Re: [netmod] Roman Danyliw's No Objection on draft-ietf-netmod-yang-instance-file-format-20: (with COMMENT)
Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 06 October 2021 10:12 UTC
Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6A963A1A00; Wed, 6 Oct 2021 03:12:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KRx-ZdmP51l; Wed, 6 Oct 2021 03:12:36 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40058.outbound.protection.outlook.com [40.107.4.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE8FB3A19F8; Wed, 6 Oct 2021 03:12:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YDvagccppiKKIbZpcgVYS8WC5GMjtss1MrRUFs//8x6z3Oi9N0K7gO82Uqx+FZKqD8TddtAICoxzJc+pxWKoHwJJpTdSbd/reED8BLwgsuoxgyZ4zGGk95oe4AgH0hEbSy75FBCdzMNijMow7lL9I5WrytUWIBPvhzRLjYTXT3iAQYpswohF8QIhSjbwsNsjY44z5S3Nzbje42lOzUj5mMtA8GjxHscvN1YUDQAd6BJmZYAqYMybDZKDSowDJ69AO1ovXDMjpXdIdg/twD9NfYmZMwLVZA/0V+Lkqn2ig2LllPGqSJgKjdGd4LBfm3abmVc81Dk7MKnslHTn/dmzgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MSyrOKCcxoUHNeAVy33dVXqiELfIqUJTdSYEIM8GTCQ=; b=gZ/xi60+olG6gMfsAGqZOdkd67YzMX/MlINxC91RSFxFbxydubivGLT2ujYxF1D5rg/4nuuMgNre6Qwq+ID8IGd3fv8OFTV/2DIZ+s6AqKs2lNqxkFWcVG6oecq6ERrgh7hAa2XaEknI97MhO9Hos7QPUBR/10WmsM5Cu0G6uDCEssxBPkmNo5SIo0GuTFkNEcwkmDtYeM4oylCS3VVmgHmwVnztrDSGQF7fn5qIxYqBwqQycC+7mSY+D2ZLqUJDyij976GDdI6Cgy2RByIaq1i/IkU/3JBzN2fU27UI5pSXZ3s3JddedkVq8XgFjsMOSylM/T4BulEkn3+kj3BsvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MSyrOKCcxoUHNeAVy33dVXqiELfIqUJTdSYEIM8GTCQ=; b=WLZqakJ8zjoWcQux7rhF/RqY11FCNLDeS68UnSTQDYabatXIshkdPiGFL5WZqH3Nt/Mfw8fhmvAL9JNzTBJHQ2VRtbQqE9iM5kc+9mALisGwiRErWogzEsjTp5ptt3qgf9ylgklFdTvgydJ8Bn7BKnJrjyH40wjbSP8ROuKq0n8=
Received: from AM8PR07MB8230.eurprd07.prod.outlook.com (2603:10a6:20b:325::15) by AM8PR07MB8108.eurprd07.prod.outlook.com (2603:10a6:20b:36f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12; Wed, 6 Oct 2021 10:12:28 +0000
Received: from AM8PR07MB8230.eurprd07.prod.outlook.com ([fe80::7cd1:f5c7:9eea:a0d1]) by AM8PR07MB8230.eurprd07.prod.outlook.com ([fe80::7cd1:f5c7:9eea:a0d1%4]) with mapi id 15.20.4587.017; Wed, 6 Oct 2021 10:12:28 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-netmod-yang-instance-file-format@ietf.org" <draft-ietf-netmod-yang-instance-file-format@ietf.org>, "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-netmod-yang-instance-file-format-20: (with COMMENT)
Thread-Index: AQHXuinZZoG9ZNyR6Ey52Sf5PmOn5avFrtjg
Date: Wed, 06 Oct 2021 10:12:28 +0000
Message-ID: <AM8PR07MB823017A9AA6BC023BEDACF77F0B09@AM8PR07MB8230.eurprd07.prod.outlook.com>
References: <163346668230.2566.10168888768471053540@ietfa.amsl.com>
In-Reply-To: <163346668230.2566.10168888768471053540@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b76fa16c-f14e-4309-05e4-08d988b1cd4d
x-ms-traffictypediagnostic: AM8PR07MB8108:
x-microsoft-antispam-prvs: <AM8PR07MB81083A3E360FFD6164D8ACAFF0B09@AM8PR07MB8108.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ri0YTrHBFOR2TpcN8dKnAdyu2HNLY5cJoFCVLWzyrC4OFok1F5Zddhw3Fp5FKNBBXpZ35sbrYRkADQtbHawQ7+G8iRQUwxP3g4YxO8ynNrc73adVXjgrVcrQq6gvQlaT+lKJ9tjk4G+btgjdzQ1nEGtOnyVIcNu6c4pH5ZMwZdfm9kCceDCd/PSgx1Ge+8odlcV1taHFvka5G0kTctlHKcBz3Jx6skRMbfIKZq9nGNURs6ZJp/e7QxtVFjsEnR9zwKPHFIa47J6x7VLdgQtyXZv80FLuIpinprgvaU75XsAjBkqqrrjD0PiPzUvaezAgCAhExXGas9uUOAoM16LajqIuYsvs46UvLhY1at9PTatob4POutd2Nxsl25cduhizs+JG2cZ++5Kuik5lhRuM93QNtp+1mRC1B1jyZL8uJGNhhlav1pbX5VYcaxnDAJEzup8o3T3bK8qmWggb00xS8W2gog3AGSwJhTL3R1kSgoPJagzFep3SYJLmaj1gQl3ylNPzGRGCrQ2fz9wRrY3QxcTgOiNR+Ps2HMZvdnxNHSZqx4h9kAqHnvHmXgl1whQV3vI+p+PB0JRwEnv9hqvA7hSwYl0kxNm39F+PGV0x3KvX4yyoqQD/CYstDPJ+ML6u2yg07f4O+H+7xuNqR68oil84vRHlyCUEGh1QKUyg8CfWSkkZUgdWyNXdWvPhxIqwuU7DsIhUrJ9UXoq1vt8EHs7ZAnR0AorT0HASMZ8ItoTr2SzuXl9pkzF9drOozE49FM5ETBETSxQHYJ1XE1f88UplpzW5O37BZeheSXlh073SG/A4986Kr0Pn1kKh/7kx7xX8t9E0JvFGCuf35QnFKQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8PR07MB8230.