Re: [Netconf] Kathleen Moriarty's Discuss on draft-ietf-netconf-yang-patch-12: (with DISCUSS and COMMENT)
Andy Bierman <andy@yumaworks.com> Fri, 11 November 2016 17:08 UTC
Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A10D51293DC for <netconf@ietfa.amsl.com>; Fri, 11 Nov 2016 09:08:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPLgqDJGZyeP for <netconf@ietfa.amsl.com>; Fri, 11 Nov 2016 09:08:15 -0800 (PST)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B163129959 for <netconf@ietf.org>; Fri, 11 Nov 2016 09:08:13 -0800 (PST)
Received: by mail-ua0-x233.google.com with SMTP id 20so18035865uak.0 for <netconf@ietf.org>; Fri, 11 Nov 2016 09:08:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=p5ArLVBhJmWJS+GR1tNRC2Vay6khJ8bJNyPmWVcSDDc=; b=jJhqnzXKCSTkWu9ajzv5a24EIdtOiKQfdoaOfobG/WJcCon2EtNeaf4GY6XgcnSB5J YksOYHlv7FEcKtxsfYzR+1th6YYTs3hfFsx4pxw5Q8ON+Rtwm1oRWQQO00DKhFCV4LAU sucONtGQjtqKQSTLzqqzH/NYBuWGXiLOJqlA/9/3zd9Ac/qFo0mVQOdrDoaCOhlBM1T7 ioWb1hNFtthy1rVrGQ/4gPHhH14//01+a9Qm87vbWM1MRDES5spT0LTyOHPryqMAPZcz A/ksSSeBgKMAkKn1sUMcOBr23PSgkjy3lJe0PJsfOS+MzFmk1Nk+g7sx1YDQ0Q8fTrOg FXAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=p5ArLVBhJmWJS+GR1tNRC2Vay6khJ8bJNyPmWVcSDDc=; b=EF/kctUlsB1CmwDJ8CrJbrJPHo9RyQjsUNa/6vrxT2/0r75wxLkJKPaDALQeSIh19k l9h0dpiCQ8tBfWDouP6sHhe5fUumg/BZqloeAIKvPiMgTHKwBWXrSWH3UVJG2F8Cc0fA GonmlxeByiJnLETzRu+Z7Qj6iVehHJeQleiLvCD45ZySvxJd+Y29A+f+t6ogZXbxJIUM ImhO/pWM3MP9K0sD8k1vZXXy2Ogd4mWs0i/N+XO7dQuHhwQwYi9ltEqvsYuZpOQNw0Ov b6B8bHQBg6uonkzE2Y7ZLPXBUPVgHj+VnMhoFqtk4gjxOshFaqikhSnPDQi6/mRDd9uL txeA==
X-Gm-Message-State: ABUngvewfGlG/vZrhebtrMd2B9+lRgZNvKSg2TxmZKWx4a6rKMvMGHB2Yr63oA5wWiOwtn54/k44hlwEMUuBJw==
X-Received: by 10.159.39.7 with SMTP id a7mr2110843uaa.95.1478884092256; Fri, 11 Nov 2016 09:08:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.64.129 with HTTP; Fri, 11 Nov 2016 09:08:11 -0800 (PST)
In-Reply-To: <37602BEB-A072-4ACC-80E9-704867789A90@gmail.com>
References: <147792772371.32484.10246456033559418730.idtracker@ietfa.amsl.com> <392E80E1-C6EC-4466-8327-A890145E6A06@gmail.com> <CABCOCHRqVoomQO-sa+HEVD5DpN5rBpwgWpG2R8+LXVBvgO6_Mg@mail.gmail.com> <CAHbuEH5c4bS5+Sh99uCYkFxRknCiQ8cnTfdegVq=bFDW9Yc5ZA@mail.gmail.com> <37602BEB-A072-4ACC-80E9-704867789A90@gmail.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Fri, 11 Nov 2016 09:08:11 -0800
Message-ID: <CABCOCHS=rYD86GHEqB=EW24_q2E8AhHovekJycLWcTSQk_o_+A@mail.gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c1244f6fbb93205410988b0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/rWvaUufl-aoygQdwAKp0KjfByWA>
Cc: Netconf <netconf@ietf.org>, draft-ietf-netconf-yang-patch@ietf.org, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>, NETCONF Working Group <netconf-chairs@ietf.org>
Subject: Re: [Netconf] Kathleen Moriarty's Discuss on draft-ietf-netconf-yang-patch-12: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2016 17:08:16 -0000
On Fri, Nov 11, 2016 at 6:04 AM, Mahesh Jethanandani < mjethanandani@gmail.com> wrote: > Andy, > > I am looking at -13 version of the document and following up on all the > DISCUSS on the document to make sure they have been addressed. In > particular - > > On Nov 3, 2016, at 9:35 PM, Kathleen Moriarty < > Kathleen.Moriarty.ietf@gmail.com> wrote: > > Hi Andy, > > Thanks for your response and sorry I didn't see it sooner. Inline > > On Tue, Nov 1, 2016 at 5:21 PM, Andy Bierman <andy@yumaworks.com> wrote: > >> >> >> On Tue, Nov 1, 2016 at 7:15 AM, Mahesh Jethanandani <mjethanandani@ >> gmail.com> wrote: >> >>> Authors, >>> >>> Can we address Kathleen's comments? >>> >>> Mahesh Jethanandani >>> mjethanandani@gmail.com >>> >>> > On Oct 31, 2016, at 8:28 AM, Kathleen Moriarty < >>> Kathleen.Moriarty.ietf@gmail.com> wrote: >>> > >>> > Kathleen Moriarty has entered the following ballot position for >>> > draft-ietf-netconf-yang-patch-12: Discuss >>> > >>> > When responding, please keep the subject line intact and reply to all >>> > email addresses included in the To and CC lines. (Feel free to cut this >>> > introductory paragraph, however.) >>> > >>> > >>> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. >>> html >>> > for more information about IESG DISCUSS and COMMENT positions. >>> > >>> > >>> > The document, along with other ballot positions, can be found here: >>> > https://datatracker.ietf.org/doc/draft-ietf-netconf-yang-patch/ >>> > >>> > >>> > >>> > ---------------------------------------------------------------------- >>> > DISCUSS: >>> > ---------------------------------------------------------------------- >>> > >>> > This should be easy to resolve through