Re: [netmod] [netconf] Security text for I-D with YANG modules
tom petch <ietfc@btconnect.com> Wed, 22 February 2023 12:21 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3C2C169515 for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2023 04:21:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crkmyU1m4lmH for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2023 04:21:08 -0800 (PST)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on20713.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1a::713]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E08ACC1522A4 for <netmod@ietf.org>; Wed, 22 Feb 2023 04:21:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mz5tx9sRX92SmcJi42lSyyOX+4vAixmYkoaigY/6/0FNMB5Oo5lun/JsUV1SIl5Qe4YQw1tQHg21b1DQOHzlY4MEYRFBwt1gKEgZVhu8wHD79U0E0HOVRa/zRtECV8tPeEKcF4me8DzLuH7K+vmPSMgd4sdP5o7GOe/pFZWALlbiZv5yFWBfvtxHzbD4nGi//FXzBsTx6NUL4jqX8Ef4Fz7JwivVbXqYtNlgeUC1TgkilOdftHGZZ9+wfBhoBRajDCOE4wFE5ztafSM/zMPr6eLIuxTHqEeRq7WJeFfFW4ElLGTIkUIiLmmHbC0klO0SEl1FJzLc9v3z6eoS+H6X5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SP8SuZLt8CmSLlczfTq2dO6bRI9MClQcGgK0PPPSWa4=; b=DwdGkJ45kzobs/FlwfDg3czDtUjFFiCgDgF4W3Al7iTkMTXg/4Aqy2VWwSGkNIti4ICv153j6A6VvSzd1kVRcv8M1iuVfqkk6KGprxe97s9TXVoQOjJsclcXCn+j24UKLHA0wkHl/5oXHrU+wR2TZn8bRSLSafqTG4nooxtqm7mijSX92QjwSsjZSP2fEfGEhetjZ0yrfBVcSLHREmN8t2fsWdY+J3OG16sMycgZxnkfVXDpWINk9zrXYsIL9EKxd0vLdiJE2XnxYB4gI3cdBGoymqMlQ+FbGiC8D2O5pVWyU4gGGRzh6VCZkFsvqUTKaGZaJ/dvtBtqiKRGGbOrSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SP8SuZLt8CmSLlczfTq2dO6bRI9MClQcGgK0PPPSWa4=; b=QmpXlA7/hH+kzazWf6kxvnymvXtUOfzygEfzD8/8JPve8CPSz0l4qLfXaEUf6jjFUbrvxj7cPBJUnCf2vXRxw2QQbZP/VG2xwYPVrrsZp2jYcLquj6ek5WO8yF2a0wUM/sQeC1tfpY2QDscyG3Eg2453OvMoDV2TuikiK+Z8Leg=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by DB8PR07MB6362.eurprd07.prod.outlook.com (2603:10a6:10:134::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb 2023 12:21:02 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a%9]) with mapi id 15.20.6134.018; Wed, 22 Feb 2023 12:21:02 +0000
From: tom petch <ietfc@btconnect.com>
To: Jürgen Schönwälder <jschoenwaelder@constructor.university>
CC: Kent Watsen <kent+ietf@watsen.net>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] [netconf] Security text for I-D with YANG modules
Thread-Index: AQHZRU+P7N5fCR9PCk613hGBKmzt2a7YwEsAgAIBFgqAAAaOAIAAHL5t
Date: Wed, 22 Feb 2023 12:21:02 +0000
Message-ID: <AM7PR07MB6248CE575C8AFDC5C650C407A0AA9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <AM7PR07MB62484DB3DA25A675167C7C3EA0A49@AM7PR07MB6248.eurprd07.prod.outlook.com> <010001867209d36e-adc03317-0f10-44ec-9a46-83501fec1edb-000000@email.amazonses.com> <AM7PR07MB6248AA7188DE1041E86CE1BAA0AA9@AM7PR07MB6248.eurprd07.prod.outlook.com> <20230222103444.enuqtnggpormjrqa@anna>
In-Reply-To: <20230222103444.enuqtnggpormjrqa@anna>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|DB8PR07MB6362:EE_
x-ms-office365-filtering-correlation-id: 0b7e5906-62cb-44bc-7135-08db14cf4387