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(85182001)(966005)(6506007)(66574015)(83380400001)(508600001)(85202003)(2906002)(7696005)(5660300002)(53546011)(110136005)(86362001)(71200400001)(316002)(52536014)(54906003)(33656002)(8676002)(66556008)(66476007)(76116006)(122000001)(66946007)(186003)(26005)(38100700002)(9686003)(99936003)(38070700005)(64756008)(8936002)(55016002)(66446008)(4326008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: N5WZJPgRniDum5unfaIZROFHC1Hf6Qm94xzbG212h6Ze+BwOFRv9kgzpfoFE0a/1XTK7VjDr9jz3qOh9sAGDa4J3lK3zjXmgvghjsHqsVoBlFiq7HsdbcJ6fZGgOBD8h5SCgMt8EusBxwXvw7J5Sf8f4JDxmLQf8WBR1RCTEjG0ehp4TeDrPazr7JDl7K955uRf9Ycr8wQcIfRWUDP4/2Qej0ahru3kTKfmIDwfJvyC6qUp/Z7idQc8Q6Oq3gGc7LfhiSvWj77HDYHaqwqYrT9348b5pMg+a9H+mkF0F5CI6MHcGi5Hgn6MTC0dbYnJda/W5zHcFTYRitYHpfA0eXCHBGxQrHVgp7MS5JV5BqY4NKAl6ukrdC7Plb6azrOESicmSUIQje+AgHVmztc3tcnHR2yDWwJUmePYr4VAjlNDdfb/Ilib0aEUq6VhTJMRetqs+THds02U3jWB6n3rQjA4lhzekqpW4pEVMd0tTGFmsZJ2AqoxohD2msfD7TSnVVE7yG2bzJ8MgF+MmNZ6MLk1HkmUmVrUEIGUSKMlWCbzOUOmckfEnwXzV1dVe9ot42dSozM0+Ry6o2LCx7qE0vXbdLyWWdMt6j+oRzmb/4ur6m+oCOz2v3bgrhY16MLNdmvpQ/KmRBSe5gdwMOwKDvRvy9HJaFkdBpI2AGGT3cbZPw8KLys22JX0H5jD3dQFQNEDCmpAE1VHmldGSDCkA0q+sWZ+t00+o6W5aQTXtKkIFgNVTYoy+k877q7u4CavGGHgbNR7xE/RsOWOIqx9bJRG85EPPj2MFKnWyah8OoioE6cW8gxQ+yMKECsyTnc5Yqlxdmgm3eEVZvH43xM7oXnNknXc1ixRufoP2PphGRrETGZjS15qVXL9B8XhIEETM8SkwFLVo+ShV+VPHv/kTKTuH4mwe04K6mW9rgi5V6G20pCaS7Qz+XC1AnD13vWrUBJf8S7atvwsEmZPURcv3ZNs5V97XPVHvzK8GYGsG/vpOtY5sPnJy6yczUzbA3NFRtJAzu3bkd0zqWwE11FkiABSpl2g3h4xLRvCc+WkdFgVKZojZr/OqedjRj3/UXWDXge2MNRIupCACMRZSfzbtfLPLBUc7WI42ETiIZjux/pzi8cEl4JGpiO9e3/k2708qH5WDY44To/DRJtRo4yMFQhgiPqjfBCgWHxvCSiSnUOCEVsE7M6iXLCozxZsIAuLkLhDWiBPxFvjVPsfvSMLLJCXZkWbCzhpikKSVvqH1SATP38U6sv+4kKHRNU9d4hSnyh/Ia+fJGddGYG/xQ4lqAenrxJc6D74E1A/6SS0rNCM=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_037E_01D7BAAB.6D53EE70"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8PR07MB8230.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b76fa16c-f14e-4309-05e4-08d988b1cd4d
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2021 10:12:28.3695 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rmFgFz+zcPzjQFnZzy0NAL/5YqL1SedOm8Rz1N3eJw3c86Az3wmNH6E9B5HTlFqS6JHGajniDU6jLAyRCmfxXJ7XPAzGc00NK1xio2I0/nU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8108
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/LCQDYoqAnc7Nx4ujjBTtg4PbEKA>
Subject: Re: [netmod] Roman Danyliw's No Objection on draft-ietf-netmod-yang-instance-file-format-20: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 10:12:42 -0000
