Re: [netmod] security considerations boilerplate updates to cover RESTCONF
Phil Shafer <phil@juniper.net> Thu, 16 March 2017 20:09 UTC
Return-Path: <phil@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5AB129A41; Thu, 16 Mar 2017 13:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.697
X-Spam-Level:
X-Spam-Status: No, score=-4.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJ58v83wIHhk; Thu, 16 Mar 2017 13:09:04 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0132.outbound.protection.outlook.com [104.47.37.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 727A7129A2F; Thu, 16 Mar 2017 13:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=q+Ve8m/M8+pDm/3Qz7ouyqSBADmMvC6r3sSufprw2qs=; b=ElBMCjnOALl+G2e+/aeG75SqE29TdIg03T3kR3ZlPZXaxdYdkrhfE4rVBZiIuU1T7/5mx52D48oxWvATElWaSKmfXTIvQgbQB896Zyuq4ngxN3OyeURKFMbzHudNpm1DDBaFfENm/VoZnBaV/0idpkfFQq7gpE4eQIMD5kanSs0=
Received: from SN1PR0501CA0011.namprd05.prod.outlook.com (10.163.126.149) by CY1PR0501MB1755.namprd05.prod.outlook.com (10.163.140.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.977.5; Thu, 16 Mar 2017 20:09:02 +0000
Received: from BY2FFO11FD004.protection.gbl (2a01:111:f400:7c0c::142) by SN1PR0501CA0011.outlook.office365.com (2a01:111:e400:52fe::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4 via Frontend Transport; Thu, 16 Mar 2017 20:09:01 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BY2FFO11FD004.mail.protection.outlook.com (10.1.14.158) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.961.10 via Frontend Transport; Thu, 16 Mar 2017 20:09:01 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 16 Mar 2017 13:09:01 -0700
Received: from idle.juniper.net (idleski.juniper.net [172.25.4.26]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2GK8xbi012555; Thu, 16 Mar 2017 13:09:00 -0700 (envelope-from phil@juniper.net)
Received: from idle.juniper.net (localhost [127.0.0.1]) by idle.juniper.net (8.14.4/8.14.3) with ESMTP id v2GK4uKV004163; Thu, 16 Mar 2017 16:04:56 -0400 (EDT) (envelope-from phil@idle.juniper.net)
Message-ID: <201703162004.v2GK4uKV004163@idle.juniper.net>
To: Kent Watsen <kwatsen@juniper.net>
CC: Benoit Claise <bclaise@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>, "sec-ads@ietf.org" <sec-ads@ietf.org>
In-Reply-To: <7FB88E83-589D-4F3B-BC55-C7D0B2F858A8@juniper.net>
Date: Thu, 16 Mar 2017 16:04:55 -0400
