IETF Logo Mail Archive

Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)

Andy Bierman <andy@yumaworks.com> Tue, 22 March 2016 16:51 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFC512DAFA for <netmod@ietfa.amsl.com>; Tue, 22 Mar 2016 09:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_CSsI97hTpN for <netmod@ietfa.amsl.com>; Tue, 22 Mar 2016 09:51:36 -0700 (PDT)
Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C48012DC25 for <netmod@ietf.org>; Tue, 22 Mar 2016 09:50:02 -0700 (PDT)
Received: by mail-lf0-x22a.google.com with SMTP id e196so39924842lfg.1 for <netmod@ietf.org>; Tue, 22 Mar 2016 09:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=I6zgiupFKidPlDOg4uO3ug2MUVbc6nHV/mPh2gzZCek=; b=PSg1SWlPhiP6kwIm9JqS2SF9j8qmBOmiuhmOFE314C01cB5lv3RQdk2+4bBPhEdx+S F6rVdAAXewkPCzC9i+37f8gGVD2bPqcJSmDuMDj/VXhO4jrSLDwUcX/0CMvf9E1F+Fy0 lZw4mmPvfVeMvHpP2y1HaXu2eUHcUbIVqSAbtPBoH2eX6PnJaNn1OHS5ak/pxPulflf1 qlVXqHhzmzvPT8zAnnRCara73yoiOJ0s03NvHlgaEWBgCYk49Le1tAllSfrFQ0lOMsWI /nuEc9+f1DOb91wCqd71BjiP/NfOifwHl6fBANTBR/kGyZFmKP1zs7QCTHlU/Bu0PCmq 9eQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=I6zgiupFKidPlDOg4uO3ug2MUVbc6nHV/mPh2gzZCek=; b=Bxu23XR+9RqHXyPDoUCMYN67UQxtujeOyAk3wknfSAHsY0PgJ3mxUhbc5Mtgw7fKFA Ls8NMAZJDxbHcJ+kHguadYmRlv8qQN63HDByyxgAIwunUXM95RKLSJSQ3+hjsByBFSJY j6pf9mVc1GxSHaMs8C42xzEgeP2J76O9kuMs0zqmfmIvCpmE/gzh5SH1J/vkwshUI30C j3QjzIAMu4vLeEKgPpXDV8tWX06nfc2UvBLr1LoY+HxHfr5LdeMAIaOt3GlSGeOCwTFi 3RJVZhlYoVjWJ336h1W+JHibSLNPIzm2C/arBzRvK2kQwUwSpkKFxE2p/GmArKzG9OJJ /Klw==
X-Gm-Message-State: AD7BkJIc1+yUP2T8bgWR2Dlq5+E142AdbjF7EKw4DtqRI2u7sDV5KGs+kBQKSa6p6soEuflHJ4XFp9A9naoDfg==
MIME-Version: 1.0
X-Received: by 10.25.85.145 with SMTP id j139mr13655603lfb.131.1458665400385; Tue, 22 Mar 2016 09:50:00 -0700 (PDT)
Received: by 10.112.135.97 with HTTP; Tue, 22 Mar 2016 09:50:00 -0700 (PDT)
In-Reply-To: <20160322162336.GB65254@elstar.local>
References: <m2d1qnj2ec.fsf@birdie.labs.nic.cz> <20160321151914.GA62880@elstar.local> <56F0137B.3090103@cisco.com> <72154E94-3C00-438B-B177-35DB9216DF03@juniper.net> <56F02B21.3080103@cisco.com> <20160322081043.GA64402@elstar.local> <7DA81401-6AE5-4DCA-A8C7-3B41ED5B2C06@nic.cz> <56F15DBC.5050905@cisco.com> <20160322154223.GA65166@elstar.local> <56F16EE8.70703@cisco.com> <20160322162336.GB65254@elstar.local>
Date: Tue, 22 Mar 2016 09:50:00 -0700
Message-ID: <CABCOCHSxXfSbq8PFB7PfJ1mEx6fZnVAzPdv3h=pj5OU8aMgo7g@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Eliot Lear <lear@cisco.com>, Benoit Claise <bclaise@cisco.com>, Ladislav Lhotka <lhotka@nic.cz>, "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>, "draft-ietf-netmod-yang-json@ietf.org" <draft-ietf-netmod-yang-json@ietf.org>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a114059360966bb052ea601d6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/L4pWBAHlYMF9gkzZ6sCv7NG6vOo>
X-Mailman-Approved-At: Wed, 23 Mar 2016 09:03:28 -0700
Subject: Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 16:51:38 -0000

On Tue, Mar 22, 2016 at 9:23 AM, Juergen Schoenwaelder <
j.schoenwaelder@jacobs-university.de> wrote:

> On Tue, Mar 22, 2016 at 05:12:24PM +0100, Eliot Lear wrote:
> > Hi Juergen,
> >
> > On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote:
> > > I think such considerations belongs into documents making use of
> > > object signatures and close to 100% of the YANG models today don't
> > > so I do not even think this qualifies for RFC6087bis.
> > >
> >
> > I think there are AT LEAST two areas where signatures are going to be
> > necessary:
> >
> >   * There exist multi-level authorization schemes today that rely on
> >     signatures.  Those have to be transported.
> >   * Manufacturer usage descriptions (MUDs) have extremely broad scope in
> >     terms of the number of devices that are intended to use the same
> >     description (think thousands to millions).  And so an unauthorized
> >     change could have a similarly broad impact.
> >
> >
> > Thus, wherever the YANG experts think signatures should happen in each
> > encoding case is fine with me; but I'd suggest that I'm not the only
> > person who's going to want to know.  Is it THAT hard to at least add a
> > reference?  Because if it is, that would cause me to wonder if the
> > mechanisms are really in place to do the right thing.
> >
>
> Eliot,
>
> I simply fail to understand what the problem is and I fail to see
> which addition (ideally in concrete words) is proposed to fix the
> problem.
>
>

This seems like a protocol issue, not a data modeling issue.
NETCONF and RESTCONF both have very strict security requirements
to protect the instance documents which are intended to conform to YANG
schema.



> /js
>


Andy


>
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>

v2.23.0 | Report a Bug | By Email