Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10

Shawn Emery <shawn.emery@oracle.com> Mon, 20 May 2013 16:49 UTC

Return-Path: <shawn.emery@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1410821F9690; Mon, 20 May 2013 09:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Mf4lPy7Fuj9; Mon, 20 May 2013 09:49:15 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 96F6421F968F; Mon, 20 May 2013 09:49:15 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r4KGnCej004794 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 20 May 2013 16:49:13 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r4KGnC8Y016776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 20 May 2013 16:49:13 GMT
Received: from abhmt103.oracle.com (abhmt103.oracle.com [141.146.116.55]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r4KGnCAK023003; Mon, 20 May 2013 16:49:12 GMT
Received: from [10.159.112.142] (/10.159.112.142) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 20 May 2013 09:49:11 -0700
Message-ID: <519A53CD.1060406@oracle.com>
Date: Mon, 20 May 2013 10:48:13 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Martin Bjorklund <mbj@tail-f.com>
References: <5124827A.3070407@oracle.com> <519097A8.40409@oracle.com> <20130513.094441.442455286.mbj@tail-f.com>
In-Reply-To: <20130513.094441.442455286.mbj@tail-f.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Cc: draft-ietf-netmod-interfaces-cfg.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2013 16:49:22 -0000

On 05/13/13 01:44 AM, Martin Bjorklund wrote:
> Hi,
>
> Shawn Emery <shawn.emery@oracle.com>; wrote:
>> I have reviewed this document as part of the security directorate's ongoing
>> effort to review all IETF documents being processed by the IESG. These
>> comments were written primarily for the benefit of the security area
>> directors. Document editors and WG chairs should treat these comments just
>> like any other last call comments.
>>
>> This internet-draft specifies a data model used for the management of network
>> interfaces.
>>
>> The security considerations section does exist and discusses that the data is
>> made available through the NETCONF protocol.  NETCONF uses SSH to access and
>> transfer said data.  It goes on to discuss the implications of unattended
>> access to list and leaf data, but does not provide guidance on how to mitigate
>> against unauthorized access.  If this is discussed in the NETCONF draft then
>> this draft should at least provide this reference.
> This is discussed in the NETCONF Access Control Model (RFC 6536).  We
> got the same comment also from other reviewers, and we will update the
> first paragraph to be:
>
>    The YANG module defined in this memo is designed to be accessed via
>    the NETCONF protocol ^RFC6241^.  The lowest NETCONF layer is the
>    secure transport layer and the mandatory-to-implement secure
>    transport is SSH ^RFC6242^.  The NETCONF access control model
>    ^RFC6536^ provides the means to restrict access for particular
>    NETCONF users to a pre-configured subset of all available NETCONF
>    protocol operations and content.
>
> This text will go into the Security Considerations template that is
> used for other YANG module documents as well.
>
> I hope this addresses your concern.

Looks reasonable.

Shawn.
--