Re: [netmod] 6087bis - Security Considerations template

"Acee Lindem (acee)" <acee@cisco.com> Mon, 06 August 2018 19:03 UTC

Return-Path: <acee@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 146FA130E3C for <netmod@ietfa.amsl.com>; Mon, 6 Aug 2018 12:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMsgDD9phxb3 for <netmod@ietfa.amsl.com>; Mon, 6 Aug 2018 12:03:42 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42C3C130934 for <netmod@ietf.org>; Mon, 6 Aug 2018 12:03:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2814; q=dns/txt; s=iport; t=1533582222; x=1534791822; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=A1GghvDqUw3RRSdkrMJXspgyv9TQEcuzf+udmA+GjoA=; b=UTAavTSppWcyZraydmBe1etqz4atNixHNsrB6wbfkZFipxcsxF2vd6xD v9wYmN8mGN0ZEWtAapunHK1ET01cn1reZzV8jxOHMZjbqJlJoTabjk3u+ wKDrOL6AHitNlMzz94gcd9cCpy5D3mj5t/XNHVuplQofi45MS0dcNLOnQ M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A6AgATm2hb/40NJK1cGwEBAQEDAQE?= =?us-ascii?q?BCQEBAYNOY38oCoN0iAmMR4INgzySK4F6CxgLhANGAheDECE0GAECAQECAQE?= =?us-ascii?q?CbRwMhTcBAQEBAgEBASEROhsCAQgOCgICJgICAiULFRACBAESgyABgXcID6x?= =?us-ascii?q?lgS6EX4VpBYELh34XggCBOR+CTIMbAQGEYjGCJAKaMwkChhiJK4FNjFOIH4J?= =?us-ascii?q?Mh0wCERSBJB04gVJwFTsqAYI+ixWFPm8MjmKBGwEB?=
X-IronPort-AV: E=Sophos;i="5.51,452,1526342400"; d="scan'208";a="423992877"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Aug 2018 19:03:41 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id w76J3fEG004882 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 6 Aug 2018 19:03:41 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 6 Aug 2018 15:03:40 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Mon, 6 Aug 2018 15:03:40 -0400
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] 6087bis - Security Considerations template
Thread-Index: AQHULbZt2jGZOy5KzkmIJbbiWMaPpaSzFPIA
Date: Mon, 6 Aug 2018 19:03:40 +0000
Message-ID: <A6F5E3F7-68FC-4A52-A1DD-2383169145B0@cisco.com>
References: <87muvjges7.fsf@nic.cz> <20180806.205046.1122451156895376424.mbj@tail-f.com>
In-Reply-To: <20180806.205046.1122451156895376424.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.201]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C018011777FC1F4CA209176564AD11D6@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.152, xch-rtp-012.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/v30GSuKFYIG9MwTz-cdZPP7LKko>
Subject: Re: [netmod] 6087bis - Security Considerations template
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 19:03:44 -0000

Hi Martin, 

´╗┐On 8/6/18, 2:51 PM, "netmod on behalf of Martin Bjorklund" <netmod-bounces@ietf.org on behalf of mbj@tail-f.com>; wrote:

    Hi,
    
    Ladislav Lhotka <lhotka@nic.cz>; wrote:
    > Hi,
    > 
    > Shawn Emery reviewed draft-ietf-netmod-schema-mount-10 and made this
    > editorial comment:
    > 
    > OLD:
    > 
    > These are the subtrees and data nodes and their sensitivity/vulnerability:
    > 
    > NEW:
    > 
    > The following should be considered for subtrees/data nodes and their
    > corresponding sensitivity/vulnerability:
    > 
    > However, the OLD fomulation comes from RFC 6087, so perhaps this change
    > should be applied in draft-ietf-netmod-rfc6087bis in the first
    > place. The NEW formulation indeed looks better to me.
    
    What is the WG's opinion on this proposed text change?  6087bis is in
    AUTH48 so if it needs to be changed it must happen now.


Most of the existing YANG model security considerations are written a list of data nodes/subtrees and their corresponding sensitivity/vulnerability. So, if the change is accepted, new drafts would need to be written as a list of sensitivities/vulnerabilities with the data nodes and subtrees to which they apply. 

Thanks,
Acee

    
    Of course, we can update
    https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines even when
    6087bis has been published.
    
    If we don't want to update the template, I don't think we should
    update the schema mount draft either.
    
    
    /martin
    
    
    
    
    > 
    > Lada
    > 
    > -- 
    > Ladislav Lhotka
    > Head, CZ.NIC Labs
    > PGP Key ID: 0xB8F92B08A9F76C67
    > 
    > _______________________________________________
    > netmod mailing list
    > netmod@ietf.org
    > https://www.ietf.org/mailman/listinfo/netmod
    > 
    
    _______________________________________________
    netmod mailing list
    netmod@ietf.org
    https://www.ietf.org/mailman/listinfo/netmod