From: Phil Shafer <phil@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(39840400002)(39450400003)(2980300002)(377454003)(199003)(189002)(24454002)(9170700003)(189998001)(8676002)(8936002)(86362001)(5660300001)(105596002)(81166006)(1076002)(38730400002)(561944003)(47776003)(76506005)(6862004)(53416004)(110136004)(6246003)(106466001)(15650500001)(2950100002)(50986999)(305945005)(2906002)(54356999)(50466002)(2810700001)(54906002)(7126002)(77096006)(6636002)(4326008)(8276002)(53936002)(7696004)(6306002)(5003940100001)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB1755; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD004; 1:wOmQnyhOVe6ZGhscIJc25b8NevFbPQ1ruJmUZD9TnDuF3DTBJVIpxW2Ev4Xbf5wk6h9I+q0bRa9bZSnbOYOk79UFzC9DwyFeoEe+KJQtPk5G6J+CjANMmmgE/C14TF37OFEF7NjtCKj0KeOlxwapIk7x8RRlhe8pzTja2qg66GVczU8BY1hKkO70RZj+s8DqzNQxtKuw7Gclz3aAjzbbcf43HgFriq6kJOYEy/cq3Xqn+M7xuKr2Bu5pX+MZK0WKKEXJm0BLsB+9URi0vjWznmxffD4CofkmGx0Z2du4y8TeHA3UHbrAJw/IKktD464UPry7b+F4hXwxxgCLWuiwJSIzbpdKAgwurbmB6rgRtLAK6xstdEO8DpuUerpwJx0R9rVl9Z0ciep4DYrtuNokdI9wOhJk1VTZgkGxm7KWka7LcE8JN2WFv4e4zj0+OC3NjGazVYXXEKbR6N7UKwqBu9JsktLQMOF8NTnNbNuZMoYJAF8Nu0fbkPwaEWNrk206rGPRoNJwB+5ftxDYlJyYd/g5VaS3DkCbOZeZepl1ioV646jh6uTiI3o1gxMd+TtRHhAY6oDpuuC6sg3vrxghCYOhcTTd1BLvbxUpYSGeTlk=
X-MS-Office365-Filtering-Correlation-Id: 61ac024c-ee15-439a-4b89-08d46ca84a06
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254037); SRVR:CY1PR0501MB1755;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 3:sZHt0TaYqzOBj3OjEpcLZxdnFnM5o4w8pTLvrFl5gDsnStv2pDZx5RAcMjqCN7PGCDq1uPEpkXDZEbDn9H/HZBskISzhqepRtm7GtTwJRkEPVSUSY5cgeanwIGMXu/XEb2Bq9VStc1xJ8jRTcp3NSHSaetv9qtJrXlSg+IvdAumvT0pAmU0XlX1UXJLfVs6BcGmOh5cV2XVvCNLKaai9IBQNWohg8gQxASw03Q07/LhkIPrSWstDzwS6jdYQJ7blPNVEqzreDxRmJusEI4WdkEjXEIZsLxgTAJwpnOn0XRQ3zgL9g2bd8nV4hBi33q8UfjxmetmEns9HHLfzgwesJ7k8/Ens6VdoqBn8xA9KxJ0blhk/5R9PEv+ZabMhzu+4zcGiBIxNOhgwA7lh90dTlg==; 25:WSqZApaPdS+S0lw7O23+9V61QczMFPUjo9eqVkc/5R2ttQ9MAn5tfucgppoBWa0iNpcU7JFNkLd2lCcJ/bBcIhwOohRXcCM/2ndeNQXnG4RjwMTMJ4y38g6ScGVcVl0ZIGe7AKI+F/521+9ty+OosIn/graLX6eDjoEaedNFDpu1SGDww19xnaEEispmRj1wIlYilF7GywIqFN8SK/TSqQtwVr9p4JzhFWrEcjQApfaTqeCSx07R2ANsCcELAn689OBT/luhPec8iCmbt51JFt3Fy1Wwyeehr4p8kdrvVAaF2igyBXASUo89Rh0OlsfPstrSfce49sh5+TWaAipSkBzcotAdIiS5crPMEqxCuZhAvraR6lelK6MTA31lAX5v5S/nL54i9LTphEVl8ryvn5Soe2PMh7zXXMiX6lYojyenCuugcjwAF78z0EiaN2ee75l/WwdBIIFI4Vtv4IQ4BQ==
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 31:aFLxyeviWfVze6trgcusijULD4r25Opb6zrEnICiafItzJK6b87DrcqZbWcsB54og4GfQGzJ1L7reYs1OP+C+wpsUvLV8ZpVMX6Sb9AEZQf+8EIcaV39nBtHcT5oYOsEARFRRF8d9C6BvoIqdrx8IwhmZoL8VNjc6m0fmQXjstFYrnFkApQ2omc7HIXO1KHtYAVzdPaBxw+6VgFMivP6zNI0Jo9eLG5/EgMjmlXZ+2wegsuRvAH44qEoyBFIoJ1YENFWx52kLpKJJxux9MtK6Q==; 20:PwlbX9B2zHLi/cLT0LqaDz3NCKgaQ+dG7ZpuAGJmk3UUdfc0tyT2/3q5qNtM1zCORHxYY+CJmcAQ5diX0KvdMMlxBO94z7Gabc2Q80YJPEBCCFHXu4kyBxoLKOo0LJ9yIsH+uvx5qdx5XDWAFBUD9Ul/HBSFNrw5u5eQ/laaabPQh2uyKQMw7dnsfXQr484vNuwfsqXZDdZRMvEqB9RaE+KM1W/b5C4bO0VTZyNWW55dJ7GFW2dpT8n9lEUqW33Nz4YRkfbLd4h18dzpi4HtZUiS5zDW1fjtDtGpuq1mXY+QyKwxFkcAlv3zcnvBoSTeU0nNYg5oWBSNYc8TNO+knfd4GtslTta4Rk72SvKFdGi/CoKEPcj30cBBTLZHwMqmJ1sFiSTfx2fvV/ZAbqkfU4to1sCWBiv2kiif66sOxjStDXFiC58ObLS3GqP57yACYjGpaI4uMs7OMq3PGBs2jt+UHF76QgKpnAhUVSZ/0cj1/H0Eli7RWkaq3AU/Uw8x
