Re: [netmod] Eric Rescorla's Discuss on draft-ietf-netmod-schema-mount-11: (with DISCUSS)

[Martin Bjorklund <mbj@tail-f.com>]

Hi,

Eric Rescorla <ekr@rtfm.com> wrote:
> Eric Rescorla has entered the following ballot position for
> draft-ietf-netmod-schema-mount-11: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-netmod-schema-mount/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Rich version of this review at:
> https://mozphab-ietf.devsvcdev.mozaws.net/D3506
> 
> 
> 
> DETAIL
> S 4.
> >   
> >      It is worth emphasizing that the nodes specified in
> >      "parent-reference" leaf-list are available in the mounted schema only
> >      for XPath evaluations.  In particular, they cannot be accessed there
> >      via network management protocols such as NETCONF [RFC6241] or
> >      RESTCONF [RFC8040].
> 
> What are the security implications of this XPath reference outside the
> mount jail? Specifically, how does it interact with the access control
> for the enclosing module.

There is no such interaction, since access control comes into play
when some external entity accesses the data through some management
protocol, and the nodes from the "parent-reference" expressions cannot
be accessed via management protocols.

The last sentence of the quoted paragraph was supposed to make this
clear, but it seems we might need some additional explanation?



/martin