Re: [secdir] secdir review of draft-ietf-netconf-monitoring
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 11 June 2010 08:10 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6966C3A68E0; Fri, 11 Jun 2010 01:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.384
X-Spam-Level:
X-Spam-Status: No, score=0.384 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_50=0.001, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rWDycLXR-ett; Fri, 11 Jun 2010 01:10:13 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id D47E23A68F0; Fri, 11 Jun 2010 01:10:12 -0700 (PDT)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 26D1FC0016; Fri, 11 Jun 2010 10:10:11 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id phpEH8gtXIOu; Fri, 11 Jun 2010 10:10:10 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 6A7BCC0032; Fri, 11 Jun 2010 10:09:57 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 3881512F9717; Fri, 11 Jun 2010 10:09:56 +0200 (CEST)
Date: Fri, 11 Jun 2010 10:09:56 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Alan DeKok <aland@deployingradius.com>
Message-ID: <20100611080956.GA5257@elstar.local>
Mail-Followup-To: Alan DeKok <aland@deployingradius.com>, "secdir@ietf.org" <secdir@ietf.org>, IESG IESG <iesg@ietf.org>, "draft-ietf-netconf-monitoring@tools.ietf.org" <draft-ietf-netconf-monitoring@tools.ietf.org>
References: <4C11ED2B.1070707@deployingradius.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C11ED2B.1070707@deployingradius.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: "draft-ietf-netconf-monitoring@tools.ietf.org" <draft-ietf-netconf-monitoring@tools.ietf.org>, IESG IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-netconf-monitoring
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jun 2010 08:10:14 -0000
On Fri, Jun 11, 2010 at 10:00:43AM +0200, Alan DeKok wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > The document defines a data model for netconf monitoring. The security > considerations section says in part: > > Some of the readable data nodes in this YANG module may be > considered sensitive or vulnerable in some network environments. > It is thus important to control read access (e.g. via get, > get-config or notification) to these data nodes. > > What is unclear from the document is whether or not the data is secure > *after* access is gained. i.e. is there a secure transport layer? > Should one be used? If not, why? NETCONF runs over SSH or TLS or TLS/BEEP or SOAP/HTTPS. In other words, all existing NETCONF transports are "secure". The revision of the NETCONF specification being worked on is going to make this hopefully clearer by calling the transport layer "secure transports". There has been progress very recently on formulating a security considerations template for documents that contain NETCONF/YANG data models and I think it would be good if this document would indeed follow these guidelines. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [secdir] secdir review of draft-ietf-netconf-moni… Alan DeKok
- Re: [secdir] secdir review of draft-ietf-netconf-… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-netconf-… Alan DeKok
- Re: [secdir] secdir review of draft-ietf-netconf-… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-netconf-… Bert Wijnen (IETF)
- Re: [secdir] secdir review of draft-ietf-netconf-… Martin Bjorklund
- Re: [secdir] [Netconf] FW: secdir review of draft… Ersue, Mehmet (NSN - DE/Munich)
- Re: [secdir] secdir review of draft-ietf-netconf-… Sam Hartman
- Re: [secdir] secdir review of draft-ietf-netconf-… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-netconf-… Juergen Schoenwaelder
- Re: [secdir] secdir review of draft-ietf-netconf-… Sam Hartman