Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Thu, 14 October 2021 22:05 UTC
Return-Path: <rdd@cert.org>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC2193A0908; Thu, 14 Oct 2021 15:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jogPplYmO7LN; Thu, 14 Oct 2021 15:05:19 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0129.outbound.protection.office365.us [23.103.208.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 550293A0CE5; Thu, 14 Oct 2021 15:05:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=JgS5MjzMWSkeoNf7cT95J1rjma8qoGeLogJ964Bb3F2NbeDgBPigklWKVMjWc61YU1znxph4uD6DeNA4szRLRFsvOlQIM/knRtJ1jTdzzcj0eYl6Pv7fZ2iIZ852Tf2l5eQ07y+baZvm+5EBbf6YrzrRWjFGKi+hX8EF+BmhcXgbu4jwPmwOetRRnefaFZPqkSBsWBm4UQQR607jreskxxpeGDRXZccUmcFEj050QasXmClBJIp9IFBnmrEh+rk3tdJjiXYGAyoB1fyNCXGQ6AZTJwdoxFFZxfKmYfGHsRACzmKbY8Vb5JLZsYYIOK63GOHHHfw61zdU3jP/VgAzMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tymUikdw9Pj7YpIRheKe3cYqgiSE09UVWi1LtAKjlkI=; b=SGw/jgoslHPasfiYeTbuL08/aslBCTferV5oJpfD11lhcM1iLPCZnr97FBStbTertjercsnt0bPjmfpz5fyJsZd0Blv3TDUREM+/4rBbi90+8a3hndoQsY8jj6X3kU20LYBBCc9FyV+hmERxZ7vpP1efktxnvYP7CpAB58eMtDI+pTmsjgyrNfdlK8f9dZYcvYv8pmjkRe12EDVYRk7kMDU4v8NuAgYA/I+Eie7lDaWwY79dKfQlrMKJBZ1sGtuPDctpD+lgGPaZJOfzZ9F+PA1LyAjTao3AvdMI4wjgX/fc0+EeOY49dtY1jAzmB1Az3EiyylaV9bDlmGLvbDpOaw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tymUikdw9Pj7YpIRheKe3cYqgiSE09UVWi1LtAKjlkI=; b=DWc+jRF8eSPhWxzmWPiQTCRsWUxKv0v7ooIpnJLdAMlhncRimC+KoijbwOXz+ROw3Sogf+QR6nAmOWJLRqWJ2ELPyU64yXlGWXvMgY53x9SNsrn9jiUqPgy14gCeE6oQ1UxrI38H1CCGVgEItJC1gyjbeDYS7c11sUa8aPetsLs=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0691.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.20; Thu, 14 Oct 2021 22:05:03 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4587.030; Thu, 14 Oct 2021 22:05:03 +0000
From: Roman Danyliw <rdd@cert.org>
To: Balázs Lengyel <balazs.lengyel@ericsson.com>, The IESG <iesg@ietf.org>, Benoit Claise <benoit.claise@huawei.com>
CC: "draft-ietf-netconf-notification-capabilities@ietf.org" <draft-ietf-netconf-notification-capabilities@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
Thread-Index: AQHXusEEmwF+bzifT06dnLNQ89wx/KvGORkAgAAz9CA=
Date: Thu, 14 Oct 2021 22:05:03 +0000
Message-ID: <BN1P110MB0939A8742E5B9388F80EFF8BDCB89@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <163353160729.6935.6720178743008561525@ietfa.amsl.com> <AM8PR07MB82304034FEC17E5A77BA0296F0B09@AM8PR07MB8230.eurprd07.prod.outlook.com>
In-Reply-To: <AM8PR07MB82304034FEC17E5A77BA0296F0B09@AM8PR07MB8230.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ericsson.com; dkim=none (message not signed) header.d=none;ericsson.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f112e47d-a6e1-492c-3011-08d98f5eacab
x-ms-traffictypediagnostic: BN1P110MB0691:
x-microsoft-antispam-prvs: <BN1P110MB069112FE2DE4C1B2D98548FADCB89@BN1P110MB0691.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kTRTFjUUEfV/2IbVegz5VLTHKzk8iJky10cp87LiIbqV4mujTPf0+rUr2dqNG9KErwSJ1RiwofsQdUGSb8jNaMwyF5Q+4h+QmKjjpqMbI307N9fS3PawEsi1Fv3Yr27+JuprMruttp1+AdmSyfWs11A1pNk4lsFMsW2J0Dqg+oXW2V6A77zotnfRcGmbHXbLNFZq3P5GlcwuzN/HwPwpfgynkPfgUPLSaoQBX+w/3KltSe9zSD50WAT0xU69JYyLIbIWZuJ4oZBhLe1ct1iVQVhJbAQ93d/r3hHTqzcHCerKSxH7V6qSLcs8YRpccD8aZXiFICEKLrbtRgfl2FVEAldyEebNJV8xj6MFuNHNnnbzGuVMtR3RG0PaaaHKrK5FS9zTRF2o+oc6VrZKoGGGBojx14Hj/ca4/2iIcA0hkFL8zizDprpa1QGU11eBF3+puJ3DlUYGyBNj9vZav6nxaeT3VdchEK/48nBK0BDkwyvOvZTGhhjBIeg7BKo3OGOmUeRRQiABvSg90oJ3Ay3cv+EopJz7wqhC/GUQ0nFSDJ8L57I2QeljzglSWNBXW83sVIceeWiTwBNa38cWFVo8TT0ut42FEz2jkk8B0UhuqklbMATWyxuLwThm8O/AOrCII9ccJB/ILt//aTJbRp75VpA/HtCOd++XcURk1ZfRe98/DHLmejqhyT6UB/SqkGwYOnAbTdVnhiRYkpS57KWlqA