IETF Logo Mail Archive

Re: [netmod] Alissa Cooper's Discuss on draft-ietf-netmod-acl-model-19: (with DISCUSS and COMMENT)

Alissa Cooper <alissa@cooperw.in> Wed, 26 September 2018 21:39 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4BCA130DDE; Wed, 26 Sep 2018 14:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=HoURWZ1V; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=CLF1mdiE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xaGTUxtFoJCP; Wed, 26 Sep 2018 14:39:28 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CC93130DC0; Wed, 26 Sep 2018 14:39:28 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id EB77B21B96; Wed, 26 Sep 2018 17:39:25 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 26 Sep 2018 17:39:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=xWpGs4os48tb3a8Gc1p2sKcvEAcOX hAf66qEGV/Wdrk=; b=HoURWZ1VquBrtdRT2D2hZsu/hMQe9bjEi1b1MK3fPA1ky IcWXfh+mLdnbQzLpzexvysxxprsyvXbK9UXnxsCWQzEmb2n0etQ4zEbC/Uu1bvVy KtPOB+g3+nQLMkS9mLQfGPCPeTR/9V62uY9HKodeiEBZGOcSHXIlRyjFxHdDFQQY XMAjbPWVYWXAbibvZMhTbeK4MVn2Qq17aI6IhAGszJKbhAvbaJCRFhGDiDKlOqs6 asT2pRHR6aqsWFKq6Kl5RvMUhdRvb+GBirXVvNI5A0Y/QBYNe9t1SDGNFrShkRPz jxXfo6KqQ8oHHAt8/PLefkKbkbzUpc3sns6Uf4bQA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=xWpGs4 os48tb3a8Gc1p2sKcvEAcOXhAf66qEGV/Wdrk=; b=CLF1mdiEvwoA7ntCzDoMr2 OUvBCGIPEBgRiACwursZNycFTfO6VRYM+4UBWAFUK/Jq7nYbfaQXWIPnfasNPS7m CdfNfjPcTtxB/2I9qyfk445JQR2WFo+iC39+NaNIfEKOtz1eB8k85NACYTh0yZLq Apx/XhPf3sXfj3YBTgqgMgI2VKBLpjznWWA4NhcLocN+QXL5VbY6Ka2EVhNaWtyi ZSF2PhvzkSpAdHNYPzYPclgsPHRDKTSPMA1NxMmTRZlSwD75VB7pC3D8T9dz2pCG Yzm9lL30HQBLoP0QvVfQVoZ/Egc2JI3ONH2ghzUs+4y/eFNsclU6XV3ykY4VjKBQ ==
X-ME-Proxy: <xmx:jfyrW-t16-f_LD_-p5vibbGB_mopHzTY9f4sdPpfsdtxUFlAEM_jlQ> <xmx:jfyrW47sbpovNx0G4xEagVPPeSAiYbPagRU8zONjjv3vytTGkQ4axg> <xmx:jfyrW-hrsXOJaJpAVF0u6OyFNwe9ni1ou6bi4DV-ve6GQleSows7wg> <xmx:jfyrW6LK0JcYyATNYeLGqe61MN6aOpjT59HmxTusCen1so4DDKyAig> <xmx:jfyrW8d5-RWabpJ4sHe2uJrzSkz7TmnGPdLjfvT6nh5J69ZGfV9ktg> <xmx:jfyrWzwbq-QPIATVxCGIA7ZcxGtZAs_ZkNLOOwW131TpnuQufCr0cA>
X-ME-Sender: <xms:jfyrWyzBolrePwczdMc_PXbC9MtmSf5D8KIDDcrJWn2v4KbqjD_bKA>
Received: from [10.154.183.69] (unknown [128.107.241.173]) by mail.messagingengine.com (Postfix) with ESMTPA id 17372E40A2; Wed, 26 Sep 2018 17:39:25 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <20180926212503.GR24695@kduck.kaduk.org>
Date: Wed, 26 Sep 2018 14:39:23 -0700
Cc: IESG <iesg@ietf.org>, netmod-chairs@ietf.org, kwatsen@juniper.net, draft-ietf-netmod-acl-model@ietf.org, netmod@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2AF434E7-C7C7-429F-9D0A-FFD9F6A06AD4@cooperw.in>
References: <153799684957.21582.5904060939193716725.idtracker@ietfa.amsl.com> <20180926212503.GR24695@kduck.kaduk.org>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/HQCUoTTZgSylBAqM-IkbXs1TGOM>
Subject: Re: [netmod] Alissa Cooper's Discuss on draft-ietf-netmod-acl-model-19: (with DISCUSS and COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 21:39:30 -0000

This is in the -19:

/*
    * Logging actions for a packet
    */
   identity log-action {
     description
       "Base identity for defining the destination for logging actions";
   }

   identity log-syslog {
     base log-action;
     description
       "System log (syslog) the information for the packet";
   }

   identity log-none {
     base log-action;
     description
       "No logging for the packet";
   }
Is there a more recent version?

Thanks,
Alissa

> On Sep 26, 2018, at 2:25 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> Just on the logging point...
> 
> On Wed, Sep 26, 2018 at 02:20:49PM -0700, Alissa Cooper wrote:
>> 
>> Sec 5:
>> 
>> In this section or elsewhere it would be nice to see a sentence noting that
>> this YANG model allows the configuration of packet logging, which if used would
>> additionally warrant protections against unauthorized log access and a logs
>> retention policy.
> 
> My understanding is that this was removed entirely from the document in
> response to the secdir review.  Could you double-check which version you
> were looking at, or if the current version still is problematic?
> 
> Thanks,
> 
> Benjamin

v2.23.0 | Report a Bug | By Email