Re: [secdir] [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13

"Reshad Rahman (rrahman)" <rrahman@cisco.com> Wed, 24 April 2019 17:53 UTC

Return-Path: <rrahman@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8827812011E; Wed, 24 Apr 2019 10:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=YnACJX2K; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=IRXjP3qA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjxrtYd0TVWY; Wed, 24 Apr 2019 10:53:07 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0140012009E; Wed, 24 Apr 2019 10:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2612; q=dns/txt; s=iport; t=1556128387; x=1557337987; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=O0B7WxEbHvykayqkvyDTuWX6mepZyDtXp6vXGsyozxw=; b=YnACJX2K4MDt+Fh4LDH8ShHaNZzcVQ/2srvJ2364lvpkzk/K7wP4aIQq v7GIv4k4A2NDDzA7DU5IXDHHnAWEjLDpuKPpfQMSgSmxDsNfMdYvd0aFE 38ZszcqsAKglGToeHhnixctiT9bi+HEq24V2SM1/5LKFcmt1gz2p/M0Mn Y=;
IronPort-PHdr: =?us-ascii?q?9a23=3AZY9dOxM1P33JKBPtGPkl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu60/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjhNvfqaiU8NM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AYAAD6ocBc/4sNJK1mDg0BAQEBAwE?= =?us-ascii?q?BAQcDAQEBgVEGAQEBCwGBPVADgT0gBAsohA+DRwOEUoo5gjIllx2BLoF7DgE?= =?us-ascii?q?BLYRAAheGGCM0CQ4BAwEBBAEBAgECbRwMhUsBBSMRDAEBNwEPAgEIGAICCR0?= =?us-ascii?q?CAgIwFRACBA4FgyKBagMcAZ4kAooUcYEvgnkBAQWFAxiCDQmBCycBi0kXgUA?= =?us-ascii?q?/gREnDBOCTD6ERBeCczGCJo0FLJhFZAkCggiOZINGG4ILhimMYKA/AgQCBAU?= =?us-ascii?q?CDgEBBYFPOIFWcBU7KgGCQYIPg2+KGDtygSmPSQEB?=
X-IronPort-AV: E=Sophos;i="5.60,390,1549929600"; d="scan'208";a="554394742"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Apr 2019 17:53:06 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x3OHr5gO012972 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 24 Apr 2019 17:53:06 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 24 Apr 2019 12:53:05 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 24 Apr 2019 13:53:03 -0400
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 24 Apr 2019 12:53:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O0B7WxEbHvykayqkvyDTuWX6mepZyDtXp6vXGsyozxw=; b=IRXjP3qAKbqznXuIJzRCVUsu9FYWYWzTfc5bRWD+F0yx2ENXBae5ESaPzUXi8Z7yVpyW/bAXnJGFhurVdxD3yYMyEgK7+I077IBh8w2Nw8pLKmZfnQ5FBi/5zBRSuBneCeQJ3cgih2TysyQtgPi3zDdp8IoOp0pwH9zr7gVeyp8=
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com (10.174.104.15) by DM5PR1101MB2186.namprd11.prod.outlook.com (10.174.104.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.18; Wed, 24 Apr 2019 17:53:02 +0000
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::a113:a1ba:aae0:4a12]) by DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::a113:a1ba:aae0:4a12%6]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 17:53:02 +0000
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: Aanchal Malhotra <aanchal4@bu.edu>, "secdir@ietf.org" <secdir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-netconf-restconf-notif.all@ietf.org" <draft-ietf-netconf-restconf-notif.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13
Thread-Index: AQHU8LEm3/ufrU/2dEa8pjPJiNurYqY4yTOAgAuvaICABvAQgA==
Date: Wed, 24 Apr 2019 17:53:02 +0000
Message-ID: <7820A8E4-692B-43D2-9611-437CC440EBC7@cisco.com>
References: <155501965074.14152.2835369201856309773@ietfa.amsl.com> <FFD7F554-4E88-49E5-9D16-DF0B64BC5FF5@cisco.com> <20190420035612.GR51586@kduck.mit.edu>
In-Reply-To: <20190420035612.GR51586@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rrahman@cisco.com;
x-originating-ip: [2001:420:2840:1250:2421:2f0a:1dbc:638e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c19eca6c-c162-4c8d-2642-08d6c8ddb22d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM5PR1101MB2186;
x-ms-traffictypediagnostic: DM5PR1101MB2186:
x-microsoft-antispam-prvs: <DM5PR1101MB218651EDB47CFFB922B1F328AB3C0@DM5PR1101MB2186.namprd11.prod.outlook.com>
x-forefront-prvs: 00179089FD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(39860400002)(396003)(366004)(136003)(51914003)(199004)(189003)(66476007)(66446008)(66556008)(91956017)(76176011)(64756008)(66946007)(58126008)(54906003)(73956011)(316002)(486006)(6116002)(8936002)(5660300002)(256004)(8676002)(14444005)(305945005)(7736002)(76116006)(86362001)(82746002)(81156014)(36756003)(81166006)(2906002)(33656002)(6512007)(2616005)(229853002)(4326008)(11346002)(6246003)(68736007)(6436002)(25786009)(6486002)(186003)(476003)(53936002)(71190400001)(71200400001)(6916009)(99286004)(53546011)(6506007)(102836004)(14454004)(83716004)(2171002)(478600001)(46003)(446003)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1101MB2186; H:DM5PR1101MB2105.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: eIexsg5QpVAU8xE/QSPJZsnr5qdaVioqdt1TxP7rQM6+ZbM7xq1x1XZDnSqkNEyvhhu9oFloeLVwvdL/wKKi9Atzxl20wVegRJuBp51b/t/JyUKJ4WuIXBSoxzGOOQUdC+7TGSPpf6CI2s2mZfotfOZuK9Y6qZtZO8dlPd0JjGs9715OpsKKQ8qy7I00otRM1o0hHObjPz48KBRlQgFTR4w7dJyGLRWRuCKE8uXwoWTjFWAqO2MNxrADptJAVkMb5ydfbbBFnEQVvSbUrwpCV/FFNSZ+nIA5nEb+WMfUjWaKonm4Ty/vDUvk/ZNeG2kAA6rCJxqHjFRSfVWZIJsxbeviKA3rgo4UV5xHIsBx5oCzsjVBRg+xEVRsoCYmZ6XRcax8eN7uKSpqYS5G4mXnVFlZYOsII4xB82sTmj8GKlI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <12916BD1BF47974E99B6D32B44043839@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c19eca6c-c162-4c8d-2642-08d6c8ddb22d
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 17:53:02.0743 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2186
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kQ8Busoe_b9sbyk5L7qf23tBmMw>
Subject: Re: [secdir] [netconf] Secdir last call review of draft-ietf-netconf-restconf-notif-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 17:53:10 -0000