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(122000001)(66946007)(52536014)(4326008)(66556008)(2906002)(6506007)(64756008)(66476007)(33656002)(66446008)(66574015)(38100700002)(53546011)(186003)(8936002)(83380400001)(38070700005)(110136005)(55016002)(7696005)(54906003)(76116006)(9686003)(86362001)(82960400001)(498600001)(71200400001)(8676002)(5660300002)(15650500001)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5eR6wpwWkaLkcHqzslOUe4hbXWsV1n36lhtzZ0yOnAjbm8p8/aAYrecUSfjo1qaeuimpbTCfgRtNFpfJi+JpY8e7oBbt26jN01+LndVYIYg5afQY/C8gaM+oIAv0FbZ1zg10lszZUaG6Nmw7rLwFHrp41m0o92u4DVpQIgHTn3u6wfqdPVpYA3B/N9SIx/Pe40vncuqco9y0/j8JE3vP9+9M+DPzs3Y/YJCJvEZ02xA1cOz48YXQuPs9+5xnXouW+UBXdqH+xhqMlk/ffutfV0jB8FYhNrPPHTE1K8hg56UqM/Q2CXApMlbNR86g/kZXcTFbHOwp3uyGMBuguFspcIRQ2CWFmTizF524Hv9wj0CjrJZ28BrbGmWIa7DXimkekIrZiwn8/ZBmFV2ZI95AzfQC3hADnPIWk7AgAVuDq1QKVvqVXctjYWmXzAncH6aVUgdyuy5py9UGg0urUNeiPapds8HMfO/FBZWWFmbE9c16xOPGhjTIS07yd9A4t60jzO76FCF++BwLhmkcUHYRc3niGE2AsC0nH/jJ8P4AnSRj3/hFS5WDe0XYv/z4C7eQM5AXBxgmv38nMgscqEcRYLR5lw62nhuhl2EQkJWQSATcj8ue1v9pKsMG3GQkf1/xvpJULwLerQF4+xMEYcFvT3Dc50mRLOhBmSqAxSDYJOAv5InoPh3qX7uDreFfkvy8Zea6SBV6yxy88Vzzn7sLMB9C/QU2aHCAyNsQ8woDjFNPwCrmDsv3zaFi4juE04/Jyjs7UR3/iRMAeYRzTNB/XQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f112e47d-a6e1-492c-3011-08d98f5eacab
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2021 22:05:03.4844 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0691
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/zIBdAhPj6CXpxyZEtKEEowADfg0>
Subject: Re: [netconf] Roman Danyliw's Discuss on draft-ietf-netconf-notification-capabilities-18: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2021 22:05:27 -0000
Hi Balázs! Thanks for the changes in -20 and your explanations below. This new text addresses my concerns so I've cleared my ballot. Minor comments inline ... > -----Original Message----- > From: Balázs Lengyel <balazs.lengyel@ericsson.com> > Sent: Wednesday, October 6, 2021 1:27 PM > To: Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org>; Benoit Claise > <benoit.claise@huawei.com> > Cc: draft-ietf-netconf-notification-capabilities@ietf.org; netconf- > chairs@ietf.org; netconf@ietf.org; Kent Watsen <kent+ietf@watsen.net> > Subject: RE: Roman Danyliw's Discuss on draft-ietf-netconf-notification- > capabilities-18: (with DISCUSS and COMMENT) > > Hello Danyliw, > Thank you for the review. We will use your comments to improve the draft, but > I am not sure we understood some of your comments. See detailed answers > below marked as BALAZS. > Regards Balazs > > -----Original Message----- > From: Roman Danyliw via Datatracker <noreply@ietf.org> > Sent: 2021. október 6., szerda 16:47 > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-netconf-notification-capabilities@ietf.org; netconf- > chairs@ietf.org; netconf@ietf.org; Kent Watsen <kent+ietf@watsen.net>; > kent+ietf@watsen.net > Subject: Roman Danyliw's Discuss on draft-ietf-netconf-notification- > capabilities-18: (with DISCUSS and COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-netconf-notification-capabilities-18: Discuss > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capabilities/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The text contains contradictions on how to handle implementation-time use > case that might use the YANG file format. > > (a) Section 2. “The file MUST be available already at implementation time, > retrievable in a way that does not depend on a live network node. E.g., > download from product website.” > > (b) Section 2. “The YANG modules specified in this document define a schema > for data that is designed to be accessed via network management