Mehmet (NSN - DE/Munich) wrote:
> > > > > > Section 9. Security Considerations
> > > > > >
> > > > > > I would suggest to add a few sentences for the EOM handling
> > > > > > and the possible thread concerning section 3. It would be
> > > > > > interesting to recommend a possible reaction if this happens
> > > > > > frequently, e.g. to drop the NETCONF session.
> > > > > 
> > > > > 4741bis does not have an EOM marker - so how can we discuss it in
> > > > > the security considerations?
> > > > 
> > > > EOM handling is for sure not part of NETCONF but the possible 
> > > > thread concerning EOM handling is. I think security considerations 
> > > > section should discuss the related security thread, as we did on 
> > > > NETCONF ML with a long mail thread.
> > > 
> > > There is no EOM issue if you run NETCONF over BEEP. We should stick to
> > > modularity and discuss things where they belong. Perhaps you want
> > > different text than the one I currently image you want...
> > 
> > SSH is the *mandatory* transport, so any appearance of ']]>]]>' in the
> > Messages, Operation or Content layer necessarily has an impact on
> > operation and is a potential security hole. So I agree with Mehmet that
> > 4741bis should not dismiss this issue completely. The protocol
> > modularity has been damaged by the unfortunate EOM choice.
> > 
> > Apart from Security Considerations, text in Sec. 3 should be changed as
> > follows:
> > 
> > OLD
> > 
> >   All NETCONF messages MUST be well-formed XML, encoded in UTF-8.
> > 
> > NEW
> > 
> >   All NETCONF messages MUST be well-formed XML, encoded in UTF-8, and
> >   MUST NOT contain the character sequence ']]>]]>'.
> 
> Still I believe it is the transport that has to deal with this. If a
> message contains ']]>]]>', a transport that can not handle this should
> either not accept to transport that message or have a mechanism to
> deal with it by quoting it or whatever. Pushing this issue up to the
> content layer just on the ground that the mandatory SSH transport is
> not totally robust seems odd from an architectural point of view.

OK, but according to section 2.4 the mandatory transport protocol is RFC
4742, which does not handle the EOM issue properly. So sec. 2.4 in fact
says that every compliant implementation MUST have that security hole.

Lada

> 
> /js
> 

-- 
Ladislav Lhotka, CESNET
PGP Key ID: E74E8C0C

v2.23.0 | Report a Bug | By Email