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l7twBwvxHA/4YQS32G3tz/xHxah4CrUqK9AZIHCpve8ir2REtvsT8j5wyLNo+/9mde0Suh3LTZTyYdT9miEFfA43nfU4BDG7aAGbU/gXepSQrY6+rnFd4M/I96ndYqBdizs7XJmyF69Vd+p+tFY4YG/CmFMzFnUgXctA33P3sBD+G6e/HK+TGSgeoo1rL/Jg0Q/ap9+03adWvDLvDsuHRiWAe2Dw75So1MrSpFkhfDCfYYhURtKe76D49J+r6AW4naSr2FbnrwvJdRhWRX1K02iKn4CzlJxmgEuy+UTyBOtS47WSElSItd+sF0I9mb0RbbSney25opGcF063ujqajatHQd9QwYzmiyZSuMIwAovdyY4TD8eInbIA1dgOVBu4gZxsM4IXh8eh7KIYFANPl56M+hF6XGmxEYL5xuWtBsYV9YV8emtOFa6LF1ImwUMhSGt1BBTx2tJu1AgacPoQXSTBJASQV6TACVHBdPll32veu/KMh1rp7xRsCe7SlhX5M0YvaD3WGT+4GBaC+bRIPeaVuFiU2vwPmcnliaR8V3TyLBO0NdA/iVKWpAJ28AILX3Oj652RRn7RvrR1/M2SMQKUikWZjCwaGHkjkVRLjpK5Q0RKB+bEc4q3I6mVhCbNS9y0OtyjNK3QsCLloHngegnL3tDiGDjtWh+Z+RjGO6R5Hx1fsxOg3Gi/ObnDG/hVnio73Gso6QFvsKS/Pup4WYcP0U2CholzueJOM4NAepGQl6PblhuAV3i6eYLyYaJMD48eSDpzFau2sqKsapk0jw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(346002)(396003)(366004)(136003)(39860400002)(376002)(451199018)(66574015)(478600001)(71200400001)(7696005)(82960400001)(122000001)(38100700002)(86362001)(2906002)(33656002)(15650500001)(38070700005)(40140700001)(316002)(41300700001)(54906003)(53546011)(52536014)(8936002)(83380400001)(5660300002)(66946007)(66556008)(66446008)(8676002)(76116006)(55016003)(64756008)(66476007)(4326008)(6916009)(91956017)(966005)(186003)(26005)(9686003)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kVezf/Ik9apaYy7UaFTgXxpshL1kBIYBcD+IjpQpdBg+rcNQn8azbc7B358HUe7q7XKdIY30nj5+rKBpCCENhCvEBFizv70nwtzc1BZCdq8IEr87dYbYWFOsc6gQYthWHL7PTux0JBcLmjpUKVHsPvGrLb6q3iWqep6WIJXgAZ84A7Uuo9CDB7J8/mi5I0m8UqYTCvyFbqFPRJ6QqFMJWwx1bmxi2T/RhEBApAH/t2w3RSwv4IQ9tC2u8qBsKZYRPRPV9ezoRRyglvA1fBAPQnMYMoJUScnoIPw8/gLKvNx65wOI+79uDHxVQlFvDe4+DzrFMRSPSbu2y1OXkRO6AKv9J6mJv5FCMXGcaw7Jqf58kJxHl/3DcXYDFxJft8VkI/C4uPMclEUVR/SiwUbxGMq/tGRlt9d+S0+kpt8xvocklJf8OfY+ZHlsm9diy+is9fXgWt3w2PMSEtcBGo5dCpLjSA1vHvy3Wz7HTKq2xN4iEKuuD0A/HkeZ4+qzfkJY28zGjjotmgWlGQkBbitu6mFmbh8RcIw5479lY22NxYIrEIW9a6sJzZ/rJv5+VUn9dERraWvWE1/63JR7+AwfvwxmhkNOfidThuIO4x1mFIxY8Lg7ZJ5yuEmZ9XisAvvb3QXgLR1erleJfBscb7oty/juJA12T9EX+G+GpE1CwWMo8y3Za6P21odmu9TVIlKuBsXFR3DKvC+AlT6zAMQBmJdZl5Zdv/2JrZBFoAh+1YmKJe3BKPkEednYj0aCunaH+836E2lgImKDiXo5HOy0UjvvKzlBH6dHkKjnCWybTTLF+ZuvceUJ+LFtnMN/GVf4ZIPzsbIz4/n8xhtby2EBbVnjBzC1VeAGgO49ncIYkzW6f5QQbxfUWLXWxNMv4zrMTQwV2POeHC3jarl+U6h6M0nPbY0tewCMTVl2igDYSWox/5qfHsHnjHhfnqA775mMFL/foRpZ8elMRcQ44vGurEoImF9gjghZzff/BOXWnD6qsWlEnE8xjHuKPUes5danNq2QhkQGrvX2rk9tsE8mw4aFywLl9bOMNiWoVQG8uL3A2ekW/K2YRlfDbb18ma4LJ8Auan2EnnX5TAh14u0ywW7uJknGxYuWHphjmhkCDWS8MUUhFat5Zb8aSB6oQEPuQkOgwmjhbUD4hqPKCIHMHFV25taxY11ttSCmJIdGqLiKUNtYq91C5e3hSsbPpGs1zmDW9nm8T/Lr5FeWcY22qoheESdKyTuBsimssXb5rRpiEntvDbETTrxalEWm4a80fS06lgC4+C0XwcrKcgnG3DeUMJ80gmbAgYynT0y8u1cvPAdGyqwmYKBcDo3OtRvYoPDFSJ0kqisn97LrzTtbFAoC9cH+oAy59Xo0t8udUu0rfUeWZnitp+v0S03fzmVtWM25FI0ymwGlcGe0RASC57jhnmrqvHQ4fXj4E0DurToATiFvkvb816ZHOK6aPvmcZPonnA11McbG59CNUltVW+aPHitbd/avkOvnXAYjJYbmDTybrDzcc+xl/f14HUXyx8KwgjONDpGRlh57iup8P38/4nmG5Ed2+dQVN9gPNt5MVYrPrj1kguAyEPLXZKus
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b7e5906-62cb-44bc-7135-08db14cf4387