X-Microsoft-Antispam-PRVS: <CY1PR0501MB1755A635F90E3B0CB909D38CC9260@CY1PR0501MB1755.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(788757137089);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(13024025)(13023025)(13017025)(13015025)(5005006)(13018025)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123558025)(20161123560025)(20161123555025)(6072148); SRVR:CY1PR0501MB1755; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB1755;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 4:8OFMZ3uuT6EyF29Ah4Ok1Ml5zTXzRfUU9rq7/hMSGkKpUDC9b2WCjK6xJWxGzzuc/5KEYKN6tArWPZLyKZcT90sfjcJf7ShxGQ6GH4d/Op7ORvn1HK+mIpTDWA6P73LgQznvLwLWrHDWT2XFNhh8Mg2/7ls2SpagiOeygNAgXCLlTe8L0Jjep7kjeQyDEpP49RQOj4MaAYye+wjfL8pCccZefirnB1R2C9xt1qhApw7grUJ9FfMrvujgl9CiNPn2Oqyh2vJ5RXKX+tX99gGdfIzU19U6ZZD9R1U+U4y8tYyrZW4UC++QCn9xA+2gdxP4Bk8CJcSo8n9xmPAefUR8nf3AQhGnhXZE1Xc0rWcp0rkbxVnWiZuWib2YD9MLwTXPMlx9DCZ0jyvEq28ekzvnPtEwzQIur0XZetBZUi9YvP5wK+jeIXKVdi4cGKDMG+PGF/wbZtul0oNRMc4DxmjzveRWUoDD4ZhWxHNL+ttTnqKYr/TrvKxs4UyqoWDLOLo0U/ZnwgBqehHOVPVSs88PzaJinFeRiizOdBBTrhlmbC9irdtOQ5GeSruT2d1h1a7NlipNvUIb+myCM5kr+Znmru/AMuVnlPUrEKGy947qKp2gggiyvZ13h00oVg18ag+jwcDLh5dM8GDHgiIDgWagRbfJMDr2kY/cL2ugmQYXJ07h5UdltdKJbVYq8qrFanvEYbYsdRrw/H/u3637JzajuSl/4f4hfpJ/19kwnTeOP6cmNg26n5i6r8OI3A/gQlv66po6DF2NLb55vYQy2UUON4m4hURaQpLxh/2PBGyPYk4=
X-Forefront-PRVS: 024847EE92
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 23:DQw68WVR+6GFDFOIhPWqUbiTu5NgFFnVREAyF+VmZfnZ+GVa8X2QQDO+iQygoeOEYRvW2gMJhRYUk/mRoSrC0uFZM7VvqPAdV47BNOG9NZI544VJECrmSwuRU4v1Leo9EwVn7m0Zmv5YKuagrCgyc/nqUoMmKf3qpfYkxSSJJaivBzzMvnu9Jwgu70AbRWh+zuIVfKnlAwoAeJ1qjN0SjqlNHELnm0VtiwrPnfs6gZW179E2yuiP6rsjK7AunlO6M4vBMYzNK8djfjp748g+rP7VrjVh1ocX6d5PS9Ndnu65/ga0mNviXShHGQxOt41gmSc5b9B5u9efPvJJUg2NtEzgjGKiMvn/s5p9VCZTqJWuxvG6HCepM1COqP4ckmKbZWboTz6OvCBwZgYqDlo8brmM5IPhsB/ioXRRcx3k87PHDAU1pYk3+VhoOYINFKimHtvFY8WGaxJMhU0DqDyvyYhLXEciU1IVKPK6PtAPfrAje8XIZ530LzuxDvT0il2fJK4L0PvqbBxE9oGJFbiqW1L8xt8xuwgN475LwSxPwDP0tySX8bn46CqvD+eniVa5iNT4kgkPrEPGVk9Cl3+Dv8MqDDwgRPb5Rqbo5W/0C7e5aknDE5Lh5W7xphcQVObslZCZAkzW4JgDLkfvA/HS6GdioTckMnIVP/cknIhVfhHx8fx9A45JRHUypAcgzRyU4NLQ6KpYaXb63KF4xWHSFcIZc8EAS15sAqRpPfAHYEIeqm5f7GETH3aqxKonT0DfMf7j98ZxcnLoqxAOhnihMk1Ogfi+aCpGkPSpak9lp31i83HkIGttw0eFd9j86QB6KhgK8soyyQ2Ercthj5hdWvlL46x79w5/+DXe3mydjlLGBJPCO2DAEX/EXWdWDKM++34TWHWxERCtHMoRoEvcvuACdGiiUsXoCuYfQQ3CMF+q0f+tPWLTchqdPdHASI0NiG2X2pThxcPG/V8SflQQDm9Zl/oo+YFTkuozI+5B5ete/CbaIHL9parqy+XhbKbqChDuaOL8qsa8CVh5yHEsdLnQPfqWOWaFyDkOMwVR4CuJpVkPT8LKU+qg3W84Oa1ztMIy6UWWxg7YsdNS/1YHj7dNpvN+Qq++4SG25LjNJABy69zeQZC6VaJbrZNAw9bj
