Re: [Ntp] I-D Action: draft-ietf-ntp-yang-data-model-06.txt

Watson Ladd <watsonbladd@gmail.com> Thu, 27 June 2019 21:10 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 261501200DB for <ntp@ietfa.amsl.com>; Thu, 27 Jun 2019 14:10:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0ogvEKyQ7nP for <ntp@ietfa.amsl.com>; Thu, 27 Jun 2019 14:10:54 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 961FD120018 for <ntp@ietf.org>; Thu, 27 Jun 2019 14:10:53 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id t28so3775961lje.9 for <ntp@ietf.org>; Thu, 27 Jun 2019 14:10:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=WAjxHdGbLVCZw2Wt1XxRm0nDfxrl+IaTB/6LHCx0xvg=; b=t261s3VHle3qdxyq32wuRTTNyuYg/7zIrdL5znkILVdGIXtDmsolXKvmtx0syBsrcV y9r1TNcc4hG7SH8gyIkBATreT2Qo7/RxTi7R/W/EIBXWBpFkHHsDUCq/+QpiIGl4pUnp cEB/uY2JWMRVaT6DT4QTzpK022XH4v6XPd7YpKyPyi9pGbUMgIJfMdT5AojXo1k7Tjfy t8Mk9uml/rzYxhRt9w45cxNt1XAVJZVOW5AkzLH3xuUizT7STwI4BdcA539DeHHZ/8WK tDd6J5w17edtOhFWFcvfDu+Vw+UkfoxqmGMRdGl61GbjABZvKRF1SBVT6Fljd4ux2jPD mS0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=WAjxHdGbLVCZw2Wt1XxRm0nDfxrl+IaTB/6LHCx0xvg=; b=GukDKcSoa0p55BHVY/kKRE0Er2J9E/jkthu4IT37GdvsFLpjQZJHGdfZpqak8UeU+t 1h0eMVZdHBwu4PXGW5tudmdcyYwC9NGl/Gxx9ZECyTDCQ3rVjfAgSg/nGCV2rKfnzGgr 2bzH9U71TjR62REmZNMpQD+mRy3aKlZGnrx0SCnhZcVVTEh/FDcXBqb75u9kvcx2TLCF DRcIj5VtOgWp6b75iqTDnQZaoN1KE5F7u73gLjGLFYBeoCLmvfJeeyAlmvetijvaH19+ mkK6qXQw1R0KhdOLJRQ/81CWx3Be27aFmvv9ITKb/Ngizwsf9KBXJamaw3I/3/EywBGw qtlw==
X-Gm-Message-State: APjAAAVYF595rYJxbNZXzyUyM9S/suTDpCo0aFnV9r0pnDGQEwtOrYpP uAR+3FqAiO7JVsp9bAzdyYK3zK8sPti0OWBG2nraIYY2
X-Google-Smtp-Source: APXvYqydxy2n6sNytEGa7M2/AtH6VC5ycS7sXDmGjMdHlyg7T2kBJYRJGLEZlTUxUaqWnB7WI999G7s2KZUuCfJDLnA=
X-Received: by 2002:a2e:8602:: with SMTP id a2mr3770011lji.206.1561669851297; Thu, 27 Jun 2019 14:10:51 -0700 (PDT)
MIME-Version: 1.0
References: <156154491366.20087.10525017842665990919@ietfa.amsl.com>
In-Reply-To: <156154491366.20087.10525017842665990919@ietfa.amsl.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 27 Jun 2019 14:10:39 -0700
Message-ID: <CACsn0c=D2Z6phAh4mzeAZqkLxMenOPpgShOOmnovj7q7-n5wiA@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/DF-ZvgK-qm1gz74w9pvHUIItTbo>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-yang-data-model-06.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 21:10:55 -0000

Forgive me for only now taking a look at this, but the security
considerations section seems to be omitting the authentication subtree
from the sensitive list on read, talking only about writing it. But an
attacker with read access will get the keys, and that would be bad.

Also is it too late/too early to include NTS?