IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-netconf-yang-library-03

Tom Yu <tlyu@mit.edu> Tue, 22 March 2016 21:30 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59E8012DA37; Tue, 22 Mar 2016 14:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJsAp_TTZpP5; Tue, 22 Mar 2016 14:30:29 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC0EC12DA33; Tue, 22 Mar 2016 14:30:28 -0700 (PDT)
X-AuditID: 1209190e-49bff70000000d1c-b6-56f1b973edd9
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id A9.DC.03356.379B1F65; Tue, 22 Mar 2016 17:30:27 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u2MLUQfa026192; Tue, 22 Mar 2016 17:30:27 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u2MLUOt0009657; Tue, 22 Mar 2016 17:30:25 -0400
From: Tom Yu <tlyu@mit.edu>
To: Andy Bierman <andy@yumaworks.com>
References: <ldvbn7z6f7s.fsf@sarnath.mit.edu> <6AAFCD6E-4F8D-409C-ACB1-53C03413AF7F@gmail.com> <ldvwppsjnde.fsf@sarnath.mit.edu> <CABCOCHRxkgQ+pPaDQWGNWvVohA5cbdJtHGaH6RW9O-JFCG2-0A@mail.gmail.com>
Date: Tue, 22 Mar 2016 17:30:24 -0400
In-Reply-To: <CABCOCHRxkgQ+pPaDQWGNWvVohA5cbdJtHGaH6RW9O-JFCG2-0A@mail.gmail.com> (Andy Bierman's message of "Tue, 15 Mar 2016 10:28:54 -0700")
Message-ID: <ldv7fgu42vj.fsf@sarnath.mit.edu>
Lines: 26
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrPIsWRmVeSWpSXmKPExsUixG6nolu882OYwa2POhYPjsxit3hwuIXN YsaficwWp9+sY7P4sPAhiwOrx85Zd9k9liz5yeTx5fJnNo+W/ossASxRXDYpqTmZZalF+nYJ XBmL5zxkK7jDWfF9107GBsb/7F2MnBwSAiYSR9/3sXUxcnEICbQxSZyY3MQGkhAS2Mgo0dxk CJF4wyixpn82C0iCTUBa4vjlXUwgtoiAqsSFuROZQYqYBZYxSnQ//MwKkhAWcJDYeX4dI8Sk 04wS+57pg9gsQA3XDv0EW8cpMJFR4vrVh2BFvAK6Eod6p4Nt4BHglHh5ciNUXFDi5MwnYHFm AS2JG/9eMk1g5J+FJDULSWoBI9MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXWO93MwSvdSU0k2M oHDllOTbwTipwfsQowAHoxIPb8OGD2FCrIllxZW5hxglOZiURHmTtn8ME+JLyk+pzEgszogv Ks1JLT7EKMHBrCTCu6oPKMebklhZlVqUD5OS5mBREudlZGBgEBJITyxJzU5NLUgtgsnKcHAo SfD27wBqFCxKTU+tSMvMKUFIM3FwggznARruD1LDW1yQmFucmQ6RP8WoKCXO+xrkIgGQREZp HlwvOJ0IMe57xSgO9Iow7wuQKh5gKoLrfgU0mAlosEvkO5DBJYkIKakGRoOJVpcmvP6jXTSh TvX23c3FG3vWb/8WNGcJQ1Pchxtbjy179V/wxc6sny/8Dr/R7P8ao84qpPHpflbL812Ss6X3 FRun7O04tkH2YCxXxRIR7s27JbYUHOrdsdMgpeyj+bHHG0ILq69N4Y446m2RPZfFpf4Tb69J Bf9JeYvnVivvTHuew3Xy9hclluKMREMt5qLiRACvDltmAgMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/zkOrBuFY6E5mhecrNdafA1fB4f8>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, draft-ietf-netconf-yang-library.all@tools.ietf.org, The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-netconf-yang-library-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 21:30:31 -0000

Andy Bierman <andy@yumaworks.com> writes:

> The YANG library provides the same information that is currently
> in the NETCONF <hello> message.
>
> It is expected that NACM (RFC 6536) will be used to prevent access
> to sensitive operations, notifications, and data.
> However NACM is optional-to-implement with NETCONF and RESTCONF.
>
> The risk is the same as current NETCONF.
> If a specific module/revision implementation is known to
> be vulernable, then NETCONF and this library both let
> the client know it is running on the server.

If the risk is the same as current NETCONF, then why mention it in this
document?  It seems to me that the YANG library provides somewhat more
detail than the NETCONF <hello> message, right?  The YANG library
provides deviation and conformance details, unlike what I see in the
NETCONF <hello> message description in RFC6241, unless there's something
I'm missing.

It would be good to clarify whether the risks of exposing
/modules-state/module include vulnerabilities in the NETCONF
implementation itself, or with vulnerabilities in the associated
underlying network device functionality for which NETCONF provides
configuration access (perhaps both, to different degrees?).

v2.23.0 | Report a Bug | By Email