Re: [secdir] [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13

"Reshad Rahman (rrahman)" <rrahman@cisco.com> Mon, 29 April 2019 20:04 UTC

Return-Path: <rrahman@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0128E1203D6; Mon, 29 Apr 2019 13:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WZGbFsoN; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QbBdaKx4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7m12pnPu3-x7; Mon, 29 Apr 2019 13:03:59 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44A30120142; Mon, 29 Apr 2019 13:03:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3486; q=dns/txt; s=iport; t=1556568239; x=1557777839; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Io0VrkoD9LFMD5OqGIBNKpBJVKBwdIC45BSId7eKYgc=; b=WZGbFsoNk/cRY42qYSjYTiKbk/on1XC/F5MRdDDi8/2H70fmC5DqVj6S D96DOBpF0auVhRcLMGA6dQ949ei8PWVq3CdSKYN7GGkm4qhAWq30KW4W7 0zTIEWEsmyuHHC6ORiuYDhVeaRkLndfBF0QnbKA8Mp1b/JN+wemK+TUHh s=;
IronPort-PHdr: =?us-ascii?q?9a23=3Ax/XaMRM38KhgMF2ruyol6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu60/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjhNvfqaiU8NM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CjAAAmWMdc/4ENJK1mDg4BAQEEAQE?= =?us-ascii?q?HBAEBgVMFAQELAYE9UAOBPSAECyiEEINHA48PgjIllyKBLoEkA1QOAQEthEA?= =?us-ascii?q?CF4YbIzYHDgEDAQEEAQECAQJtHAyFSwEBBBIREQwBATcBDwIBCBgCAgkdAgI?= =?us-ascii?q?CMBUQAgQOBSKDAIFqAxwBo08CgTWIX3GBL4J5AQEFhQUYgg4JgQsnAYtJF4F?= =?us-ascii?q?AP4ERJwwTgkw+hFuCczKCJo0QLJhaZQkCggmOaoNJG4INhjSMZqBaAgQCBAU?= =?us-ascii?q?CDgEBBYFWAy6BVnAVOyoBgkGCDweDaIoYO3KBKZMXAQE?=
X-IronPort-AV: E=Sophos;i="5.60,410,1549929600"; d="scan'208";a="266535598"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Apr 2019 20:03:58 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x3TK3wp3009274 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 29 Apr 2019 20:03:58 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 29 Apr 2019 15:03:57 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 29 Apr 2019 15:03:56 -0500
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 29 Apr 2019 15:03:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Io0VrkoD9LFMD5OqGIBNKpBJVKBwdIC45BSId7eKYgc=; b=QbBdaKx4BF5v1KCz1LNXXYncUatFfPZSI83c0qjv79dcB1tWQnIWVnbY9mOG05ZxUmR8hu9VUy38g3e7EjP5pRyxe6MmzDJw+D0mFbhsanrduohTKAvf8dGNL7ZZX4+pro1IvqO2jJLY1i64F//tQkQRMTw0ZppN/KZMHO65jkg=
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com (10.174.104.15) by DM5PR1101MB2188.namprd11.prod.outlook.com (10.174.104.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.13; Mon, 29 Apr 2019 20:03:55 +0000
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::a113:a1ba:aae0:4a12]) by DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::a113:a1ba:aae0:4a12%6]) with mapi id 15.20.1835.010; Mon, 29 Apr 2019 20:03:55 +0000
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: Aanchal Malhotra <aanchal4@bu.edu>, "secdir@ietf.org" <secdir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-netconf-restconf-notif.all@ietf.org" <draft-ietf-netconf-restconf-notif.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13
Thread-Index: AQHU8LEm3/ufrU/2dEa8pjPJiNurYqY4yTOAgAuvaICABvAQgIAHJTqAgADbAgA=
Date: Mon, 29 Apr 2019 20:03:55 +0000
Message-ID: <67A8986B-4406-4CF4-8F64-42AFAF48EC1B@cisco.com>
References: <155501965074.14152.2835369201856309773@ietfa.amsl.com> <FFD7F554-4E88-49E5-9D16-DF0B64BC5FF5@cisco.com> <20190420035612.GR51586@kduck.mit.edu> <7820A8E4-692B-43D2-9611-437CC440EBC7@cisco.com> <20190429030003.GJ60332@kduck.mit.edu>
In-Reply-To: <20190429030003.GJ60332@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rrahman@cisco.com;
x-originating-ip: [2001:420:2840:1250:2421:2f0a:1dbc:638e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0e0d505c-4171-4200-bdcd-08d6ccddcefa
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM5PR1101MB2188;
x-ms-traffictypediagnostic: DM5PR1101MB2188:
x-microsoft-antispam-prvs: <DM5PR1101MB21889D273E721A9DA64EEA6FAB390@DM5PR1101MB2188.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0022134A87
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(366004)(396003)(136003)(346002)(51914003)(189003)(199004)(71200400001)(2616005)(71190400001)(58126008)(6486002)(486006)(7736002)(476003)(305945005)(83716004)(6916009)(11346002)(5660300002)(316002)(81156014)(81166006)(8936002)(229853002)(86362001)(76176011)(6436002)(99286004)(91956017)(76116006)(73956011)(102836004)(66476007)(64756008)(66556008)(66946007)(66446008)(46003)(36756003)(82746002)(25786009)(54906003)(97736004)(68736007)(93886005)(6116002)(53546011)(2906002)(14444005)(6506007)(4326008)(53936002)(256004)(6512007)(33656002)(478600001)(6246003)(8676002)(2171002)(186003)(446003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1101MB2188; H:DM5PR1101MB2105.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uXrrSe7MkyCdkpS2llxyuIjxueqN9hns110qnC+gE4GEr6iy4xpk+XDcAmJoQYVCk/nh1hbnhR4MxqxaWof+u9BZAm2Birn6j74q8oGUhPUuuamBUBVY85v3VRjj4W8Km7MtFvd/RvJkErWg6UaqR4HatdAf3+GVMtvekhc48kbF7J9OXGK23tGrzJhblZgT5d8W1ZlqkbzcWGXeIGnDjG/1uv2ceCPmufm98qilFBwUndzc0HjQic2AyCBVLooE4iVmwvweB8zLRO233FBtxt1zHw3dnD6e5j9XSyXHh8rvuKGMgu/EGEZhBAVPt4PV6z0LfWD9idy+Zm50U76q/H8zCJ5L9pt4lwI3NSRGYySHUo+Vqu2jLl7Z+8QB438rS8vXNKu497CpeQCpnIFdv23TKM0jXsyDjRSO6G6tDkg=
Content-Type: text/plain; charset="utf-8"
Content-ID: <343776AEE8F75E4D8D171FD2514360B5@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e0d505c-4171-4200-bdcd-08d6ccddcefa
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2019 20:03:55.0650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2188
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1Ze_XRfropo0lhY1ImA8egnqdfQ>
Subject: Re: [secdir] [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 20:04:01 -0000

