Re: [netmod] Kathleen Moriarty's Discuss on draft-ietf-netmod-revised-datastores-09: (with DISCUSS)

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 12 January 2018 09:45 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0665A126C23; Fri, 12 Jan 2018 01:45:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Stsca3nZdVVA; Fri, 12 Jan 2018 01:45:04 -0800 (PST)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D22C1267BB; Fri, 12 Jan 2018 01:45:04 -0800 (PST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id D857E6E5; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id ceJBZ_oj_kJy; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id BAF172013E; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id YMz6V6WwL0Vh; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
Received: from elstar.local (unknown [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 194822013F; Fri, 12 Jan 2018 10:45:02 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 747A2420D539; Fri, 12 Jan 2018 10:45:00 +0100 (CET)
Date: Fri, 12 Jan 2018 10:45:00 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netmod-revised-datastores@ietf.org, Lou Berger <lberger@labn.net>, netmod-chairs@ietf.org, netmod@ietf.org
Message-ID: <20180112094500.ymlrkswjfgkhibef@elstar.local>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-netmod-revised-datastores@ietf.org, Lou Berger <lberger@labn.net>, netmod-chairs@ietf.org, netmod@ietf.org
References: <151561207372.18313.8094240527199424975.idtracker@ietfa.amsl.com> <20180110194529.3myrio6vrvsn3jjh@elstar.local> <CAHbuEH6WXMU6RknQdfuq30zhbUycQtFRW54hOT9WkwR8g2Rsxg@mail.gmail.com> <20180111075218.3tu65mthzlnef3bi@elstar.local> <CAHbuEH5tDDaTQwNHpsoWU7DUWYp8o945vm6VpVydJh2AEarMiQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHbuEH5tDDaTQwNHpsoWU7DUWYp8o945vm6VpVydJh2AEarMiQ@mail.gmail.com>
User-Agent: NeoMutt/20171215
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Y6sAHCx0HkrHfPpPdippT8NRfIk>
Subject: Re: [netmod] Kathleen Moriarty's Discuss on draft-ietf-netmod-revised-datastores-09: (with DISCUSS)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 09:45:07 -0000

On Thu, Jan 11, 2018 at 11:03:30AM -0500, Kathleen Moriarty wrote:
> Hi Juergen,
> 
> Thank you very much for the additional information.  This was very
> helpful.  Benoit and I discussed it a bit further on the telechat and
> some text changes in the introduction and security considerations
> section to provide some of this information for the reader will be
> helpful.  I got the explanations and appreciate them and from the
> explanations, my discuss questions have been answered and I'll switch
> this to a no objection leaving you and Benoit to add the text as
> helpful for other readers.
>

Kathleen,

we propose to add this text to the security considerations:

  The origin metadata annotation exposes the origin of values in the
  applied configuration. Origin information may provide hints that
  certain control plane protocols are active on a device. Since origin
  information is tied to applied configuration values, it is only
  accessible to clients that have the permissions to read the applied
  configuration values. Security administrators should consider the
  sensitivity of origin information while defining access control
  rules.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>