Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)

Eliot Lear <lear@cisco.com> Thu, 24 March 2016 13:18 UTC

Return-Path: <lear@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C87412D12D for <netmod@ietfa.amsl.com>; Thu, 24 Mar 2016 06:18:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5g935lgYKyU3 for <netmod@ietfa.amsl.com>; Thu, 24 Mar 2016 06:18:15 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F5D112D0D9 for <netmod@ietf.org>; Thu, 24 Mar 2016 06:18:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2592; q=dns/txt; s=iport; t=1458825494; x=1460035094; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=yjzkg8vOjOifmXMAiAnWaNRmZsBG4kaH7/IpWlbubfQ=; b=K7NZezQip3Uf/iP/z5hIHamcjJiyyRsmmh3IBV8JP5A+5hLkNZi4T9LR DGiK0J9J0DnvpsVPAVFnOW6YeOJjeCQfHRaKno6ZBLpAuZ7lPvWIKpx3v CsRlZj3p9CDP724Nb/3a9QwV0+9h7s/O+TqllvGhXbfhAitY6fB3FeXOD 0=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CpBABp6PNW/xbLJq1evUaEDYYNAoF5AQEBAQEBZSeEQgEBBCNVARALGAkWCwICCQMCAQIBRQYBDAgBAYgjsCKQZwEBAQEBAQEBAQEBAQEBAQEBAQEPCIpihzyCVgEEl16DHoFmiQCJN4VUjwligjCBNjuKBAEBAQ
X-IronPort-AV: E=Sophos;i="5.24,385,1454976000"; d="asc'?scan'208";a="634696523"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Mar 2016 13:18:12 +0000
Received: from [10.61.202.49] ([10.61.202.49]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u2ODIBrs022468; Thu, 24 Mar 2016 13:18:12 GMT
To: Ladislav Lhotka <lhotka@nic.cz>, Kent Watsen <kwatsen@juniper.net>
References: <33092781.1458705432558.JavaMail.wam@elwamui-rubis.atl.sa.earthlink.net> <9530271B-7639-41EB-BFBA-E9772BB3F1F1@juniper.net> <B6E0FF6E-E676-42DE-B692-5E71808E5BDA@nic.cz>
From: Eliot Lear <lear@cisco.com>
Message-ID: <56F3E913.1070102@cisco.com>
Date: Thu, 24 Mar 2016 14:18:11 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <B6E0FF6E-E676-42DE-B692-5E71808E5BDA@nic.cz>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="f99F3XIs06AwA0EPG59jsdUdUjjcgvMP2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/ANWcAvnj6-f0x0UJNqeY2BTooO8>
Cc: Randy Presuhn <randy_presuhn@mindspring.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 13:18:17 -0000

Hi Lada,

On 3/24/16 1:12 PM, Ladislav Lhotka wrote:
> I am fine with adding this sentence although, as a matter of fact, the
> document does not define an infinite number of other mechanisms. There
> is no general requirement to support signing and encrypting for
> YANG-modelled data, also because, as Andy pointed out, our protocols
> so far demand a secure transport.

Just for context,  encrypted transport addresses only in flight attack. 
That's not always the only form that needs to be protected against.  At
least in the use case I'm dealing with, where an intermediary system –
one that is storing files – is attacked, and due to the scope of the
risk, we want an additional layer.  This also allows files to be passed
around without having to worry about the path.  That's not in my
specific use case today, but it is something that has been done.

Eliot