[secdir] secdir review of draft-ietf-i2rs-pub-sub-requirements-06
"Scott G. Kelly" <scott@hyperthought.com> Thu, 28 April 2016 01:09 UTC
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD7712D508 for <secdir@ietfa.amsl.com>; Wed, 27 Apr 2016 18:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyso5NWyI5rM for <secdir@ietfa.amsl.com>; Wed, 27 Apr 2016 18:09:05 -0700 (PDT)
Received: from smtp74.iad3a.emailsrvr.com (smtp74.iad3a.emailsrvr.com [173.203.187.74]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D1012D1E9 for <secdir@ietf.org>; Wed, 27 Apr 2016 18:09:05 -0700 (PDT)
Received: from smtp26.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp26.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id A6847803DB; Wed, 27 Apr 2016 21:09:04 -0400 (EDT)
Received: from app16.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp26.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9B96E801BB; Wed, 27 Apr 2016 21:09:04 -0400 (EDT)
X-Sender-Id: scott@hyperthought.com
Received: from app16.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.5.4); Wed, 27 Apr 2016 21:09:04 -0400
Received: from hyperthought.com (localhost [127.0.0.1]) by app16.wa-webapps.iad3a (Postfix) with ESMTP id 8BE9EC0077; Wed, 27 Apr 2016 21:09:04 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Wed, 27 Apr 2016 18:09:04 -0700 (PDT)
Date: Wed, 27 Apr 2016 18:09:04 -0700
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-i2rs-pub-sub-requirements.all@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
X-Auth-ID: scott@hyperthought.com
Message-ID: <1461805744.570422143@apps.rackspace.com>
X-Mailer: webmail/12.4.1-RC
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/bHg-vI8n3PQFPdLwJs9_ZBHBz4Q>
Subject: [secdir] secdir review of draft-ietf-i2rs-pub-sub-requirements-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 01:09:06 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by IESG. These comments were written primarily for the benefit of security area directors. Document editors and WG chairs should these comments just like any other last call comments. Summary: not ready From the abstract, this document provides requirements for a service that allows client applications to subscribe to updates of a YANG datastore. I looked up YANG, and wikipedia says it is a data modeling language for the NETCONF network configuration protocol. The introduction says Applications interacting with YANG datastores require capabilities beyond the traditional client-server configuration of network elements. One class of such applications are service-assurance applications which must maintain a continuous view of operational data and state. Another class of applications are security applications which must continuously track changes made upon network elements to ensure compliance to corporate policy. So, this suggests that this pub/sub mechanism will sometimes be used for security-related monitoring. When I read the document, I wondered where the requirements were coming from. There is a brief “Business Drivers” section that tells why a “push mechanism” (different name for pub/sub?) is useful, but other than this, the document does not describe use cases. This makes it very difficult to evaluate the subsequent requirements assertions. I don’t know anything about I2RS, and I won’t comment on anything other than the security considerations. That section lists various MUSTs and SHOULDs, but gives no rationale. It is not possible to evaluate this section without understanding *why* these requirements are what they are. It is possible that the rationale exists in companion documents. If so, this should be called out. If not, I think it should be given here. The intro suggests that this mechanism will be used for enterprise security monitoring operations. Those operations should be described (at a high level), along with associated threats. From those threats come associated mitigation measures, and from those measures come requirements. If you want to punt on the specifics (and address it in later work), then the requirements should at least describe what threats should be mitigated. I think the ADs should take a look at this document. --Scott
- [secdir] secdir review of draft-ietf-i2rs-pub-sub… Scott G. Kelly
- Re: [secdir] secdir review of draft-ietf-i2rs-pub… Eric Voit (evoit)
- Re: [secdir] secdir review of draft-ietf-i2rs-pub… Scott G. Kelly