Re: [netmod] [netconf] Security text for I-D with YANG modules

tom petch <ietfc@btconnect.com> Wed, 22 February 2023 12:21 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3C2C169515 for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2023 04:21:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crkmyU1m4lmH for <netmod@ietfa.amsl.com>; Wed, 22 Feb 2023 04:21:08 -0800 (PST)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on20713.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1a::713]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E08ACC1522A4 for <netmod@ietf.org>; Wed, 22 Feb 2023 04:21:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mz5tx9sRX92SmcJi42lSyyOX+4vAixmYkoaigY/6/0FNMB5Oo5lun/JsUV1SIl5Qe4YQw1tQHg21b1DQOHzlY4MEYRFBwt1gKEgZVhu8wHD79U0E0HOVRa/zRtECV8tPeEKcF4me8DzLuH7K+vmPSMgd4sdP5o7GOe/pFZWALlbiZv5yFWBfvtxHzbD4nGi//FXzBsTx6NUL4jqX8Ef4Fz7JwivVbXqYtNlgeUC1TgkilOdftHGZZ9+wfBhoBRajDCOE4wFE5ztafSM/zMPr6eLIuxTHqEeRq7WJeFfFW4ElLGTIkUIiLmmHbC0klO0SEl1FJzLc9v3z6eoS+H6X5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SP8SuZLt8CmSLlczfTq2dO6bRI9MClQcGgK0PPPSWa4=; b=DwdGkJ45kzobs/FlwfDg3czDtUjFFiCgDgF4W3Al7iTkMTXg/4Aqy2VWwSGkNIti4ICv153j6A6VvSzd1kVRcv8M1iuVfqkk6KGprxe97s9TXVoQOjJsclcXCn+j24UKLHA0wkHl/5oXHrU+wR2TZn8bRSLSafqTG4nooxtqm7mijSX92QjwSsjZSP2fEfGEhetjZ0yrfBVcSLHREmN8t2fsWdY+J3OG16sMycgZxnkfVXDpWINk9zrXYsIL9EKxd0vLdiJE2XnxYB4gI3cdBGoymqMlQ+FbGiC8D2O5pVWyU4gGGRzh6VCZkFsvqUTKaGZaJ/dvtBtqiKRGGbOrSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SP8SuZLt8CmSLlczfTq2dO6bRI9MClQcGgK0PPPSWa4=; b=QmpXlA7/hH+kzazWf6kxvnymvXtUOfzygEfzD8/8JPve8CPSz0l4qLfXaEUf6jjFUbrvxj7cPBJUnCf2vXRxw2QQbZP/VG2xwYPVrrsZp2jYcLquj6ek5WO8yF2a0wUM/sQeC1tfpY2QDscyG3Eg2453OvMoDV2TuikiK+Z8Leg=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by DB8PR07MB6362.eurprd07.prod.outlook.com (2603:10a6:10:134::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Wed, 22 Feb 2023 12:21:02 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a%9]) with mapi id 15.20.6134.018; Wed, 22 Feb 2023 12:21:02 +0000
From: tom petch <ietfc@btconnect.com>
To: Jürgen Schönwälder <jschoenwaelder@constructor.university>
CC: Kent Watsen <kent+ietf@watsen.net>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] [netconf] Security text for I-D with YANG modules
Thread-Index: AQHZRU+P7N5fCR9PCk613hGBKmzt2a7YwEsAgAIBFgqAAAaOAIAAHL5t
Date: Wed, 22 Feb 2023 12:21:02 +0000
Message-ID: <AM7PR07MB6248CE575C8AFDC5C650C407A0AA9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <AM7PR07MB62484DB3DA25A675167C7C3EA0A49@AM7PR07MB6248.eurprd07.prod.outlook.com> <010001867209d36e-adc03317-0f10-44ec-9a46-83501fec1edb-000000@email.amazonses.com> <AM7PR07MB6248AA7188DE1041E86CE1BAA0AA9@AM7PR07MB6248.eurprd07.prod.outlook.com> <20230222103444.enuqtnggpormjrqa@anna>
In-Reply-To: <20230222103444.enuqtnggpormjrqa@anna>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|DB8PR07MB6362:EE_
x-ms-office365-filtering-correlation-id: 0b7e5906-62cb-44bc-7135-08db14cf4387