On 2019-04-28, 11:00 PM, "Benjamin Kaduk" <kaduk@mit.edu>; wrote:

    On Wed, Apr 24, 2019 at 05:53:02PM +0000, Reshad Rahman (rrahman) wrote:
    > On 2019-04-19, 11:56 PM, "Benjamin Kaduk" <kaduk@mit.edu>; wrote:
    > 
    >     On Fri, Apr 12, 2019 at 09:29:35PM +0000, Reshad Rahman (rrahman) wrote:
    >     > Hi Aanchal,
    >     > 
    >     > Thanks for the review. Please see inline.
    >     > 
    >     > On 2019-04-11, 5:54 PM, "netconf on behalf of Aanchal Malhotra via Datatracker" <netconf-bounces@ietf.org on behalf of noreply@ietf.org>; wrote:
    >     > 
    >     >     Reviewer: Aanchal Malhotra
    >     >     Review result: Ready
    >     >     
    >     >     The document is very clear and concise.  I just have one minor clarification question.
    >     >     Section 3.4 Page 9 that says the following:
    >     >     "In addition to any required ........SHOULD only be allowed......".  
    >     >     
    >     >     Is there a reason for using SHOULD instead of MUST? 
    >     > 
    >     > There may be reasons why an implementation decides not to enforce this restriction. Going by RFC2119 definitions, this is why we chose SHOULD instead of MUST.
    >     
    >     If you have some reasons in mind, it is often helpful to list them as
    >     examples of when the recommended behavior would not be followed.
    > 
    > What we had in mind is a "super-user" who could be given access to subscriptions of other users. Is this obvious or should I can add text to that effect at the end the bullet below? Something along the lines of "For example, a RESTCONF username with the required administrative permissions could be allowed to invoke RPCs modify-subscription, resync-subscription and delete-subscription on a subscription which was created by another username.".
    > 
    >    o  In addition to any required access permissions (e.g., NACM), RPCs
    >       modify-subscription, resync-subscription and delete-subscription
    >       SHOULD only be allowed by the same RESTCONF username [RFC8040]
    >       which invoked establish-subscription.
    
    I think it might help to have such text, though I would suggest a slightly
    pithier "Such a restriction generally serves to preserve users' privacy, but
    exceptions might be made for administrators that may need to modify or
    delete other users' subscriptions."

Good with me, thanks. I'll make this addition in the next rev.

Regards,
Reshad.

    Thanks,
    
    Ben