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 6:94iUcJA2zFDNJxmOhoE26L+jhJplbYeucnc3Taiy8mi1axvCM6BSn0Qv7AwBG9NluM+PNZZcHnqmQb86NsL3orRdbg37E3G7cVhPHg/yKmmOpaolLq//e8PlKWrPCGXKzXh9xN5Lt6fG2my4I1fSJuPLf8qMjGZQGznbjOcOGSQ74ckyNYlBbjx+z+dFsuZOh31kTS/F1q+hyw/LDbOcVBIXXzpoSBAHuYF0hI30s6hMUmlT5CoZajLOysGFUIgTSHC63R6JWoLHqW5L8sN5x551kQZWdsgmfz0z4htbgdKqOv8kigUEp3k3TTb/QmlknPjmdM10o8Sy/Wf8pknE8UMJKltFzcEZAJkvEZ6j2hIMbb82DWYsiYjdpn0/YQdVUQPNq31eHGf+Q3zWXjEPfQrHey19HRVatpcOTqFEPkQ=; 5:ccxHIi8/0ZywCPgwxBD72Oq71nh3lZSdoS8pqhCs812UqpOnJrL9mUbfdlMdRAgGfRIE2sbo2yY8bi7JdA0QuqCW/CzClLfu1oZnRrWSa5jJaZ54T9uZlD7mWDrfZ0yLd/cUXyNA5r8WiqHb02gKwA==; 24:iBQhix3SMg9tI2QnCV57XE1G6wrjYCJ5mudQ+CEDdFsPBlVBiMJ828NTdlICZUWhVglCRrj973EMyDbSb4XbBZ4l4E1wJBjLKo0hg0dM8m8=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1755; 7:8M9Qlv1z83ULNsMMlm5IqvET+6bE6a91uI9jP8UrbDFcLKRK6wRYxfAHlCrqeSYGdnigPcaG05D9oGYY0nL0dqjgNlQ6Nxrpqe3/7+kTvRoL+23pTVpOw/XU4KNI45PNWp68OvZOuinUGN4CoDMw3535/yYsOxeHvEdTPXPqG8Cw87YdRgtng9ucgshsPVLNTEdf9xFc9nyypt3D19Bvg70YcLWxYJ0wgb/vDI/diSSlSLLFNOcL26bfozFr3pWfsOB0uN19zBFwQoQgEyar7yb99czPRg9u58LxQfxBDZTvdXf7dMdAGXLq0ifSJuN0dQ+FyqkHC8VzRZ66UZt3qQ==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2017 20:09:01.6130 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1755
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/sN3nveonvy__fnSvwTrJWmeJzmU>
Subject: Re: [netmod] security considerations boilerplate updates to cover RESTCONF
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 20:09:07 -0000
The considerations should say more about how we delegate encryption and authentication to the underlaying protocols, whatever they may be. We don't need details, just an understanding of the role of each layer. Thanks, Phil Kent Watsen writes: > >A couple comments: > >1) drilling down on the mandatory-to-implement NC/RC protocols > is somewhat missing the point. The important bit is that > *all* protocols transporting YANG-modeled data *only* have > secure transport layers. More specifically, YANG-modeled > data may be transported over other protocols (e.g., coap), > and also one of the protocols have an insecure transport > protocol (e.g., it doesn't much help to talk about HTTPS > being mandatory-to-implement if RESTCONF allowed HTTP). > >2) just stating that there are secure transport layers still > isnât sufficient, as these protocols must also require > mutual authentication in order to be secure, and for > statements regarding NACM to make sense. The text I posted > before had