protocols > such as NETCONF [RFC6241] or RESTCONF [RFC8040]. … The Network > Configuration Access Control Model (NACM) [RFC8341] provides the means to > restrict access for particular NETCONF or RESTCONF users” > > (c) Section 2. “When that data is in file format, data should be protected > against modification or unauthorized access using normal file handling > mechanisms.” > > (a) – (c) cannot all be satisfied at the same time. (b) seems to only apply to the > run-time use cases. (a) and (b) seem to apply to the implementation time use > cases. Please make this clearer. > > Per (c), it might be clearer to keep this text, but also noting that using the > YANG file format inherits all of the security considerations of draft-ietf-netmod- > yang-instance-file-format which has additional considerations about read > protections; and distinguishes between data at rest and in motion. > > BALAZS: > About (a) – (c): Why can't (a) and (c) be satisfied at the same time ? (a) states > that the information should be available in a file. (c) states that the file must be > protected. What is the problem? Please explain. We are in agreement (a)+(c) are consistent; it's (a)+(c) vs. (b) that I meant specifically as you noted below. > About (b) OK. We will extend section 6 first sentence: > The YANG modules specified in this document define a schema for data that is > designed to be accessed via network management protocols such as NETCONF > [RFC6241] or RESTCONF [RFC8040] > + or as YANG instance data. That works for me. > The modify section 6 last paragraph to: > When that data is in file format, data should be protected against > modification or unauthorized access using normal file handling > + mechanisms. > + The data in file format also inherits all the security > + considerations of [draft-ietf-netmod-yang-instance-file-format] which > + has additional considerations about read protections; and distinguishes > + between data at rest and in motion. > > (a) and (b) are included in a paragraphs that start with > "For the implementation-time use case" > "For the run-time use case" > Please suggest some text, if needed. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Barry Lieba for the SECDIR review. > > ** Section 6. I’m surprised by the statement that “The data in these modules is > not security sensitive” given that the specific YANG module that might be > annotated is unknown. Would it be possible for an attacker to glean any > topology information by reviewing the notification properties of module? > Could they poll this interface to inform real-time targeting since Section 1 > notes that “capabilities might change during run-time”? > BALAZS: Topology information is not exposed by ietf-system-capabilities or ietf- > notification-capabilities. Information could be gleaned about supported > modules (and the schema tree) but not about the instance data stored > according those modules. So, you may learn that there is a module listing > interfaces, but you will not be able to learn what specific interfaces are present. > The same information about supported modules available is already available > from the mandatory module ietf-yang-library.yang. Understood. So worst case you could maybe fingerprint the type or class of device, but not its configurations. Thanks for explaining it. Thanks, Roman
- [netconf] Roman Danyliw's Discuss on draft-ietf-n… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Andy Bierman
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Balázs Lengyel
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Roman Danyliw
- Re: [netconf] Roman Danyliw's Discuss on draft-ie… Benoit Claise