Re: [secdir] Review of draft-ietf-netmod-schema-mount-10

Martin Bjorklund <mbj@tail-f.com> Tue, 07 August 2018 08:56 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C646130E6F for <secdir@ietfa.amsl.com>; Tue, 7 Aug 2018 01:56:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nE5Te_BdN7v6 for <secdir@ietfa.amsl.com>; Tue, 7 Aug 2018 01:56:42 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id CF640130DF2 for <secdir@ietf.org>; Tue, 7 Aug 2018 01:56:41 -0700 (PDT)
Received: from localhost (unknown [173.38.220.61]) by mail.tail-f.com (Postfix) with ESMTPSA id E8A261AE0144; Tue, 7 Aug 2018 10:56:40 +0200 (CEST)
Date: Tue, 07 Aug 2018 10:56:40 +0200 (CEST)
Message-Id: <20180807.105640.1680662026219965166.mbj@tail-f.com>
To: shawn.emery@gmail.com
Cc: lhotka@nic.cz, secdir@ietf.org, draft-ietf-netmod-schema-mount.all@tools.ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <87po0fgf4f.fsf@nic.cz>
References: <CAChzXmanxy0cn9i-E6FvnNmC2_gpir1qNd4jgPLAmDL7L8j-6A@mail.gmail.com> <87po0fgf4f.fsf@nic.cz>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/veOi6L-zbTAnv5FioBRco_hUmSg>
Subject: Re: [secdir] Review of draft-ietf-netmod-schema-mount-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2018 08:56:44 -0000

Hi Shawn,

As mentioned, this text comes from the YANG security template
(https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines) that
has been approved by the security ADs.

[This doesn't mean that the text can't be changed, but if it needs to
be changed, the template should be changed (after being approved by
the ADs).]

But I brought this up in the WG, and a comment was made that *if* this
change is made, we also need to change not just this sentence, but
also the rest of the template; these are written as a list of data
nodes/subtrees and their corresponding sensitivity/vulnerability. So,
if the change is accepted, new drafts would need to be written as a
list of sensitivities/vulnerabilities with the data nodes and subtrees
to which they apply.

So I suggest we keep the current text in this document.


/martin



Ladislav Lhotka <lhotka@nic.cz> wrote:
> Hi Shawn,
> 
> thank you for the review, please see my comment below.
> 
> Shawn Emery <shawn.emery@gmail.com> writes:
> 
> > Reviewer: Shawn M. Emery
> > Review result: Ready with nits
> >
> > I have reviewed this document as part of the security directorate's
> > ongoing effort to review all IETF documents being processed by the IESG.
> > These comments were written primarily for the benefit of the security
> > area directors. Document editors and WG chairs should treat these
> > comments just like any other last call comments.
> >
> > This draft specifies a schema for YANG module mount points for yet another
> > specified schema location.
> >
> > The security considerations section does exist and refers to transport
> > security
> > through SSH and HTTPS for NETCONF and RESTCONF, respectively.  For
> > authorization, the spec refers to RFC 8341 for controlling NETCONF and
> > RESTCONF user access.  Data that would be considered sensitive or subject
> > to attack is briefly described and prescribes read access controls for said
> > data.
> > I agree with the authors' assertions.
> >
> > General comments:
> >
> > None.
> >
> > Editorial comments:
> >
> > OLD:
> >
> > These are the subtrees and data nodes and their sensitivity/vulnerability:
> >
> > NEW:
> >
> > The following should be considered for subtrees/data nodes and their
> > corresponding
> >
> > sensitivity/vulnerability:
> >
> 
> The OLD formulation actually comes from RFC 6087, section 6.1 (Security
> Considerations Section Template). Your NEW formulation indeed looks
> better, so we will use it in the present draft, and I will also send it
> to the netmod mailing list in order to apply this change in
> draft-ietf-netmod-rfc6087bis.
> 
> Thanks, Lada
> 
> >
> > Shawn.
> > --
> 
> -- 
> Ladislav Lhotka
> Head, CZ.NIC Labs
> PGP Key ID: 0xB8F92B08A9F76C67
>