Re: [Gen-art] Genart last call review of draft-ietf-rtgwg-lne-model-05

Lou Berger <lberger@labn.net> Thu, 15 February 2018 00:50 UTC

Return-Path: <lberger@labn.net>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C1BA129C6C for <rtgwg@ietfa.amsl.com>; Wed, 14 Feb 2018 16:50:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h08FKBDcWeml for <rtgwg@ietfa.amsl.com>; Wed, 14 Feb 2018 16:50:26 -0800 (PST)
Received: from gproxy6-pub.mail.unifiedlayer.com (gproxy6-pub.mail.unifiedlayer.com [67.222.39.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F1D5126D74 for <rtgwg@ietf.org>; Wed, 14 Feb 2018 16:50:26 -0800 (PST)
Received: from cmgw3 (unknown [10.0.90.84]) by gproxy6.mail.unifiedlayer.com (Postfix) with ESMTP id 28F811E06E7 for <rtgwg@ietf.org>; Wed, 14 Feb 2018 17:50:26 -0700 (MST)
Received: from box313.bluehost.com ([69.89.31.113]) by cmgw3 with id AoqP1x0042SSUrH01oqSC1; Wed, 14 Feb 2018 17:50:26 -0700
X-Authority-Analysis: v=2.2 cv=XM9AcUpE c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=Op4juWPpsa0A:10 a=tGX7uwomAAAA:8 a=48vgC7mUAAAA:8 a=ytsDkv9esEu3pgvGvdYA:9 a=CanFr7X12VzTm4cw:21 a=otbFeih5BrZaDFwz:21 a=QEXdDO2ut3YA:10 a=ZFOOzkjxzLGrPE5HuMia:22 a=w1C3t2QeGrPiZgrLijVG:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MIqUYPPccWR19XuM0QA/l6GIhJ6VT/xQbpVs5Cmr8BY=; b=SQR8XzOLV0WHSXiAgWwcsjvuiR SGlJZWhdBzAFDzNnL2/YavieIe0+iUWvYA7wKROq14d79UQ+Mbw7fu9fnlbZBUHXhLDOwfs/xSIYR 4ZZMAlRpNoUbAo5kpEShm5wG3;
Received: from pool-100-15-86-101.washdc.fios.verizon.net ([100.15.86.101]:39090 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from <lberger@labn.net>) id 1em7kk-0036oB-Nx; Wed, 14 Feb 2018 17:50:23 -0700
Subject: Re: [Gen-art] Genart last call review of draft-ietf-rtgwg-lne-model-05
To: Alissa Cooper <alissa@cooperw.in>, Russ Housley <housley@vigilsec.com>
Cc: draft-ietf-rtgwg-lne-model.all@ietf.org, "gen-art@ietf.org Review Team" <gen-art@ietf.org>, rtgwg@ietf.org
References: <151649139871.3209.16979766632857661358@ietfa.amsl.com> <F55482F0-1612-429E-96E2-0A4A257204EA@cooperw.in>
From: Lou Berger <lberger@labn.net>
Message-ID: <279cbe8c-eb05-f02f-7e77-642622a48569@labn.net>
Date: Wed, 14 Feb 2018 19:50:19 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <F55482F0-1612-429E-96E2-0A4A257204EA@cooperw.in>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.86.101
X-Exim-ID: 1em7kk-0036oB-Nx
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-86-101.washdc.fios.verizon.net ([IPv6:::1]) [100.15.86.101]:39090
X-Source-Auth: lberger@labn.net
X-Email-Count: 7
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/_Jvgiz3ZFcQ0j-z_O7Nk2rhGEGM>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2018 00:50:33 -0000

Hi,

     Sorry about the slow response.  See below.

On 2/8/2018 8:36 AM, Alissa Cooper wrote:
> Russ, thanks for your review. I don’t think your major concern quite rises to the level of being DISCUSS-worthy, but I’ve flagged it in my No Objection ballot and would expect a response from the authors.
>
> Alissa
>
>> On Jan 20, 2018, at 6:36 PM, Russ Housley <housley@vigilsec.com>; wrote:
>>
>> Reviewer: Russ Housley
>> Review result: Not Ready
>>
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed
>> by the IESG for the IETF Chair. Please wait for direction from your
>> document shepherd or AD before posting a new version of the draft.
>>
>> For more information, please see the FAQ at
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>;.
>>
>> Document: draft-ietf-rtgwg-lne-model-05
>> Reviewer: Russ Housley
>> Review Date: 2018-01-20
>> IETF LC End Date: 2018-01-31
>> IESG Telechat date: 2018-02-08
>>
>> Summary: Not Ready
>>
>> Major Concerns:
>>
>> Section 4 listed three data nodes that are sensitive or vulnerable:
>>    -  /logical-network-elements/logical-network-element
>>    -  /logical-network-elements/logical-network-element/managed
>>    -  /if:interfaces/if:interface/bind-lne-name
>>
>> All three of them deserve a bit more discussion, although the middle
>> one is covered in much more detail than the other two.  If a bad actor
>> gets "unauthorized access" is there something more specific about each
>> of these that can be said?  The characterization of "network
>> malfunctions, delivery of packets to inappropriate destinations, and
>> other problems" seems very broad.  Consequences that are specific to
>> these data nodes would be more helpful to the reader.
We've been struggling what more should be said here - and this the 
reason for the delayed response - note that the text does pay particular 
note to the one really special node in the model:

    /logical-network-elements/logical-network-element/managed:  While
       this leaf is contained in the previous list, it is worth
       particular attention as it controls whether information under the
       LNE mount point is accessible by both the host device and within
       the LNE context.  There may be extra sensitivity to this leaf in
       environments where an LNE is managed by a different party than the
       host device, and that party does not wish to share LNE information
       with the operator of the host device.

Furthermore, the current text is largely pattered after what is 
typically covered in YANG models and we don't see this model as having  
fundamentally different than the reference foundational YANG models.  
-06 does add important text on secure data access and and access control 
of specific operations.  Is this sufficient?

>> Minor Concerns:
>>
>> Section 1.1: Please update the first paragraph to reference RFC 8174
>> in addition to RFC 2119, as follows:
>>
>>    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
>>    "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
>>    "OPTIONAL" in this document are to be interpreted as described in BCP
>>    14 [RFC2119] [RFC8174] when, and only when, they appear in all
>>    capitals, as shown here.

Done (in -06)

>>
>> Nits:
>>
>> Abstract: YANG appears in the title and the introduction.  So, I was a
>> bit surprised that YANG did not appear anywhere in the Abstract.
Done (in -06)
>> This document seems to refer to itself as "RFC XXXX" and "RFC TBD".
>> Please pick one and use it throughout the document.
Done (in -06)

Thanks,
Lou (and co-authors)

>>
>> _______________________________________________
>> Gen-art mailing list
>> Gen-art@ietf.org
>> https://www.ietf.org/mailman/listinfo/gen-art
> _______________________________________________
> rtgwg mailing list
> rtgwg@ietf.org
> https://www.ietf.org/mailman/listinfo/rtgwg