Re: [netmod] Alissa Cooper's Discuss on draft-ietf-netmod-acl-model-19: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 26 September 2018 21:56 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD03F130DE1; Wed, 26 Sep 2018 14:56:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YS44w4RVcO8t; Wed, 26 Sep 2018 14:56:40 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68BBB130DD4; Wed, 26 Sep 2018 14:56:39 -0700 (PDT)
X-AuditID: 12074425-e41ff700000028dd-67-5bac00943071
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 79.B2.10461.5900CAB5; Wed, 26 Sep 2018 17:56:37 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w8QLuY4f009182; Wed, 26 Sep 2018 17:56:35 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w8QLuU30031656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 26 Sep 2018 17:56:32 -0400
Date: Wed, 26 Sep 2018 16:56:29 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Alissa Cooper <alissa@cooperw.in>
Cc: IESG <iesg@ietf.org>, netmod-chairs@ietf.org, kwatsen@juniper.net, draft-ietf-netmod-acl-model@ietf.org, netmod@ietf.org
Message-ID: <20180926215629.GS24695@kduck.kaduk.org>
References: <153799684957.21582.5904060939193716725.idtracker@ietfa.amsl.com> <20180926212503.GR24695@kduck.kaduk.org> <2AF434E7-C7C7-429F-9D0A-FFD9F6A06AD4@cooperw.in>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2AF434E7-C7C7-429F-9D0A-FFD9F6A06AD4@cooperw.in>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmleLIzCtJLcpLzFFi42IR4hRV1p3KsCbaYMIVTYvpZ/4yWvz6tJvJ YsaficwWB+awW6zuVbOYf7GR1YHN48uTl0weS5b8ZPK43nSVPYA5issmJTUnsyy1SN8ugSvj 97ZmxoJmnooz768wNTA+4+hi5OSQEDCR+Hv9DXMXIxeHkMBiJokTS68zQTgbGSXeTljNCOFc ZZK4+WAyG0gLi4CqxNm7R9hBbDYBFYmG7svMILYIUPzqsR9sIA3MAq2MEkvbl7KCJIQFUiQ6 LzaBFfEC7bvWchosLiSwhlFi7bwsiLigxMmZT1hAbGYBLYkb/14CncEBZEtLLP8HdiqngJ3E 1oXbwW4QFVCW2Nt3iH0Co8AsJN2zkHTPQuhewMi8ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdC LzezRC81pXQTIyis2V1UdzDO+et1iFGAg1GJhzdi/epoIdbEsuLK3EOMkhxMSqK8CnuBQnxJ +SmVGYnFGfFFpTmpxYcYJTiYlUR4120HyvGmJFZWpRblw6SkOViUxHkntSyOFhJITyxJzU5N LUgtgsnKcHAoSfDu/w/UKFiUmp5akZaZU4KQZuLgBBnOAzQ8EaSGt7ggMbc4Mx0if4pRUUqc txMkIQCSyCjNg+sFpR2J7P01rxjFgV4R5vUGqeIBpiy47ldAg5mABk/oWQEyuCQRISXVwMjA kb1L+2AB26pA7pxbIqfSd23P6628zd379dbGmbcEn2q1R+n7LfGd4R767nrjuvXn0wtmSDa/ 4Q9KftPBukv3X1Z6zDYFg0a/D7Olbp2foX3EXD33iJHwwYWaX/eem1j8/ewUNnuzigy3Ays8 Ul7fONQWb7ct9XW1+0U33e74WVweOVtXhymxFGckGmoxFxUnAgCn6JeaFgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/M7Eo_eEMKK2_exudoZvMNB5mokM>
Subject: Re: [netmod] Alissa Cooper's Discuss on draft-ietf-netmod-acl-model-19: (with DISCUSS and COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 21:56:42 -0000

It looks like I was thinking of the review of draft-ietf-opsawg-nat-yang,
not this one -- sorry for the mixup!  (And thanks for spotting the issue!)

-Benjamin

On Wed, Sep 26, 2018 at 02:39:23PM -0700, Alissa Cooper wrote:
> This is in the -19:
> 
> /*
>     * Logging actions for a packet
>     */
>    identity log-action {
>      description
>        "Base identity for defining the destination for logging actions";
>    }
> 
>    identity log-syslog {
>      base log-action;
>      description
>        "System log (syslog) the information for the packet";
>    }
> 
>    identity log-none {
>      base log-action;
>      description
>        "No logging for the packet";
>    }
> Is there a more recent version?
> 
> Thanks,
> Alissa
> 
> > On Sep 26, 2018, at 2:25 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> > Just on the logging point...
> > 
> > On Wed, Sep 26, 2018 at 02:20:49PM -0700, Alissa Cooper wrote:
> >> 
> >> Sec 5:
> >> 
> >> In this section or elsewhere it would be nice to see a sentence noting that
> >> this YANG model allows the configuration of packet logging, which if used would
> >> additionally warrant protections against unauthorized log access and a logs
> >> retention policy.
> > 
> > My understanding is that this was removed entirely from the document in
> > response to the secdir review.  Could you double-check which version you
> > were looking at, or if the current version still is problematic?
> > 
> > Thanks,
> > 
> > Benjamin
>