IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-netconf-yang-library-03

Andy Bierman <andy@yumaworks.com> Tue, 22 March 2016 21:57 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3D6612DAB0 for <secdir@ietfa.amsl.com>; Tue, 22 Mar 2016 14:57:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1S_RSpGIbUxk for <secdir@ietfa.amsl.com>; Tue, 22 Mar 2016 14:57:07 -0700 (PDT)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94CE512DAAA for <secdir@ietf.org>; Tue, 22 Mar 2016 14:57:06 -0700 (PDT)
Received: by mail-lb0-x234.google.com with SMTP id bc4so174304105lbc.2 for <secdir@ietf.org>; Tue, 22 Mar 2016 14:57:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=kpGH78teRuUa3xpU9F8VlIHXaiCdiPjYbk3JViwVH7g=; b=q/RjZ73pCjgMVykbFZ2ekSv/DUCrTUMeQ/os6RcXFbQ+QYOLf3Kpy5SKkpVNAHGG4q CZ26ATuu48N/kmy6GHP6weOcT28CYrTV+PIt2hZcdn2u7Qfxbwp9/tPmB15Meh5C3ttH O4PrOCPkZxYt8r7RxF+Nk0s7Gjef33dp83mnt7KrOBj6r8DprreZi4OBZwQjDtAJ2PV5 GLgYa+DWoTcDXpaMqYBKtGIHatd8sTxXsP9wLBnK6koNF73uAuk50xdryfJIoj99w9SB HkDvwd/a97b/ygItU7rRefDzUeQg5QizKIovo3oKQnTzOYiXaIqgm3+UbBTXcxorXt0s XRfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=kpGH78teRuUa3xpU9F8VlIHXaiCdiPjYbk3JViwVH7g=; b=lpHKgDHuMQDnCCj422mypZHnMBMQsNTxnxy9DYgg3adu5mx4s2jrOjyihan0fKbTM3 8eEzwnXfF/vm21VHmuLTfKE7P77oSmhAPlExA9lOfR4uIs9cHcGHaIWojiaytBU2srBv BzJ2dPUtmzcKZc7UDTC1xXrDueVpPzjwaw7mw71qoBV5aFbzrPmE+3PVj51H97PG0UWt 5sV0in8alIhuJhQTW5b1MFXxLBIIXO6UTdbv6b1CWG/fS8qWODnBmj0Gu6zcxlcgKbas 57USXasRZw0UwoHtWaTuaYGYPokST482NjbM0c4ZkzASFhgswK6XKXo0wLEDGKrGbhPh 7ccA==
X-Gm-Message-State: AD7BkJJ4q6TMuW8XCI0dPw4zbDldFO5JbgL2W6z/NhQRDBES2JaFFoaj8fYe79pstrK2/U/4eXNZ9bpamV+J6g==
MIME-Version: 1.0
X-Received: by 10.112.62.229 with SMTP id b5mr13246071lbs.30.1458683824723; Tue, 22 Mar 2016 14:57:04 -0700 (PDT)
Received: by 10.112.135.97 with HTTP; Tue, 22 Mar 2016 14:57:04 -0700 (PDT)
In-Reply-To: <ldv7fgu42vj.fsf@sarnath.mit.edu>
References: <ldvbn7z6f7s.fsf@sarnath.mit.edu> <6AAFCD6E-4F8D-409C-ACB1-53C03413AF7F@gmail.com> <ldvwppsjnde.fsf@sarnath.mit.edu> <CABCOCHRxkgQ+pPaDQWGNWvVohA5cbdJtHGaH6RW9O-JFCG2-0A@mail.gmail.com> <ldv7fgu42vj.fsf@sarnath.mit.edu>
Date: Tue, 22 Mar 2016 14:57:04 -0700
Message-ID: <CABCOCHSv9yr6sJijuRLZ5UYfCdCBsy78M6hundbYiX9=fDV6Jg@mail.gmail.com>
From: Andy Bierman <andy@yumaworks.com>
To: Tom Yu <tlyu@mit.edu>
Content-Type: multipart/alternative; boundary="001a11c3c384366ba5052eaa4bf3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/HIh7VPQ7IeWOt0Ne2y1a4hsUTOc>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, draft-ietf-netconf-yang-library.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-netconf-yang-library-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 21:57:09 -0000

On Tue, Mar 22, 2016 at 2:30 PM, Tom Yu <tlyu@mit.edu> wrote:

> Andy Bierman <andy@yumaworks.com> writes:
>
> > The YANG library provides the same information that is currently
> > in the NETCONF <hello> message.
> >
> > It is expected that NACM (RFC 6536) will be used to prevent access
> > to sensitive operations, notifications, and data.
> > However NACM is optional-to-implement with NETCONF and RESTCONF.
> >
> > The risk is the same as current NETCONF.
> > If a specific module/revision implementation is known to
> > be vulernable, then NETCONF and this library both let
> > the client know it is running on the server.
>
> If the risk is the same as current NETCONF, then why mention it in this
> document?  It seems to me that the YANG library provides somewhat more
> detail than the NETCONF <hello> message, right?  The YANG library
> provides deviation and conformance details, unlike what I see in the
> NETCONF <hello> message description in RFC6241, unless there's something
> I'm missing.
>
>

The YANG library provides the revision date of the deviations module,
which is not included in the NETCONF <hello>.

It  also lists the submodules and their revisions, which is
not contained in the NETCONF <hello>.

The NETCONF <hello> message is not specified well enough to
make any other generalizations about the differences.





> It would be good to clarify whether the risks of exposing
> /modules-state/module include vulnerabilities in the NETCONF
> implementation itself, or with vulnerabilities in the associated
> underlying network device functionality for which NETCONF provides
> configuration access (perhaps both, to different degrees?).
>


The library is intended for other protocols such as RESTCONF.

Is there some specific text you want changed?
This is the only non-boilerplate text in the section:
Is there some part of this that is incorrect?



   o  /modules-state/module: The module list used in a server
      implementation may help an attacker identify the server
      capabilities and server implementations with known bugs.  Server
      vulnerabilities may be specific to particular modules, module
      revisions, module features, or even module deviations.  This
      information is included in each module entry.  For example, if a
      particular operation on a particular data node is known to cause a
      server to crash or significantly degrade device performance, then
      the module list information will help an attacker identify server
      implementations with such a defect, in order to launch a denial of
      service attack on the device.

v2.23.0 | Report a Bug | By Email