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l7twBwvxHA/4YQS32G3tz/xHxah4CrUqK9AZIHCpve8ir2REtvsT8j5wyLNo+/9mde0Suh3LTZTyYdT9miEFfA43nfU4BDG7aAGbU/gXepSQrY6+rnFd4M/I96ndYqBdizs7XJmyF69Vd+p+tFY4YG/CmFMzFnUgXctA33P3sBD+G6e/HK+TGSgeoo1rL/Jg0Q/ap9+03adWvDLvDsuHRiWAe2Dw75So1MrSpFkhfDCfYYhURtKe76D49J+r6AW4naSr2FbnrwvJdRhWRX1K02iKn4CzlJxmgEuy+UTyBOtS47WSElSItd+sF0I9mb0RbbSney25opGcF063ujqajatHQd9QwYzmiyZSuMIwAovdyY4TD8eInbIA1dgOVBu4gZxsM4IXh8eh7KIYFANPl56M+hF6XGmxEYL5xuWtBsYV9YV8emtOFa6LF1ImwUMhSGt1BBTx2tJu1AgacPoQXSTBJASQV6TACVHBdPll32veu/KMh1rp7xRsCe7SlhX5M0YvaD3WGT+4GBaC+bRIPeaVuFiU2vwPmcnliaR8V3TyLBO0NdA/iVKWpAJ28AILX3Oj652RRn7RvrR1/M2SMQKUikWZjCwaGHkjkVRLjpK5Q0RKB+bEc4q3I6mVhCbNS9y0OtyjNK3QsCLloHngegnL3tDiGDjtWh+Z+RjGO6R5Hx1fsxOg3Gi/ObnDG/hVnio73Gso6QFvsKS/Pup4WYcP0U2CholzueJOM4NAepGQl6PblhuAV3i6eYLyYaJMD48eSDpzFau2sqKsapk0jw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(346002)(396003)(366004)(136003)(39860400002)(376002)(451199018)(66574015)(478600001)(71200400001)(7696005)(82960400001)(122000001)(38100700002)(86362001)(2906002)(33656002)(15650500001)(38070700005)(40140700001)(316002)(41300700001)(54906003)(53546011)(52536014)(8936002)(83380400001)(5660300002)(66946007)(66556008)(66446008)(8676002)(76116006)(55016003)(64756008)(66476007)(4326008)(6916009)(91956017)(966005)(186003)(26005)(9686003)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kVezf/Ik9apaYy7UaFTgXxpshL1kBIYBcD+IjpQpdBg+rcNQn8azbc7B358HUe7q7XKdIY30nj5+rKBpCCENhCvEBFizv70nwtzc1BZCdq8IEr87dYbYWFOsc6gQYthWHL7PTux0JBcLmjpUKVHsPvGrLb6q3iWqep6WIJXgAZ84A7Uuo9CDB7J8/mi5I0m8UqYTCvyFbqFPRJ6QqFMJWwx1bmxi2T/RhEBApAH/t2w3RSwv4IQ9tC2u8qBsKZYRPRPV9ezoRRyglvA1fBAPQnMYMoJUScnoIPw8/gLKvNx65wOI+79uDHxVQlFvDe4+DzrFMRSPSbu2y1OXkRO6AKv9J6mJv5FCMXGcaw7Jqf58kJxHl/3DcXYDFxJft8VkI/C4uPMclEUVR/SiwUbxGMq/tGRlt9d+S0+kpt8xvocklJf8OfY+ZHlsm9diy+is9fXgWt3w2PMSEtcBGo5dCpLjSA1vHvy3Wz7HTKq2xN4iEKuuD0A/HkeZ4+qzfkJY28zGjjotmgWlGQkBbitu6mFmbh8RcIw5479lY22NxYIrEIW9a6sJzZ/rJv5+VUn9dERraWvWE1/63JR7+AwfvwxmhkNOfidThuIO4x1mFIxY8Lg7ZJ5yuEmZ9XisAvvb3QXgLR1erleJfBscb7oty/juJA12T9EX+G+GpE1CwWMo8y3Za6P21odmu9TVIlKuBsXFR3DKvC+AlT6zAMQBmJdZl5Zdv/2JrZBFoAh+1YmKJe3BKPkEednYj0aCunaH+836E2lgImKDiXo5HOy0UjvvKzlBH6dHkKjnCWybTTLF+ZuvceUJ+LFtnMN/GVf4ZIPzsbIz4/n8xhtby2EBbVnjBzC1VeAGgO49ncIYkzW6f5QQbxfUWLXWxNMv4zrMTQwV2POeHC3jarl+U6h6M0nPbY0tewCMTVl2igDYSWox/5qfHsHnjHhfnqA775mMFL/foRpZ8elMRcQ44vGurEoImF9gjghZzff/BOXWnD6qsWlEnE8xjHuKPUes5danNq2QhkQGrvX2rk9tsE8mw4aFywLl9bOMNiWoVQG8uL3A2ekW/K2YRlfDbb18ma4LJ8Auan2EnnX5TAh14u0ywW7uJknGxYuWHphjmhkCDWS8MUUhFat5Zb8aSB6oQEPuQkOgwmjhbUD4hqPKCIHMHFV25taxY11ttSCmJIdGqLiKUNtYq91C5e3hSsbPpGs1zmDW9nm8T/Lr5FeWcY22qoheESdKyTuBsimssXb5rRpiEntvDbETTrxalEWm4a80fS06lgC4+C0XwcrKcgnG3DeUMJ80gmbAgYynT0y8u1cvPAdGyqwmYKBcDo3OtRvYoPDFSJ0kqisn97LrzTtbFAoC9cH+oAy59Xo0t8udUu0rfUeWZnitp+v0S03fzmVtWM25FI0ymwGlcGe0RASC57jhnmrqvHQ4fXj4E0DurToATiFvkvb816ZHOK6aPvmcZPonnA11McbG59CNUltVW+aPHitbd/avkOvnXAYjJYbmDTybrDzcc+xl/f14HUXyx8KwgjONDpGRlh57iup8P38/4nmG5Ed2+dQVN9gPNt5MVYrPrj1kguAyEPLXZKus
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b7e5906-62cb-44bc-7135-08db14cf4387
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2023 12:21:02.6622 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kd919HK3CQIMIhxN3+ccF/G6JXl9czLo5hMxXSd3M5t3Ld+ZnA6G6VPZ7xfkgKzKWIj0Zu4Sd5nxliJkfIN2jw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR07MB6362
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/XOLCt_BoM5QgpTc8LJ46XRsqWkw>
Subject: Re: [netmod] [netconf] Security text for I-D with YANG modules
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2023 12:21:12 -0000

