Re: [secdir] Secdir review of draft-ietf-netmod-yang-12

Martin Bjorklund <mbj@tail-f.com> Fri, 30 April 2010 11:08 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A13CF3A67E3; Fri, 30 Apr 2010 04:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.108
X-Spam-Level:
X-Spam-Status: No, score=0.108 tagged_above=-999 required=5 tests=[AWL=-0.446, BAYES_50=0.001, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rY6XXJkKVB3T; Fri, 30 Apr 2010 04:08:30 -0700 (PDT)
Received: from mail.tail-f.com (de-0316.d.ipeer.se [213.180.79.212]) by core3.amsl.com (Postfix) with ESMTP id 4026A3A6B9F; Fri, 30 Apr 2010 04:08:14 -0700 (PDT)
Received: from localhost (c213-100-166-156.swipnet.se [213.100.166.156]) by mail.tail-f.com (Postfix) with ESMTPSA id 51296616001; Fri, 30 Apr 2010 13:07:59 +0200 (CEST)
Date: Fri, 30 Apr 2010 13:07:59 +0200 (CEST)
Message-Id: <20100430.130759.243104998.mbj@tail-f.com>
To: aland@deployingradius.com
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <4BD839E7.4040200@deployingradius.com>
References: <4BD839E7.4040200@deployingradius.com>
X-Mailer: Mew version 6.2.51 on Emacs 22.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 30 Apr 2010 10:40:39 -0700
Cc: iesg@ietf.org, draft-ietf-netmod-yang@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-netmod-yang-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 11:08:32 -0000

Hi,

Alan DeKok <aland@deployingradius.com>; wrote:
>   I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
>  These comments were written primarily for the benefit of the security
> area directors.  Document editors and WG chairs should treat these
> comments just like any other last call comments.
> 
>   The document defines a language used to read and write descriptions of
> management information.  It is not intended to be used within an "on the
> wire" internet protocol.  As such, the usual "on the wire" security
> issues do not apply.
> 
>   The "Security Considerations" looks OK.  I would suggest adding a
> caution about reading data from untrusted sources.  Document readers
> have a long history of being attacked by malformed documents.
> 
>   e.g.:
> 
> YANG parsers need to be robust with respect to malformed documents.
> Reading malformed documents from unknown or untrusted sources could
> result in an attacker gaining privileges of the user running the YANG
> parser.  In an extreme situation, the entire machine could be compromised.

I agree that this makes sense.  I will add your suggested text.

Thank you!


/martin