IETF Logo Mail Archive

Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)

Randy Presuhn <randy_presuhn@mindspring.com> Wed, 23 March 2016 03:57 UTC

Return-Path: <randy_presuhn@mindspring.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 956EC12D8CA for <netmod@ietfa.amsl.com>; Tue, 22 Mar 2016 20:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.291
X-Spam-Level:
X-Spam-Status: No, score=-0.291 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L4=2.399] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (384-bit key) header.from=randy_presuhn@mindspring.com header.d=mindspring.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-Wbl2Ewlf96 for <netmod@ietfa.amsl.com>; Tue, 22 Mar 2016 20:57:23 -0700 (PDT)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by ietfa.amsl.com (Postfix) with ESMTP id 6772912D8AF for <netmod@ietf.org>; Tue, 22 Mar 2016 20:57:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=YOoe/D0QZ6olPz3JGW0VT9+C0aShCPp56xZa8fkZu2hAKHP6EITOJVq8l05eByJP; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.47] (helo=elwamui-rubis.atl.sa.earthlink.net) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <randy_presuhn@mindspring.com>) id 1aiZuy-000249-P9 for netmod@ietf.org; Tue, 22 Mar 2016 22:57:12 -0500
Received: from 76.254.50.119 by webmail.earthlink.net with HTTP; Tue, 22 Mar 2016 23:57:12 -0400
Message-ID: <33092781.1458705432558.JavaMail.wam@elwamui-rubis.atl.sa.earthlink.net>
Date: Tue, 22 Mar 2016 20:57:12 -0700
From: Randy Presuhn <randy_presuhn@mindspring.com>
To: netmod@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: 4488c18417c9426da92b9037bc8bcf44d4c20f6b8d69d888857e9f10d2205ddcd934ed29ba77998a21a7fee972289924350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.47
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/G9-N5-7D5UmDcSZqG_ZQGdmMX-I>
Subject: Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Randy Presuhn <randy_presuhn@mindspring.com>
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 03:57:24 -0000

Hi -

>From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
>Sent: Mar 22, 2016 9:23 AM
>To: Eliot Lear <lear@cisco.com>
>Cc: "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, "draft-ietf-netmod-yang-json@ietf.org" <draft-ietf-netmod-yang-json@ietf.org>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
>Subject: Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)
>
>On Tue, Mar 22, 2016 at 05:12:24PM +0100, Eliot Lear wrote:
>> Hi Juergen,
>> 
>> On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote:
>> > I think such considerations belongs into documents making use of
>> > object signatures and close to 100% of the YANG models today don't
>> > so I do not even think this qualifies for RFC6087bis.
>> >
>> 
>> I think there are AT LEAST two areas where signatures are going to be
>> necessary:
>> 
>>   * There exist multi-level authorization schemes today that rely on
>>     signatures.  Those have to be transported.
>>   * Manufacturer usage descriptions (MUDs) have extremely broad scope in
>>     terms of the number of devices that are intended to use the same
>>     description (think thousands to millions).  And so an unauthorized
>>     change could have a similarly broad impact.
>> 
>> 
>> Thus, wherever the YANG experts think signatures should happen in each
>> encoding case is fine with me; but I'd suggest that I'm not the only
>> person who's going to want to know.  Is it THAT hard to at least add a
>> reference?  Because if it is, that would cause me to wonder if the
>> mechanisms are really in place to do the right thing.
>> 
>
>Eliot,
>
>I simply fail to understand what the problem is and I fail to see
>which addition (ideally in concrete words) is proposed to fix the
>problem.

The problem is that the current approach does not address representing
blobs of configuration data as (signed) documents independent of the
protocol used for shoveling those blobs around.

Randy

v2.23.0 | Report a Bug | By Email