Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt

john heasley <heas@shrubbery.net> Tue, 05 November 2019 17:41 UTC

Return-Path: <heas@shrubbery.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73066120100 for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 09:41:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6OoDgwC29Agp for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 09:41:03 -0800 (PST)
Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E50120104 for <netmod@ietf.org>; Tue, 5 Nov 2019 09:41:03 -0800 (PST)
Received: by guelah.shrubbery.net (Postfix, from userid 7053) id F277E21B71B; Tue, 5 Nov 2019 17:41:01 +0000 (UTC)
Date: Tue, 5 Nov 2019 17:41:01 +0000
From: john heasley <heas@shrubbery.net>
To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Cc: john heasley <heas@shrubbery.net>, "netmod@ietf.org" <netmod@ietf.org>
Message-ID: <20191105174101.GD76016@shrubbery.net>
References: <157223376272.17168.5194653341767680835@ietfa.amsl.com> <20191105074206.GA11275@shrubbery.net> <20191105074711.qo4aauxxbqtnfu6h@anna.jacobs.jacobs-university.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20191105074711.qo4aauxxbqtnfu6h@anna.jacobs.jacobs-university.de>
X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/qrU_71AkP42lnkR6KnfaMsoSgCs>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 17:41:06 -0000

Tue, Nov 05, 2019 at 07:47:12AM +0000, Schönwälder, Jürgen:
> Yes to your point.
> 
> But every time I read the phrase "setting some security data/passwords
> to the default value" I am feeling uneasy. The notion of 'default
> passwords' is scary and a knob to restore default passwords even more
> so. Perhaps the text should say instead 'removing security credentials
> and restoring default security settings'.

Yes, I'm suggesting that this "clearing" be a requirement, even if the
operator has the choice between clear "only the configuration" and
"everything."  "might" -> "MUST".

The fine line between too vague and too much detail must be found. >>>

In addition,the "factory-reset" RPC MUST
restore storage to factory condition, including
remove log files,
remove temporary files,
remove certificates, keys, etc
zero passwords,
<insert other things>

The process (SHOULD|MUST) zero/pattern-write then remove sensitive files
such as the TLS keys, configuration stores, etc.

The RPC MAY provide an option to limit the actions to factory reset of
the configuration.