IETF Logo Mail Archive

Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)

Eliot Lear <lear@cisco.com> Tue, 22 March 2016 16:13 UTC

Return-Path: <lear@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8452E12DACE; Tue, 22 Mar 2016 09:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xD35naTuDVtH; Tue, 22 Mar 2016 09:12:59 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 010C112DAAC; Tue, 22 Mar 2016 09:12:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5138; q=dns/txt; s=iport; t=1458663148; x=1459872748; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=5RkxgFjtjSuINHFZCkSg955GLuIBwyiQYkPTC6GNMak=; b=g0+7UsPofY3tizaC3CmePeODXUdneNKLf6Btelrn+HsiHnOy2xG+SBXy 5pA8wnF+98ebLwOymq+zxGvOaqj6QPEz5iaVp30wnsOyvnKbxqCi9Tepg clJcCpOfWPGZjlQeUU+V2E9pyVHe7pK3hSt2Pxl19n85uC2lvxgVPlDzY c=;
X-Files: signature.asc : 481
X-IronPort-AV: E=Sophos;i="5.24,377,1454976000"; d="asc'?scan'208,217";a="633636296"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Mar 2016 16:12:26 +0000
Received: from [10.61.203.45] ([10.61.203.45]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u2MGCPmp009884; Tue, 22 Mar 2016 16:12:25 GMT
To: Benoit Claise <bclaise@cisco.com>, Ladislav Lhotka <lhotka@nic.cz>, "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, Kent Watsen <kwatsen@juniper.net>, "netmod@ietf.org" <netmod@ietf.org>, "draft-ietf-netmod-yang-json@ietf.org" <draft-ietf-netmod-yang-json@ietf.org>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20160317113347.3650.38937.idtracker@ietfa.amsl.com> <m2d1qnj2ec.fsf@birdie.labs.nic.cz> <20160321151914.GA62880@elstar.local> <56F0137B.3090103@cisco.com> <72154E94-3C00-438B-B177-35DB9216DF03@juniper.net> <56F02B21.3080103@cisco.com> <20160322081043.GA64402@elstar.local> <7DA81401-6AE5-4DCA-A8C7-3B41ED5B2C06@nic.cz> <56F15DBC.5050905@cisco.com> <20160322154223.GA65166@elstar.local>
From: Eliot Lear <lear@cisco.com>
Message-ID: <56F16EE8.70703@cisco.com>
Date: Tue, 22 Mar 2016 17:12:24 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160322154223.GA65166@elstar.local>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="CHQXs2VF4nX4Gx9mbBRegm5EXJqrqkQfa"
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/aq05a8EOAy3MAuf87LjiTncrlDo>
Subject: Re: [netmod] Stephen Farrell's No Objection on draft-ietf-netmod-yang-json-09: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 16:13:01 -0000

Hi Juergen,

On 3/22/16 4:42 PM, Juergen Schoenwaelder wrote:
> I think such considerations belongs into documents making use of
> object signatures and close to 100% of the YANG models today don't
> so I do not even think this qualifies for RFC6087bis.
>

I think there are AT LEAST two areas where signatures are going to be
necessary:

  * There exist multi-level authorization schemes today that rely on
    signatures.  Those have to be transported.
  * Manufacturer usage descriptions (MUDs) have extremely broad scope in
    terms of the number of devices that are intended to use the same
    description (think thousands to millions).  And so an unauthorized
    change could have a similarly broad impact.


Thus, wherever the YANG experts think signatures should happen in each
encoding case is fine with me; but I'd suggest that I'm not the only
person who's going to want to know.  Is it THAT hard to at least add a
reference?  Because if it is, that would cause me to wonder if the
mechanisms are really in place to do the right thing.

Eliot

v2.23.0 | Report a Bug | By Email