discussion or some text tweaks. >>> > In the security considerations section, I see some text that hints at >>> my >>> > questions below, but isn't clear enough, so I'd like to discuss it to >>> see >>> > if these things are covered, or why they are not, and to see if we can >>> > tweak the text a bit. >>> > >>> > The following text is helpful, is PATCH described in >>> > [I-D.ietf-netconf-restconf]? >>> > This document defines edit processing >>> > instructions for a variant of the PATCH method, as used within the >>> > RESTCONF protocol. >>> > >>> > I see section 2.7 discusses error handling and validating the YANG >>> > module, but is there a way that the hash (or some other mechanism) of >>> the >>> > patch could be validated to ensure the patch was not altered. Is that >>> > already described for PATCH? >>> >> >> The YANG Patch requests are not signed. >> These messages are sent within the RESTCONF protocol, which MUST use TLS. >> >> Sec 1. says: >> >> It may be possible to use YANG Patch with other protocols besides >> RESTCONF. This is outside the scope of this document. It may be >> possible to use YANG Patch with datastore types other than a >> >> configuration datastore. This is outside the scope of this >> document. >> >> The security requirements for protocols other than RESTCONF are not >> discussed. >> Should I add text somewhere to make it clear the document applies only >> to RESTCONF use of YANG Patch? >> > > Yes, that text would be good. It might be good to mention that there is > no capability to sign or validate patches with RESTCONF as well so this is > clear in the considerations. > > > Is this addressed somewhere? I looked at Section 1 and Security > Considerations, but could not find any explicit mention. > sec. 1, para 2: This document only specifies the use of the YANG Patch media type with the RESTCONF protocol. > > >> >> > >>> > I also see this text in the security considerations section: >>> > It is important for RESTCONF server implementations to carefully >>> > validate all the edit request parameters in some manner. >>> > >>> > Is the source of the patch authenticated? Can the client receiving the >>> > patch be authenticated? Is this handled through RESTCONF? Since YANG >>> > modules could add in write capabilities, unauthenticated patches could >>> > result in opening backdoors or revealing information that was not >>> > intended. You are covering it with that statement, but it's not clear >>> if >>> > both ends can be authenticated and there are attacks if they are not >>> > authenticated. >>> > >>> > >>> >> >> >> It is covered by RESTCONF. Both client and server are authenticated. >> > > Great, can you re-word the sentence to make sure it is clear that this is > done with RESTCONF, but maybe not other protocols? > > > And this. > sec 5, para 3 For RESTCONF, both the client and server MUST be authenticated, according to section 2 of [I-D.ietf-netconf-restconf <https://tools.ietf.org/html/draft-ietf-netconf-yang-patch-13#ref-I-D.ietf-netconf-restconf> ]. Andy > > > >> >> However, security considerations sec. has this text >> similar to sec. 1: >> >> It may be possible to use YANG Patch with other protocols besides >> >> RESTCONF, which is outside the scope of this document. >> >> Regarding this text: >> >> > Since YANG >> > modules could add in write capabilities, unauthenticated patches could >> > result in opening backdoors or revealing information that was not >> > intended. >> >> I am not aware how YANG allows this vulnerability. >> The patch represents instance data which is supposed to conform to >> the schema nodes in the YANG modules advertised by the server. >> > > RESTCONF doing server and client auth covers this. Thank you. > >> >> >> >> >>> > ---------------------------------------------------------------------- >>> > COMMENT: >>> > ---------------------------------------------------------------------- >>> > >>> > Nit: In section 2.2 >>> > >>> > YANG Patch does not provide any access to specific datastores. It is >>> > am implementation detail >>> > >>> > s/am/an/ >>> >> >> fixed >> >> >>> > >>> > >>> >> >> >> Andy >> >> > > Thank you! > > > -- > > Best regards, > Kathleen > > > Mahesh Jethanandani > mjethanandani@gmail.com > > > >
- [Netconf] Kathleen Moriarty's Discuss on draft-ie… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Mahesh Jethanandani
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Mahesh Jethanandani
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… Andy Bierman
- Re: [Netconf] Kathleen Moriarty's Discuss on draf… kathleen.moriarty.ietf