[secdir] Review of draft-ietf-netmod-acl-model-19.txt
<Steve.Hanna@infineon.com> Fri, 29 June 2018 22:12 UTC
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B85A130F37; Fri, 29 Jun 2018 15:12:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=infineon.com
Received: from mail.ietf.org ([184.108.40.206]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyHY5X9BhUwu; Fri, 29 Jun 2018 15:12:14 -0700 (PDT)
Received: from smtp11.infineon.com (smtp11.infineon.com [IPv6:2a00:18f0:1e00:4::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3D08130EA8; Fri, 29 Jun 2018 15:12:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infineon.com; email@example.com; q=dns/txt; s=IFXMAIL; t=1530310334; x=1561846334; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=1xKVbkauuCuQd42w7gDmv3hXN4e2sEOg5klNGDxeAfo=; b=kVn1j6HaRryggVXcNL9nVh/3p3Zy/UHo70aRdD8t3XapwXAkaZnpuXxJ 1ZyWsqYSlyfURUmSCmqIdiO6o8nPfLLH8n5pBTIVMDXOf1r7m24/wrMAc gHOmpD5FV7i8nELHSWsA9ZennTPR2q1oCm7o3wpj7FKsxdb3Nwea0/i8V s=;
X-IronPort-AV: E=McAfee;i="5900,7806,8939"; a="83749320"
X-IronPort-AV: E=Sophos;i="5.51,287,1526335200"; d="scan'208";a="83749320"
Received: from unknown (HELO mucxv001.muc.infineon.com) ([172.23.11.16]) by smtp11.infineon.com with ESMTP/TLS/AES256-GCM-SHA384; 30 Jun 2018 00:12:09 +0200
Received: from MUCSE706.infineon.com (MUCSE706.infineon.com [172.23.7.80]) by mucxv001.muc.infineon.com (Postfix) with ESMTPS; Sat, 30 Jun 2018 00:12:09 +0200 (CEST)
Received: from MUCSE707.infineon.com (172.23.7.81) by MUCSE706.infineon.com (172.23.7.80) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1466.3; Sat, 30 Jun 2018 00:12:08 +0200
Received: from MUCSE707.infineon.com ([172.23.106.27]) by MUCSE707.infineon.com ([172.23.106.27]) with mapi id 15.01.1466.008; Sat, 30 Jun 2018 00:12:08 +0200
To: <firstname.lastname@example.org>, <email@example.com>, <firstname.lastname@example.org>
Thread-Topic: Review of draft-ietf-netmod-acl-model-19.txt
Date: Fri, 29 Jun 2018 22:12:08 +0000
Content-Type: text/plain; charset="us-ascii"
Subject: [secdir] Review of draft-ietf-netmod-acl-model-19.txt
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:email@example.com?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:firstname.lastname@example.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 22:12:30 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with issues. This document defines a YANG data model for ACL. When the term "ACL" is used in this document it means the sort of ACL that you might see in firewall rules (e.g., "drop IPv4 traffic with destination port 21"). *Overall Clarity and Quality* The document is fairly clear and well written. However, there is a confusing typo that is listed in the Minor Errors section of this review. *Security Analysis* The Security Considerations section is brief but decent. However, the last two sentences are unclear and maybe wrong: Unauthorized write access to this list can allow intruders to access and control the system. Unauthorized read access to this list can allow intruders to spoof packets with authorized addresses thereby compromising the system. Which "system" is referred to here? Whatever the answer to that question, I believe that the main impact of unauthorized write access to the ACL is that the attacker can modify the ACL to permit traffic that should not be permitted or deny traffic that should be permitted. The former may result in denial of service or compromise of systems on the network. The latter may result in denial of service. The main impact of unauthorized read access to the ACL is that the attacker can determine what ACL rules are in effect and may be able to use this information to better craft an attack. *Minor Errors* Section 3 refers to "action criteria". Every other part of the specification refers only to "action" or "actions". My review of the specification indicates that this text in section 3 should say "actions" not "action criteria".
- [secdir] Review of draft-ietf-netmod-acl-model-19… Steve.Hanna
- Re: [secdir] Review of draft-ietf-netmod-acl-mode… Mahesh Jethanandani
- Re: [secdir] Review of draft-ietf-netmod-acl-mode… Steve.Hanna