Re: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15
Lou Berger <lberger@labn.net> Tue, 05 June 2018 14:02 UTC
Return-Path: <lberger@labn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6E7213107B for <secdir@ietfa.amsl.com>; Tue, 5 Jun 2018 07:02:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.695
X-Spam-Level:
X-Spam-Status: No, score=-2.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.795, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ndoN3AcAgrFK for <secdir@ietfa.amsl.com>; Tue, 5 Jun 2018 07:02:20 -0700 (PDT)
Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771BD13107D for <secdir@ietf.org>; Tue, 5 Jun 2018 07:02:20 -0700 (PDT)
Received: from cmgw14.unifiedlayer.com (unknown [10.9.0.14]) by gproxy2.mail.unifiedlayer.com (Postfix) with ESMTP id 648291E0F40 for <secdir@ietf.org>; Tue, 5 Jun 2018 08:01:16 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id QCUzf0hrVYnqBQCUzfcEyx; Tue, 05 Jun 2018 07:59:45 -0600
X-Authority-Reason: nr=8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zZccASSnNOzmhEAXe6z4PoC+3ldhj1Seu3qCwp7zx0E=; b=WhyJGRgtElbDKAWhnOe3Ca8ySj poDNxh0ZC+ezDN9VUbxOiPGLh/1ZieFZAdemIVdfVzh1jqPkuDgSKvMlYBej1H4LBy9b9KF7QKEl/ T0of+JksBd1HH6X16/j+x2u53;
Received: from pool-100-15-86-101.washdc.fios.verizon.net ([100.15.86.101]:48452 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from <lberger@labn.net>) id 1fQCWS-003llN-0h; Tue, 05 Jun 2018 08:01:16 -0600
To: Melinda Shore <melinda.shore@gmail.com>, secdir@ietf.org, IESG <iesg@ietf.org>, draft-ietf-teas-yang-te-topo.all@ietf.org
References: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <c50db559-a144-29d2-c486-626cfe1d372f@labn.net>
Date: Tue, 05 Jun 2018 10:01:13 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <1b9239b4-ff6a-4f85-4c6e-8b714cf6b6a3@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.86.101
X-Source-L: No
X-Exim-ID: 1fQCWS-003llN-0h
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-86-101.washdc.fios.verizon.net ([IPv6:::1]) [100.15.86.101]:48452
X-Source-Auth: lberger@labn.net
X-Email-Count: 2
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UOvBbCLoh6xAyEZMyOmI0NoDJDQ>
Subject: Re: [secdir] Secdir review of draft-ietf-teas-yang-te-topo-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 14:02:28 -0000
Melinda, The authors have published an update with a revised security considerations section, please take a look at your convenience and let the authors know if you see that more is needed. https://tools.ietf.org/html/draft-ietf-teas-yang-te-topo-16#section-8 Lou (Doc Shepherd) On 5/31/2018 11:19 PM, Melinda Shore wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > The summary of the review is Ready with issues > > This document defines a technology-agnostic YANG data model for > representation of traffic engineering topologies, and is intended to > serve as a base model for other technology-specific traffic engineering > topology models. > > The document is clearly written and appears comprehensive with respect > to its subject matter. I suspect that sections 1-4 would be a useful > reference for people wanting to learn about TE topologies in general, > and I enjoyed reading it. > > The security considerations section is scanty and, unfortunately, > insufficient. The statement "The data-model by itself does not create > any security implications" seems questionable at best, since it contains > information about network topology and the treatment of traffic, > which may be of value to an attacker. The lack of discussion of > the threat environment is particularly problematic given that the > model is intended to be used for manipulating TE topologies. The > authors may want to look to draft-ietf-i2rs-yang-network-topo as > a model (no pun intended) of a good security considerations > section for a topology model. I don't see how this document can > be published with the security considerations section in its current > condition. > > This is really a trivial nit, but a nit nevertheless - the second > paragraph of the terminology section probably belongs in the > introduction instead, as it lays out expectations for the reader > and contains a pointer to introductory material for readers > unfamiliar with the IETF's traffic engineering work. > > Melinda >
- Re: [secdir] Secdir review of draft-ietf-teas-yan… Alvaro Retana
- Re: [secdir] Secdir review of draft-ietf-teas-yan… Melinda Shore
- [secdir] Secdir review of draft-ietf-teas-yang-te… Melinda Shore
- Re: [secdir] Secdir review of draft-ietf-teas-yan… Lou Berger