From: Jürgen Schönwälder <jschoenwaelder@constructor.university>
Sent: 22 February 2023 10:34

Perhaps some bits of history. Back in the SMIv2 world, with a growing
number of MIB modules, we found it helpful to have a template for
security considerations. The OPS AD and the SEC AD back then settled
on an online template for MIB modules (which was occasionally revised
and updated). This approach was later carried over to YANG and our
YANG guidelines (RFC 8407, BCB 216) refer to the template using the
following URL:

https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines

What might be happening right now (and here I a speculating) is that
the IETF considers to retire trac and this may have triggered to copy
text into an I-D. The reason back in a day to use an online place was
to be able to make changes easily. Looking back, changes do happen but
not very frequently, so perhaps even having the template published as
a small RFC may be workable. (Except that you never know what really
happens if you want to just make a small change to an RFC.)

<tp>

Thanks for that.  The processes with SMI I remember well but had not thought of the retirement of trac.  Any such action would need an update to RFC8407 IMHO which the I-D I cited quite ignores.

Tom Petch

/js

On Wed, Feb 22, 2023 at 10:17:01AM +0000, tom petch wrote:
> From: Kent Watsen <kent+ietf@watsen.net>
> Sent: 21 February 2023 03:34
>
> True, that claim seems overstated and one would think that such should be in NETMOD.
>
> Searching OPSAWG, I don't see it.  Can you provide a link?
>
> <tp>
> Do you mean for the I-D?  It is
>   draft-moriarty-yangsecuritytext-01
> with no indication that it is intended to touch the sides on any IETF WG.
>
> Tom Petch
>
> > On Feb 20, 2023, at 12:27 PM, tom petch <ietfc@btconnect.com> wrote:
> >
> > I see an I-D has appeared recently with the title
> >      Security Considerations Template for YANG Module Documents
> >
> > It says
> > " The text has been developed and
> >   refined over many years on an Operations Area working group mailing
> >  list"
> >
> > Tom Petch
> > _______________________________________________
> > netconf mailing list
> > netconf@ietf.org
> > https://www.ietf.org/mailman/listinfo/netconf
>
>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

--
Jürgen Schönwälder              Constructor University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>