Re: [netmod] Kathleen Moriarty's Discuss on draft-ietf-netmod-revised-datastores-09: (with DISCUSS)
Randy Presuhn <randy_presuhn@alumni.stanford.edu> Fri, 12 January 2018 19:37 UTC
Return-Path: <randy_presuhn@alumni.stanford.edu>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 464F612D873 for <netmod@ietfa.amsl.com>; Fri, 12 Jan 2018 11:37:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N03MJrLADwtk for <netmod@ietfa.amsl.com>; Fri, 12 Jan 2018 11:37:26 -0800 (PST)
Received: from mail-pg0-f53.google.com (mail-pg0-f53.google.com [74.125.83.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AFDA12D877 for <netmod@ietf.org>; Fri, 12 Jan 2018 11:37:24 -0800 (PST)
Received: by mail-pg0-f53.google.com with SMTP id 136so4647263pgd.8 for <netmod@ietf.org>; Fri, 12 Jan 2018 11:37:24 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BEOHcqKpn+hdVYrSNbkOAy1Cg2FUhroS6cmpOpLivQg=; b=Shbnb8Xzb9nS2ba66MQjryHNssl4iTOcODDKEBMgJ4l+vHkQYYxVpawy4JX9YdtZWQ U4vHobjCvWMFguIpozQI3Akyu2BjMat1GbO4FRPWI0SgGsNkhjALe4gD2CxclM4KUNFb zH0Pd8gABgjmiKIFiBLf4E3YdlJxPLYg7BB/hpM8HSzaD7yunPwUHRw58JC7LibJhHvb fvC4WZmt6/QlWcqwLV+dyXd4UIab48C4QaWPx2jyEiOAzUVZIFUahbmpimrqkDzSGhL2 vANmbc8XTSMDEzKlSeldzuHseTRFYWIoKKXEyGqDoGmGvU1IWll3O64T6gdbSrgKjWrh hyvw==
X-Gm-Message-State: AKwxyteJCaxIETusxYIcaEmw+Dc9XOPU5Gl3u0YE2fYutDJb0qBO2oD+ L4wciqGScuB6GITBPEjAsoyfp7z9dWo=
X-Google-Smtp-Source: ACJfBouGyO3uGEK8+O0/lhU+T3tFguRgUvdBS5Ri2iHK7IgeCjReRiSzqLg3qQt2CWmcbHLMOAx/EQ==
X-Received: by 10.98.69.82 with SMTP id s79mr7944337pfa.214.1515785843517; Fri, 12 Jan 2018 11:37:23 -0800 (PST)
Received: from [192.168.1.101] (c-24-130-218-233.hsd1.ca.comcast.net. [24.130.218.233]) by smtp.gmail.com with ESMTPSA id g13sm988451pfe.50.2018.01.12.11.37.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jan 2018 11:37:23 -0800 (PST)
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-netmod-revised-datastores@ietf.org, Lou Berger <lberger@labn.net>, netmod-chairs@ietf.org, netmod@ietf.org
References: <151561207372.18313.8094240527199424975.idtracker@ietfa.amsl.com> <20180110194529.3myrio6vrvsn3jjh@elstar.local> <CAHbuEH6WXMU6RknQdfuq30zhbUycQtFRW54hOT9WkwR8g2Rsxg@mail.gmail.com> <20180111075218.3tu65mthzlnef3bi@elstar.local> <CAHbuEH5tDDaTQwNHpsoWU7DUWYp8o945vm6VpVydJh2AEarMiQ@mail.gmail.com> <20180112094500.ymlrkswjfgkhibef@elstar.local> <CAHbuEH72gz5poJa+rxiaxxvMHk7zKhQvz_cuX+DimPGG6QGyNw@mail.gmail.com> <20180112160020.ovnu3xtns5y325ug@elstar.local>
From: Randy Presuhn <randy_presuhn@alumni.stanford.edu>
Message-ID: <b28ca08f-bff9-0412-379c-a6c13aec4b18@alumni.stanford.edu>
Date: Fri, 12 Jan 2018 11:37:17 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <20180112160020.ovnu3xtns5y325ug@elstar.local>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/5Xse6fpRQE2r2vQ4mzxGUtT_PV8>
Subject: Re: [netmod] Kathleen Moriarty's Discuss on draft-ietf-netmod-revised-datastores-09: (with DISCUSS)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 19:37:36 -0000
Hi - On 1/12/2018 8:00 AM, Juergen Schoenwaelder wrote: > On Fri, Jan 12, 2018 at 09:23:28AM -0500, Kathleen Moriarty wrote: >> Hi Juergen, >> >> On Fri, Jan 12, 2018 at 4:45 AM, Juergen Schoenwaelder >> <j.schoenwaelder@jacobs-university.de> wrote: >>> On Thu, Jan 11, 2018 at 11:03:30AM -0500, Kathleen Moriarty wrote: >>>> Hi Juergen, >>>> >>>> Thank you very much for the additional information. This was very >>>> helpful. Benoit and I discussed it a bit further on the telechat and >>>> some text changes in the introduction and security considerations >>>> section to provide some of this information for the reader will be >>>> helpful. I got the explanations and appreciate them and from the >>>> explanations, my discuss questions have been answered and I'll switch >>>> this to a no objection leaving you and Benoit to add the text as >>>> helpful for other readers. >>>> >>> >>> Kathleen, >>> >>> we propose to add this text to the security considerations: >>> >>> The origin metadata annotation exposes the origin of values in the >>> applied configuration. Origin information may provide hints that >>> certain control plane protocols are active on a device. Since origin >>> information is tied to applied configuration values, it is only >>> accessible to clients that have the permissions to read the applied >>> configuration values. Security administrators should consider the >>> sensitivity of origin information while defining access control >>> rules. >> >> Thank you, that is very helpful. Would it also be possible to add >> text in the introduction on where the data for these values comes from >> (the device itself)? > > The Introduction does not really talk about the origin annotation > details and hence it seems such text would be misplaced or at least > confusing to read. The definition of origin is in section 5.3.4. This > section starts with: > > As configuration flows into <operational>, it is conceptually marked > with a metadata annotation ([RFC7952]) that indicates its origin. > > Since the whole data flow between datastores resides on a 'device', it > seems clear that the origin values are added by the device itself. And > if any clarification is needed, I think it belongs into 5.3.4 and not > into the Introduction. Except when the netmod server is acting as a "front" for other devices. Randy
- [netmod] Kathleen Moriarty's Discuss on draft-iet… Kathleen Moriarty
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Juergen Schoenwaelder
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Kathleen Moriarty
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Juergen Schoenwaelder
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Kathleen Moriarty
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Juergen Schoenwaelder
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Kathleen Moriarty
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Juergen Schoenwaelder
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Kathleen Moriarty
- Re: [netmod] Kathleen Moriarty's Discuss on draft… Randy Presuhn