Re: [netmod] 6087bis - Security Considerations template
"Acee Lindem (acee)" <acee@cisco.com> Mon, 06 August 2018 19:03 UTC
Return-Path: <acee@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 146FA130E3C for <netmod@ietfa.amsl.com>; Mon, 6 Aug 2018 12:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMsgDD9phxb3 for <netmod@ietfa.amsl.com>; Mon, 6 Aug 2018 12:03:42 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42C3C130934 for <netmod@ietf.org>; Mon, 6 Aug 2018 12:03:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2814; q=dns/txt; s=iport; t=1533582222; x=1534791822; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=A1GghvDqUw3RRSdkrMJXspgyv9TQEcuzf+udmA+GjoA=; b=UTAavTSppWcyZraydmBe1etqz4atNixHNsrB6wbfkZFipxcsxF2vd6xD v9wYmN8mGN0ZEWtAapunHK1ET01cn1reZzV8jxOHMZjbqJlJoTabjk3u+ wKDrOL6AHitNlMzz94gcd9cCpy5D3mj5t/XNHVuplQofi45MS0dcNLOnQ M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A6AgATm2hb/40NJK1cGwEBAQEDAQEBCQEBAYNOY38oCoN0iAmMR4INgzySK4F6CxgLhANGAheDECE0GAECAQECAQECbRwMhTcBAQEBAgEBASEROhsCAQgOCgICJgICAiULFRACBAESgyABgXcID6xlgS6EX4VpBYELh34XggCBOR+CTIMbAQGEYjGCJAKaMwkChhiJK4FNjFOIH4JMh0wCERSBJB04gVJwFTsqAYI+ixWFPm8MjmKBGwEB
X-IronPort-AV: E=Sophos;i="5.51,452,1526342400"; d="scan'208";a="423992877"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Aug 2018 19:03:41 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id w76J3fEG004882 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 6 Aug 2018 19:03:41 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 6 Aug 2018 15:03:40 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Mon, 6 Aug 2018 15:03:40 -0400
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] 6087bis - Security Considerations template
Thread-Index: AQHULbZt2jGZOy5KzkmIJbbiWMaPpaSzFPIA
Date: Mon, 06 Aug 2018 19:03:40 +0000
Message-ID: <A6F5E3F7-68FC-4A52-A1DD-2383169145B0@cisco.com>
References: <87muvjges7.fsf@nic.cz> <20180806.205046.1122451156895376424.mbj@tail-f.com>
In-Reply-To: <20180806.205046.1122451156895376424.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.201]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C018011777FC1F4CA209176564AD11D6@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.152, xch-rtp-012.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/v30GSuKFYIG9MwTz-cdZPP7LKko>
Subject: Re: [netmod] 6087bis - Security Considerations template
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 19:03:44 -0000
Hi Martin, On 8/6/18, 2:51 PM, "netmod on behalf of Martin Bjorklund" <netmod-bounces@ietf.org on behalf of mbj@tail-f.com> wrote: Hi, Ladislav Lhotka <lhotka@nic.cz> wrote: > Hi, > > Shawn Emery reviewed draft-ietf-netmod-schema-mount-10 and made this > editorial comment: > > OLD: > > These are the subtrees and data nodes and their sensitivity/vulnerability: > > NEW: > > The following should be considered for subtrees/data nodes and their > corresponding sensitivity/vulnerability: > > However, the OLD fomulation comes from RFC 6087, so perhaps this change > should be applied in draft-ietf-netmod-rfc6087bis in the first > place. The NEW formulation indeed looks better to me. What is the WG's opinion on this proposed text change? 6087bis is in AUTH48 so if it needs to be changed it must happen now. Most of the existing YANG model security considerations are written a list of data nodes/subtrees and their corresponding sensitivity/vulnerability. So, if the change is accepted, new drafts would need to be written as a list of sensitivities/vulnerabilities with the data nodes and subtrees to which they apply. Thanks, Acee Of course, we can update https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines even when 6087bis has been published. If we don't want to update the template, I don't think we should update the schema mount draft either. /martin > > Lada > > -- > Ladislav Lhotka > Head, CZ.NIC Labs > PGP Key ID: 0xB8F92B08A9F76C67 > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod > _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
- [netmod] 6087bis - Security Considerations templa… Ladislav Lhotka
- Re: [netmod] 6087bis - Security Considerations te… Martin Bjorklund
- Re: [netmod] 6087bis - Security Considerations te… Acee Lindem (acee)
- Re: [netmod] 6087bis - Security Considerations te… Andy Bierman
- Re: [netmod] 6087bis - Security Considerations te… Martin Bjorklund