Re: [secdir] Secdir review of draft-ietf-netmod-yang-12
Martin Bjorklund <mbj@tail-f.com> Fri, 30 April 2010 11:08 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A13CF3A67E3; Fri, 30 Apr 2010 04:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.108
X-Spam-Level:
X-Spam-Status: No, score=0.108 tagged_above=-999 required=5 tests=[AWL=-0.446, BAYES_50=0.001, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rY6XXJkKVB3T; Fri, 30 Apr 2010 04:08:30 -0700 (PDT)
Received: from mail.tail-f.com (de-0316.d.ipeer.se [213.180.79.212]) by core3.amsl.com (Postfix) with ESMTP id 4026A3A6B9F; Fri, 30 Apr 2010 04:08:14 -0700 (PDT)
Received: from localhost (c213-100-166-156.swipnet.se [213.100.166.156]) by mail.tail-f.com (Postfix) with ESMTPSA id 51296616001; Fri, 30 Apr 2010 13:07:59 +0200 (CEST)
Date: Fri, 30 Apr 2010 13:07:59 +0200
Message-Id: <20100430.130759.243104998.mbj@tail-f.com>
To: aland@deployingradius.com
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <4BD839E7.4040200@deployingradius.com>
References: <4BD839E7.4040200@deployingradius.com>
X-Mailer: Mew version 6.2.51 on Emacs 22.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Fri, 30 Apr 2010 10:40:39 -0700
Cc: iesg@ietf.org, draft-ietf-netmod-yang@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-netmod-yang-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 11:08:32 -0000
Hi, Alan DeKok <aland@deployingradius.com> wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > The document defines a language used to read and write descriptions of > management information. It is not intended to be used within an "on the > wire" internet protocol. As such, the usual "on the wire" security > issues do not apply. > > The "Security Considerations" looks OK. I would suggest adding a > caution about reading data from untrusted sources. Document readers > have a long history of being attacked by malformed documents. > > e.g.: > > YANG parsers need to be robust with respect to malformed documents. > Reading malformed documents from unknown or untrusted sources could > result in an attacker gaining privileges of the user running the YANG > parser. In an extreme situation, the entire machine could be compromised. I agree that this makes sense. I will add your suggested text. Thank you! /martin
- [secdir] Secdir review of draft-ietf-netmod-yang-… Alan DeKok
- Re: [secdir] Secdir review of draft-ietf-netmod-y… Martin Bjorklund