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2023 12:21:02.6622 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kd919HK3CQIMIhxN3+ccF/G6JXl9czLo5hMxXSd3M5t3Ld+ZnA6G6VPZ7xfkgKzKWIj0Zu4Sd5nxliJkfIN2jw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR07MB6362
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/XOLCt_BoM5QgpTc8LJ46XRsqWkw>
Subject: Re: [netmod] [netconf] Security text for I-D with YANG modules
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2023 12:21:12 -0000
From: Jürgen Schönwälder <jschoenwaelder@constructor.university> Sent: 22 February 2023 10:34 Perhaps some bits of history. Back in the SMIv2 world, with a growing number of MIB modules, we found it helpful to have a template for security considerations. The OPS AD and the SEC AD back then settled on an online template for MIB modules (which was occasionally revised and updated). This approach was later carried over to YANG and our YANG guidelines (RFC 8407, BCB 216) refer to the template using the following URL: https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines What might be happening right now (and here I a speculating) is that the IETF considers to retire trac and this may have triggered to copy text into an I-D. The reason back in a day to use an online place was to be able to make changes easily. Looking back, changes do happen but not very frequently, so perhaps even having the template published as a small RFC may be workable. (Except that you never know what really happens if you want to just make a small change to an RFC.) <tp> Thanks for that. The processes with SMI I remember well but had not thought of the retirement of trac. Any such action would need an update to RFC8407 IMHO which the I-D I cited quite ignores. Tom Petch /js On Wed, Feb 22, 2023 at 10:17:01AM +0000, tom petch wrote: > From: Kent Watsen <kent+ietf@watsen.net> > Sent: 21 February 2023 03:34 > > True, that claim seems overstated and one would think that such should be in NETMOD. > > Searching OPSAWG, I don't see it. Can you provide a link? > > <tp> > Do you mean for the I-D? It is > draft-moriarty-yangsecuritytext-01 > with no indication that it is intended to touch the sides on any IETF WG. > > Tom Petch > > > On Feb 20, 2023, at 12:27 PM, tom petch <ietfc@btconnect.com> wrote: > > > > I see an I-D has appeared recently with the title > > Security Considerations Template for YANG Module Documents > > > > It says > > " The text has been developed and > > refined over many years on an Operations Area working group mailing > > list" > > > > Tom Petch > > _______________________________________________ > > netconf mailing list > > netconf@ietf.org > > https://www.ietf.org/mailman/listinfo/netconf > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod -- Jürgen Schönwälder Constructor University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- Re: [netmod] [netconf] Security text for I-D with… Kent Watsen
- Re: [netmod] [netconf] Security text for I-D with… tom petch
- Re: [netmod] [netconf] Security text for I-D with… Jürgen Schönwälder
- Re: [netmod] [netconf] Security text for I-D with… tom petch
- Re: [netmod] [netconf] Security text for I-D with… Jürgen Schönwälder