Re: [secdir] YANG Reviews

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 11 January 2018 16:22 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 441F312D860 for <secdir@ietfa.amsl.com>; Thu, 11 Jan 2018 08:22:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5viMkOne5t8U for <secdir@ietfa.amsl.com>; Thu, 11 Jan 2018 08:22:06 -0800 (PST)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5858E1275FD for <secdir@ietf.org>; Thu, 11 Jan 2018 08:22:06 -0800 (PST)
Received: by mail-pg0-x22b.google.com with SMTP id 136so1938366pgd.8 for <secdir@ietf.org>; Thu, 11 Jan 2018 08:22:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jme06pQvW0Y2gZQ88wUQ7vyFnKYqRRBoGtbhZg4948A=; b=NmMBVBBn7mjSylVy/S0OcCFn/VcDDbhpOHPaHm4SRzL/CtJ5fALlT3aKWRWp6m4Iaq Lj2ktEnVkzdpHfS5/cfL+ZMCyX0FAW83eq9FTKhcffxHz5GaN1yHWhZiTeiTiaYhmCgI /xw/0fbBpZL7t2ic+Iqru1S3MuEJm0R8xm7scThqZXf5MWEv8FeqdMPR63TOhelwh0lK /4DHExVbXFGfvmsZ3mlTMRV1WWWguQshDseZm9I/uPj03/jI9jkgNcon5J0+QEujGnQv BiE3fDTyUAwXt9XL+ErW0jJfn/vFlccBniH9M4/Yl4kqL6zuFi86Uzs9U2DfcUdsgpyM QYlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jme06pQvW0Y2gZQ88wUQ7vyFnKYqRRBoGtbhZg4948A=; b=lagXtkV3qMCYRKxfwsKARdY/6gbn1zrvh03B4Kn63ma+fuHKlSHjQQfrkgT7Ynx6Iw 9GnvaSmB7rniBRzRAKr4yjf7Hyr12o9ZLKPWKT7PYZG4UVQWKHt4DwJJe/eLFHp+HGYc i1WyLKAtP4anFNXl9OZNLA6IjtVXXpmdg+ytLD56twmKXNR754Ri0QDM9gWg5vlS77V0 CRniptYHMVIdWfuaD30jAMTc+alHNSWOyh4XfYICfB3PkoxiHEhoxlCku/Qq8lqoeKaL EmNGe7QrcFGpUgWMUjtYmmyODIYs4aXM3CGwsBG96yhIe/EnzJQo/OP5rRaXJk/75Wd/ +Qdw==
X-Gm-Message-State: AKGB3mLcLe26w7Ain8GZ+ux3Dux+1JxeMdr8qZTBe1WQifyBi5Aj2DEr XgYS/Wh4leMZzYiPcIbmgZRvJSwaorh02B+yVLpYZg==
X-Google-Smtp-Source: ACJfBovPrvCzI6iE6Vv7uRpv7DnGMxxbb8q+lAF6q4PKi/zDJkuUzvQvFe7h2CCmn2ZKuCWvfF8p55OX2buhkDUq+Ic=
X-Received: by 10.84.251.135 with SMTP id w7mr22955633pll.305.1515687725925; Thu, 11 Jan 2018 08:22:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Thu, 11 Jan 2018 08:21:25 -0800 (PST)
In-Reply-To: <FD6C1F69-E382-42E1-971C-286193F498ED@gmail.com>
References: <CAHbuEH5hfwe0OVT74vNPgxF_HEPG2iCmQbr-bx7XB1vVSeekHw@mail.gmail.com> <E4143639-B607-458D-8319-45DCECEBB78F@vigilsec.com> <FD6C1F69-E382-42E1-971C-286193F498ED@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 11 Jan 2018 11:21:25 -0500
Message-ID: <CAHbuEH5e2f0UdZOTLJ_E_rARUcpjh10fPM9WZ=DCcEusXsuzxA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF SecDir <secdir@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/R1hT4fy0EJmyp-V9_7K4c9IJqdc>
Subject: Re: [secdir] YANG Reviews
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 16:22:08 -0000

Hello,

As it turns out, there is a page:

https://www.ietf.org/iesg/directorate/yang-doctors.html

If anyone has comments on the bis draft with current security
considerations template, please provide them to the WG.  Here is the
link again for your convenience:
https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-10#page-52

Thank you!

On Tue, Jan 9, 2018 at 2:15 PM, Kathleen Moriarty
<kathleen.moriarty.ietf@gmail.com> wrote:
> Hi Russ,
>
> Sent from my mobile device
>
>> On Jan 9, 2018, at 1:46 PM, Russ Housley <housley@vigilsec.com> wrote:
>>
>> For MIB modules, we came up with a short list of things or the SecDir Reviewer to do.  This is a quote from an email message in 2007:
>>
>>> The job of the security reviewers, then, is three-fold: first, to
>>> verify the existence of the boilerplate; second, to verify the adequacy
>>> of the explanations given for particular items; third -- and this is
>>> the hardest -- to scan the document to see if other items should have
>>> been identified as sensitive but aren't.
>
> The guidance is very similar.
>>
>> The real guidance appears here: http://www.ops.ietf.org/mib-security.html
>>
>> It would be very helpful if we can come up with an equivalent yang-security.html document.
>>
> We can work with Benoit &Warren as it’s better for those writing the drafts to see it first, so I think the home should be the same.
>
> Best,
> Kathleen
>
>> Russ
>>
>>
>>> On Jan 8, 2018, at 4:43 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> We will be seeing many YANG module reviews come through, please don't
>>> let page counts scare you on these.  One of the main things to look
>>> for is that they used the Security Considerations template and filled
>>> it out, catching any data nodes that need to be enumerated in the
>>> considerations.
>>>
>>> Templates like this tend to get updated every time there's a new
>>> SecAD, :-) . As such, it'll likely be updated again in a few months.
>>> Here's the draft with the current template.  Have a look so you know
>>> key things to look for (transport security is called out and
>>> subtrees/data nodes of concern should be listed out).  Sometimes more
>>> is needed specific to the draft, but often times, this covers it.
>>>
>>> https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-10#page-52
>>>
>>> Thanks again for all your reviews, it is a tremendous help to us!
>>>
>>> --
>>>
>>> Best regards,
>>> Kathleen
>>



-- 

Best regards,
Kathleen