On 2019-04-19, 11:56 PM, "Benjamin Kaduk" <kaduk@mit.edu>; wrote:

    On Fri, Apr 12, 2019 at 09:29:35PM +0000, Reshad Rahman (rrahman) wrote:
    > Hi Aanchal,
    > 
    > Thanks for the review. Please see inline.
    > 
    > On 2019-04-11, 5:54 PM, "netconf on behalf of Aanchal Malhotra via Datatracker" <netconf-bounces@ietf.org on behalf of noreply@ietf.org>; wrote:
    > 
    >     Reviewer: Aanchal Malhotra
    >     Review result: Ready
    >     
    >     The document is very clear and concise.  I just have one minor clarification question.
    >     Section 3.4 Page 9 that says the following:
    >     "In addition to any required ........SHOULD only be allowed......".  
    >     
    >     Is there a reason for using SHOULD instead of MUST? 
    > 
    > There may be reasons why an implementation decides not to enforce this restriction. Going by RFC2119 definitions, this is why we chose SHOULD instead of MUST.
    
    If you have some reasons in mind, it is often helpful to list them as
    examples of when the recommended behavior would not be followed.

What we had in mind is a "super-user" who could be given access to subscriptions of other users. Is this obvious or should I can add text to that effect at the end the bullet below? Something along the lines of "For example, a RESTCONF username with the required administrative permissions could be allowed to invoke RPCs modify-subscription, resync-subscription and delete-subscription on a subscription which was created by another username.".

   o  In addition to any required access permissions (e.g., NACM), RPCs
      modify-subscription, resync-subscription and delete-subscription
      SHOULD only be allowed by the same RESTCONF username [RFC8040]
      which invoked establish-subscription.

Regards,
Reshad.
    
    Thank you Aanchal for the review!
    
    -Ben