Re: [netmod] security considerations boilerplate updates to cover RESTCONF
Benoit Claise <bclaise@cisco.com> Thu, 16 March 2017 07:37 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29817126C23; Thu, 16 Mar 2017 00:37:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syRv2ANtOZrl; Thu, 16 Mar 2017 00:37:44 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F0C3126BF7; Thu, 16 Mar 2017 00:37:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1402; q=dns/txt; s=iport; t=1489649863; x=1490859463; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=YimrlcwGJ30LdUnadAq+2kUh4+1vWD7VoEwJnWMEon0=; b=I7SeKDBeYn57ZL4Lh24ox2ywBx1hUcM0OGvmrAlgjc8oNG8Ps4UEWS/x rKnd0wULuuHZJjJExFVzt58/oaR4pCY8t1Pso7anscLQ9qimRk2LdibTK MGXXg9J6MMXTVzd0Eh6iC/FS8QO3DysjlA3W0wbbqD4nGebK+Lmz//1iU w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DDAgByQMpY/xbLJq1dGQEBAQEBAQEBAQEBBwEBAQEBhDIqj0OQZZMvgg+CDoYiAoNSFwECAQEBAQEBAWsohRYBBThRCw4KLlcGAQwIAQGJfLIdilQBAQEBAQEBAQIBAQEBAQEihk6CBYJqijkFnESSPYpUhlOLPIgPIAE2gQQjFggXFYcZP4l4AQEB
X-IronPort-AV: E=Sophos;i="5.36,170,1486425600"; d="scan'208";a="653305016"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Mar 2017 07:37:41 +0000
Received: from [10.60.67.87] (ams-bclaise-8916.cisco.com [10.60.67.87]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v2G7bePT019777; Thu, 16 Mar 2017 07:37:41 GMT
To: Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>, "sec-ads@ietf.org" <sec-ads@ietf.org>
References: <20170313212537.GB53972@elstar.local> <7de29e11-f045-b0a1-808f-38044f6f7352@cisco.com> <8E887FD1-9849-4A05-A43F-CF675056A7B5@juniper.net> <1fdc07f6-0434-a490-024d-af039877ae33@cisco.com> <20170316072757.GD59114@elstar.local>
From: Benoit Claise <bclaise@cisco.com>
Message-ID: <0138111b-6c95-0edc-23c4-2797312bb51a@cisco.com>
Date: Thu, 16 Mar 2017 08:37:39 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <20170316072757.GD59114@elstar.local>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/MvwaEb2YMqvcmnIyXUBgJEcW6E8>
Subject: Re: [netmod] security considerations boilerplate updates to cover RESTCONF
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 07:37:45 -0000
On 3/16/2017 8:27 AM, Juergen Schoenwaelder wrote: > On Wed, Mar 15, 2017 at 08:10:22PM +0100, Benoit Claise wrote: > >> I like the "YANG based management protocols" part > I think 'YANG based' is not needed (and to some extend even incorrect) > and I would spell out 'network management' instead of 'management': > > The YANG module defined in this document is designed to be accessed > via network management protocols such as NETCONF [RFC6241] or > RESTCONF [RFC8040]. I could live with that. Latest proposal: The YANG module defined in this document is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport layer, and mandatory-to-implement secure transport is Secure Shell (SSH) [RFC6242], while the lowest RESTCONF layer is HTTP, and the mandatory-to-implement secure transport is Transport Layer Security (TLS) [RFC5246]. The NETCONF access control model [RFC6536] provides the means to restrict access for particular NETCONF or RESTCONF users to a pre-configured subset of all available NETCONF or RESTCONF protocol operations and content. I'll discuss this proposal with the security ADs during the telechat today, even if these changes should non controversial. Regards, Benoit > > /js >
- Re: [netmod] security considerations boilerplate … Benoit Claise
- [netmod] security considerations boilerplate upda… Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Mehmet Ersue
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Kathleen Moriarty
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Alia Atlas
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Phil Shafer
- Re: [netmod] security considerations boilerplate … Ladislav Lhotka
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Acee Lindem (acee)