Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10

Benoit Claise <bclaise@cisco.com> Mon, 13 May 2013 10:24 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB4821F8935; Mon, 13 May 2013 03:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.449
X-Spam-Level:
X-Spam-Status: No, score=-8.449 tagged_above=-999 required=5 tests=[AWL=2.150, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dAqsBs4Ny-d; Mon, 13 May 2013 03:24:30 -0700 (PDT)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED8821F85CE; Mon, 13 May 2013 03:24:30 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r4DAOTHl028407; Mon, 13 May 2013 12:24:29 +0200 (CEST)
Received: from [10.60.67.87] (ams-bclaise-8916.cisco.com [10.60.67.87]) by strange-brew.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r4DANkEe024884; Mon, 13 May 2013 12:24:01 +0200 (CEST)
Message-ID: <5190BF32.2040401@cisco.com>
Date: Mon, 13 May 2013 12:23:46 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Martin Bjorklund <mbj@tail-f.com>
References: <5124827A.3070407@oracle.com> <519097A8.40409@oracle.com> <20130513.094441.442455286.mbj@tail-f.com>
In-Reply-To: <20130513.094441.442455286.mbj@tail-f.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-netmod-interfaces-cfg.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-netmod-interfaces-cfg-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 May 2013 10:24:34 -0000

Hi Shawn,
> Hi,
>
> Shawn Emery <shawn.emery@oracle.com>; wrote:
>> I have reviewed this document as part of the security directorate's ongoing
>> effort to review all IETF documents being processed by the IESG. These
>> comments were written primarily for the benefit of the security area
>> directors. Document editors and WG chairs should treat these comments just
>> like any other last call comments.
>>
>> This internet-draft specifies a data model used for the management of network
>> interfaces.
>>
>> The security considerations section does exist and discusses that the data is
>> made available through the NETCONF protocol.  NETCONF uses SSH to access and
>> transfer said data.  It goes on to discuss the implications of unattended
>> access to list and leaf data, but does not provide guidance on how to mitigate
>> against unauthorized access.  If this is discussed in the NETCONF draft then
>> this draft should at least provide this reference.
> This is discussed in the NETCONF Access Control Model (RFC 6536).  We
> got the same comment also from other reviewers, and we will update the
> first paragraph to be:
>
>    The YANG module defined in this memo is designed to be accessed via
>    the NETCONF protocol ^RFC6241^.  The lowest NETCONF layer is the
>    secure transport layer and the mandatory-to-implement secure
>    transport is SSH ^RFC6242^.  The NETCONF access control model
>    ^RFC6536^ provides the means to restrict access for particular
>    NETCONF users to a pre-configured subset of all available NETCONF
>    protocol operations and content.

Note that this text has been recently updated  at 
http://trac.tools.ietf.org/area/ops/trac/wiki/yang-security-guidelines

Regards, Benoit
>
> This text will go into the Security Considerations template that is
> used for other YANG module documents as well.
>
> I hope this addresses your concern.
>
>
> /martin
>
>