Re: [secdir] Review of draft-ietf-ccamp-alarm-module-07
stefan vallin <stefan@wallan.se> Sat, 16 March 2019 09:36 UTC
Return-Path: <stefan@wallan.se>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4C30127970 for <secdir@ietfa.amsl.com>; Sat, 16 Mar 2019 02:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wallan-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-CaPwtrYx4v for <secdir@ietfa.amsl.com>; Sat, 16 Mar 2019 02:36:13 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CDBF127598 for <secdir@ietf.org>; Sat, 16 Mar 2019 02:36:11 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id a17so9980409ljd.4 for <secdir@ietf.org>; Sat, 16 Mar 2019 02:36:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wallan-se.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=OHJkbuUDTpbVNlXEs083cPx9DUwTqOm6RaQ3NhzNSz8=; b=OsScMeC3Btp0p3pj6nM+dFxr7HIHAxvIoI9SJUW1xaRv6kAv1qC8ybUiFqqK2BenSp NFFuyvqKEbwGus5bd6KzQldWGi6l1JxrnwowWHp23pLzmdywQh9bqruq904LlOJWS159 JdYS97N21gl5Yav3H+O0RaynMLBtPeC9Bh0s8cPgWZjSM4gi1G7LKy8hEr1cdTpdDTkd pF+sRJZrl+89pMVMNLhCYouyrjdaz2T6GsrzUic9nWvzIhvJtaMfVJPptsjZCHihgn7H 1slbf8BrP3DVDXT6+JK2G7X+v2SW6tQiS1W78TDaxgXyDFXRnQBNSolAMZwP0I6MEYD/ cYsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=OHJkbuUDTpbVNlXEs083cPx9DUwTqOm6RaQ3NhzNSz8=; b=AsTom+ZKnKp8jmhgOea0IfpHFmcdq1+dg+VFUv0qsWn4XrhOE7IO7WKw4O2kboUBVF IDOwCjJJwW8asugN0rrayvVjZhn6maGO6/z4bG+qMojMztiBenu6VTICcl3NS85kn60s jgV7ahFE2aECVFVklAuNngIgNLm+LoBhONaXPvaXP9ZmL+molvw0x2WcQGqx0fVMyNE4 Lnk5yVQ/4fpLr/itayRfalesT8N2ovMjk+dicWhuVTKXlnp5+32Y5vJVyahiFEI2wMWP 0Y23KU7mLfFXvXj19vgdhGZGajQl2HyfsSxL0xFsYx0LE6ZzZjQGPTXm24xeVir1yzCI Ve7w==
X-Gm-Message-State: APjAAAVjeBCv1YCIVIT9DzjPsRxmqKEOtatzz30EOoa8KrTfc33Lui4J eCJSLiRAmm5/FMyhywT9SLSF2w==
X-Google-Smtp-Source: APXvYqz/X5sGX10xe+JvvnMCh+/FhzEllf6F/7aaLWFJGP0AR0XoMC/pejFZuVMkLi9Cp3VIescfRw==
X-Received: by 2002:a2e:9594:: with SMTP id w20mr4713679ljh.173.1552728970108; Sat, 16 Mar 2019 02:36:10 -0700 (PDT)
Received: from [192.168.72.11] (h95-155-237-105.cust.a3fiber.se. [95.155.237.105]) by smtp.gmail.com with ESMTPSA id a22sm904022lfg.37.2019.03.16.02.36.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Mar 2019 02:36:09 -0700 (PDT)
From: stefan vallin <stefan@wallan.se>
Message-Id: <33D6DF4B-883B-46A4-B412-7AA87CE58ECA@wallan.se>
Content-Type: multipart/alternative; boundary="Apple-Mail=_200113A8-1F63-40F3-9D5A-F03CECBBAB2C"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Sat, 16 Mar 2019 10:36:06 +0100
In-Reply-To: <CAChzXmbZfRVVYX-H40ht6Js4o7_LWo_kZWdaQz4Y00D-JQT_tw@mail.gmail.com>
Cc: secdir@ietf.org, draft-ietf-ccamp-alarm-module.all@tools.ietf.org
To: Shawn Emery <shawn.emery@gmail.com>
References: <CAChzXmbZfRVVYX-H40ht6Js4o7_LWo_kZWdaQz4Y00D-JQT_tw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/p5QfCMuf6FAjabl7Xgm_5MGS8p8>
Subject: Re: [secdir] Review of draft-ietf-ccamp-alarm-module-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2019 09:36:16 -0000
Thanks Shawn! Next version will include fixes to your comments /s > On 14 Mar 2019, at 06:45, Shawn Emery <shawn.emery@gmail.com> wrote: > > Reviewer: Shawn M. Emery > Review result: Ready with nits > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This draft specifies a YANG module for the purpose of network device alarm management. > > The security considerations section does exist and follows the yang-security-guidelines. > I believe the data nodes and operations of concern are covered in this section, but it seems > that alarm-profiles could also be sensitive if an attacker were to downgrade the severity of > an alarm by changing the alarm-severity-assignment-profile. > > General comments: > > None. > > Editorial comments: > > s/northbound/north-bound/ > s/definition also focus/definition also focuses/ > s/an hierarchy/a hierarchy/ > s/raised again etc/raised again, etc/ > s/sent Notifications/sent. Notifications/ > s/alarn/alarm/ > s/The NETCONF access control model/The Network Configuration Access Control Model (NACM)/ > s/notify-status-change:/notify-status-changes:/ > > OLD: > This leaf controls whether an alarm should notify only raise and clear or all severity level > changes. Unauthorized access to leaf could have a negative impact on operational procedures > relying on fine-grained alarm state change reporting. > > NEW: > This leaf controls whether an alarm should notify based on various state changes. Unauthorized > access to this leaf could have a negative impact on operational procedures relying on > fine-grained alarm state change reporting. > > Shawn. > --
- [secdir] Review of draft-ietf-ccamp-alarm-module-… Shawn Emery
- Re: [secdir] Review of draft-ietf-ccamp-alarm-mod… stefan vallin