Re: [secdir] secdir review of draft-ietf-netmod-smi-yang-04

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 11 April 2012 09:15 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F3B621F861B; Wed, 11 Apr 2012 02:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.12
X-Spam-Level:
X-Spam-Status: No, score=-103.12 tagged_above=-999 required=5 tests=[AWL=0.129, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AAMFgqT6nqPW; Wed, 11 Apr 2012 02:15:56 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4F421F8610; Wed, 11 Apr 2012 02:15:53 -0700 (PDT)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 400DB20BF0; Wed, 11 Apr 2012 11:15:52 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id QQOmYjOBvp4f; Wed, 11 Apr 2012 11:15:52 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 9433720BE6; Wed, 11 Apr 2012 11:15:50 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 401C81E5D39E; Wed, 11 Apr 2012 11:15:52 +0200 (CEST)
Date: Wed, 11 Apr 2012 11:15:51 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Leif Johansson <leifj@sunet.se>
Message-ID: <20120411091551.GA26732@elstar.local>
Mail-Followup-To: Leif Johansson <leifj@sunet.se>, Leif Johansson <leifj@nordu.net>, draft-ietf-netmod-smi-yang.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
References: <4F853D62.1090204@sunet.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4F853D62.1090204@sunet.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: draft-ietf-netmod-smi-yang.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, Leif Johansson <leifj@nordu.net>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-netmod-smi-yang-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 09:15:57 -0000

On Wed, Apr 11, 2012 at 10:14:26AM +0200, Leif Johansson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hi,
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> The document specifies a translation between SMIv2 (and by reference
> to RFC 3584, SMIv1) and YANG. YANG is the information model language
> used in NETCONF.
> 
> This draft is outside my subject-matter expertise but the core
> security issue seems to be around translation of the SMIv2 MAX-ACCESS
> macro to YANG. Since YANG doesn't define any corresponding element
> an extension to YANG is defined.
> 
> However there doesn't seem to be any requirement to implement that
> extension. The security considerations section refers the reader to
> the security considerations sections for YANG, NETCONF, SMI etc but
> claims that "The translation itself has no security impact on the
> Internet.".
> 
> I would have liked to see a clear normative statement to the effect
> that if you relied on MAX-ACCESS in the SMIv2 version of a MIB then
> you MUST implement the YANG extension for SMI and that the NETCONF
> implementation used MUST respect the resulting smiv2:max-access
> statements.

Hi,

the MAX-ACCESS in the SMIv2 really has nothing to do with access
control. See section 7.3 of RFC 2578 for the details. Also note that
the SMiv2 to YANG mapping is readonly, that is even if the SMIv2
MAX-ACCESS is "read-write" or "read-create", the corresponsing YANG
leaf is read-only.

Note that access control in the SNMP world is handled by VACM (RFC
3415) and in the NETCONF world by NACM (RFC 6536).

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>