Re: [secdir] YANG Reviews
Russ Housley <housley@vigilsec.com> Thu, 11 January 2018 16:52 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C2012D811 for <secdir@ietfa.amsl.com>; Thu, 11 Jan 2018 08:52:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9aaRcdpUe4_o for <secdir@ietfa.amsl.com>; Thu, 11 Jan 2018 08:52:38 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1896B12D7F5 for <secdir@ietf.org>; Thu, 11 Jan 2018 08:52:38 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 72EAA300A01 for <secdir@ietf.org>; Thu, 11 Jan 2018 11:52:37 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id HO02Aj2PLuD7 for <secdir@ietf.org>; Thu, 11 Jan 2018 11:52:36 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 54AD3300250; Thu, 11 Jan 2018 11:52:36 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAHbuEH5e2f0UdZOTLJ_E_rARUcpjh10fPM9WZ=DCcEusXsuzxA@mail.gmail.com>
Date: Thu, 11 Jan 2018 11:52:44 -0500
Cc: IETF SecDir <secdir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC4AB885-9B5E-4CA6-9017-A5DE92D266EE@vigilsec.com>
References: <CAHbuEH5hfwe0OVT74vNPgxF_HEPG2iCmQbr-bx7XB1vVSeekHw@mail.gmail.com> <E4143639-B607-458D-8319-45DCECEBB78F@vigilsec.com> <FD6C1F69-E382-42E1-971C-286193F498ED@gmail.com> <CAHbuEH5e2f0UdZOTLJ_E_rARUcpjh10fPM9WZ=DCcEusXsuzxA@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hgl5JHTH3DtvynlsbA39l5U1Yhg>
Subject: Re: [secdir] YANG Reviews
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2018 16:52:40 -0000
https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines This is exactly what a SecDir reviewer will need. Awesome. Russ > On Jan 11, 2018, at 11:21 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > Hello, > > As it turns out, there is a page: > > https://www.ietf.org/iesg/directorate/yang-doctors.html > > If anyone has comments on the bis draft with current security > considerations template, please provide them to the WG. Here is the > link again for your convenience: > https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-10#page-52 > > Thank you! > > On Tue, Jan 9, 2018 at 2:15 PM, Kathleen Moriarty > <kathleen.moriarty.ietf@gmail.com> wrote: >> Hi Russ, >> >> Sent from my mobile device >> >>> On Jan 9, 2018, at 1:46 PM, Russ Housley <housley@vigilsec.com> wrote: >>> >>> For MIB modules, we came up with a short list of things or the SecDir Reviewer to do. This is a quote from an email message in 2007: >>> >>>> The job of the security reviewers, then, is three-fold: first, to >>>> verify the existence of the boilerplate; second, to verify the adequacy >>>> of the explanations given for particular items; third -- and this is >>>> the hardest -- to scan the document to see if other items should have >>>> been identified as sensitive but aren't. >> >> The guidance is very similar. >>> >>> The real guidance appears here: http://www.ops.ietf.org/mib-security.html >>> >>> It would be very helpful if we can come up with an equivalent yang-security.html document. >>> >> We can work with Benoit &Warren as it’s better for those writing the drafts to see it first, so I think the home should be the same. >> >> Best, >> Kathleen >> >>> Russ >>> >>> >>>> On Jan 8, 2018, at 4:43 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: >>>> >>>> Hello, >>>> >>>> We will be seeing many YANG module reviews come through, please don't >>>> let page counts scare you on these. One of the main things to look >>>> for is that they used the Security Considerations template and filled >>>> it out, catching any data nodes that need to be enumerated in the >>>> considerations. >>>> >>>> Templates like this tend to get updated every time there's a new >>>> SecAD, :-) . As such, it'll likely be updated again in a few months. >>>> Here's the draft with the current template. Have a look so you know >>>> key things to look for (transport security is called out and >>>> subtrees/data nodes of concern should be listed out). Sometimes more >>>> is needed specific to the draft, but often times, this covers it. >>>> >>>> https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-10#page-52 >>>> >>>> Thanks again for all your reviews, it is a tremendous help to us! >>>> >>>> -- >>>> >>>> Best regards, >>>> Kathleen >>> > > > > -- > > Best regards, > Kathleen
- [secdir] YANG Reviews Kathleen Moriarty
- Re: [secdir] YANG Reviews Russ Housley
- Re: [secdir] YANG Reviews Kathleen Moriarty
- Re: [secdir] YANG Reviews Kathleen Moriarty
- Re: [secdir] YANG Reviews Russ Housley
- Re: [secdir] YANG Reviews Benjamin Kaduk