Hello Roman, Thank you for the thorough review. I used your comments to improve the draft. See my detailed answers below as BALAZS: Regards Balazs -----Original Message----- From: Roman Danyliw via Datatracker <noreply@ietf.org> Sent: 2021. október 5., kedd 22:45 To: The IESG <iesg@ietf.org> Cc: draft-ietf-netmod-yang-instance-file-format@ietf.org; netmod-chairs@ietf.org; netmod@ietf.org; Kent Watsen <kent+ietf@watsen.net>; kent+ietf@watsen.net Subject: Roman Danyliw's No Objection on draft-ietf-netmod-yang-instance-file-format-20: (with COMMENT) Roman Danyliw has entered the following ballot position for draft-ietf-netmod-yang-instance-file-format-20: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netmod-yang-instance-file-format/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 2. instance-data-set-name ['@' ( revision-date / timestamp ) ] ( '.xml' / '.json' ) A syntax for an instance data file name is specified with normative language. However, this format is not explained is cited. BALAZS: The syntax is ABNF. It will be stated and referenced. ** Section 2. Editorial. OLD If the leaf "name" is present in the instance data header, its value SHOULD be used for the "instance-data-set-name" NEW If the leaf "name" is present in the instance data header, its value SHOULD be used for the "instance-data-set-name" in the filename. BALAZS: OK, will be updated. ** Section 2. Description of the instance data set. The description SHOULD contain information whether and how the data can change during the lifetime of the server I found this definition of the description confusing as Figure 1 – 3 don’t seem to describe “whether and how the data” will change. BALAZS: Good catch. The information will be added to the examples. ** Section 2.1.1. Per “The inline-yang-library anydata data node carries instance data (conforming to ietf-yang-library@2019-01-04)”, please provide a reference to “ietf-yang-library@2019-01-04”. BALAZS: OK, will be updated. ** Section 4. Please note the risk of using same-schema-as-file, especially if these configs are not integrity protected or received from outside sources. Per https://, there are the risks of loading remote content. Section 7 of RFC3986 is a good reference. Per file://, there are things list directory traversal. BALAZS: OK, will be added to security considerations. ** Section 4. Per “The header part is not security sensitive with one possible exception … the URI method”, I’m not sure that such a strong statement can be made given the lack of application context. For example, the description leaf in the header could include sensitive information, say ‘Latest test router config for new super secret Aqua-Violet flying car project’. This text needs to either have a caution that that this header is "unprotected so do not put in sensitive information unless this file is protected", or clarify that more in the header than the URI could be sensitive. BALAZS: OK, will be updated. ** Section 4. Thanks for the language trying to create equivalency between the protections of the file and the YANG store that would house it on a live system. Recommend making this text clear to say this applies to both at rest and in motion data. OLD The same kind of handling should be applied, that would be needed for the result of a read operation returning the same data. NEW (roughly) The same kind of handling should be applied to this file at rest and in transit that would be needed for the result of a read operation returning the same data. These in-transit protection mechanisms will also mitigate integrity issues when transporting the file. BALAZS: OK, will be updated.
- [netmod] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
- Re: [netmod] Roman Danyliw's No Objection on draf… Balázs Lengyel