a statement like this in it. > >I'm beginning to become a fan of the idea of defining a generic >"Requirements for Protocols Transporting YANG-modeled Data" >document - that would not only discuss security aspects, but >also generic protocol operations, that documents like NC, RC, >CoAP, etc. can point to...and even YANG (RFC 7950), rather than >pointing directly at NETCONF as it does today... > >Kent // contributor > > >On 3/16/2017 8:56 AM, Juergen Schoenwaelder wrote: >> On Thu, Mar 16, 2017 at 08:37:39AM +0100, Benoit Claise wrote: >>> Latest proposal: >>> >>> The YANG module defined in this document is designed to be accessed >>> via network management protocols such as NETCONF [RFC6241] or >>> RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transport >>> layer, >>> and mandatory-to-implement secure transport is Secure Shell (SSH) >>> [RFC6242], >>> while the lowest RESTCONF layer is HTTP, and the mandatory-to-implement >>> secure >>> transport is Transport Layer Security (TLS) [RFC5246]. >> Picking wording from Section 12 of RFC 8040 to replace your second >> sentence I get this: >> >> The YANG module defined in this document is designed to be >> accessed via network management protocols such as NETCONF >> [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer is the >> secure transport layer, and the mandatory-to-implement secure >> transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF >> layer is HTTPS, and the mandatory-to-implement secure transport is >> TLS [RFC5246]. >> >> The NETCONF access control model [RFC6536] provides the means to >> restrict access for particular NETCONF or RESTCONF users to a >> pre-configured subset of all available NETCONF or RESTCONF >> protocol operations and content. >Yes, thank you. > >Regards, B. >> >> /js >> > > > >_______________________________________________ >netmod mailing list >netmod@ietf.org >https://www.ietf.org/mailman/listinfo/netmod
- Re: [netmod] security considerations boilerplate … Benoit Claise
- [netmod] security considerations boilerplate upda… Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Mehmet Ersue
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Kathleen Moriarty
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Alia Atlas
- Re: [netmod] security considerations boilerplate … Juergen Schoenwaelder
- Re: [netmod] security considerations boilerplate … Benoit Claise
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Phil Shafer
- Re: [netmod] security considerations boilerplate … Ladislav Lhotka
- Re: [netmod] security considerations boilerplate … Kent Watsen
- Re: [netmod] security considerations boilerplate … Acee Lindem (acee)