IETF Logo Mail Archive

Re: [Teas] Roman Danyliw's No Objection on draft-ietf-teas-yang-te-topo-21: (with COMMENT)

Xufeng Liu <xufeng.liu.ietf@gmail.com> Tue, 18 June 2019 01:36 UTC

Return-Path: <xufeng.liu.ietf@gmail.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E20521200F1; Mon, 17 Jun 2019 18:36:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aItnoM2cls6d; Mon, 17 Jun 2019 18:36:42 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20CB112004A; Mon, 17 Jun 2019 18:36:42 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id u13so26044452iop.0; Mon, 17 Jun 2019 18:36:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F9f20nAbvikDuDiYilwYTSaR+8JsJ1U8wxJwsMlwMgM=; b=L8mogNhB2nhStBXNyK+DFxKFekOBIlvypF2kf8i11SweEBd6OHCJiKotzIECoUGTk8 Rs6ITgzL46MMvKgVmGqSrYNB3P8WBBOK/ZJjcJaHRuVf/IXqE75BCkb6FVNpqczO//go lWbU5B8CpKehqB5xFm9lu/ReZ2XIlZgOzWV7soFedAjmKRWoI+QFMlkVpOyVPsgmpg5Z SBN1pS1xYUoEweR7ZpFU+qJUCM/Q1Mo3Ltm55hdzRa9/MwLPHRQESyj33oBc0PRvjxRQ 1YxMcznCu+LX2m1RnfS/zMaIwOY3eDDooQQwZZa95zamStO5pQKsO5E60BWQAlhs6M5M eY4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F9f20nAbvikDuDiYilwYTSaR+8JsJ1U8wxJwsMlwMgM=; b=i9K/vQVuy9taXyA07vEFlv45Foq5MI0udRiN9pOS5oZfuMVGP2Di/AXw4QnyTLgbJ1 NeBCyZlTvZLP0DX/VPOYCD8gIgCESoazXxcbSp9RiBwqi4T71kn6dHrKBmXr08+ouY1w G8sQBVeIu3FeKQuwPgYfEkO3guuB6tqXq5lSvcz/D1x51cMhadhU+9LN5D+pT2yOl7mt 92IwzUqfePeq+oYRxViySYVd1NfYdJQYoNwciezAKhgUH9NBDQ9JLCWxE1git3DYAiKe hMrwxYYOmCjbB2/ICjf5Lkr9nqUaWtVt91+s1gHguIkSrBOmSrg9pNV1chzbjuDaBUId lL0w==
X-Gm-Message-State: APjAAAXRimXuBSqPFcgwP+TbE8mpYEvIvyHiLBCEFzhG3ubS+z0VkAkm Yv6fz+0mLPQQXSuGyMv3FaAFILLjpfz8YiBwlMs=
X-Google-Smtp-Source: APXvYqwIK2SVNXs4bN/T5FeIVPEEkob6JTbBsu39Yrd6kkwfhiEeMC0WvYtd0ziJ/afr9RaxDjjQzPgVK04By5P79no=
X-Received: by 2002:a6b:da01:: with SMTP id x1mr5274116iob.216.1560821801379; Mon, 17 Jun 2019 18:36:41 -0700 (PDT)
MIME-Version: 1.0
References: <156030332758.5903.11787427451647585397.idtracker@ietfa.amsl.com> <CAEz6PPRa=XUZyU5pq+f69Av+RZoWHDC497RVGqGw8+wA+fp8-w@mail.gmail.com> <5DEC3699-21C3-4DF2-AFC7-98FDEFB4562F@cert.org>
In-Reply-To: <5DEC3699-21C3-4DF2-AFC7-98FDEFB4562F@cert.org>
From: Xufeng Liu <xufeng.liu.ietf@gmail.com>
Date: Mon, 17 Jun 2019 21:36:30 -0400
Message-ID: <CAEz6PPReEkiAjhKxU-Rx1bwXGkQoCfOWy_pZf_hTFAHYEai5kw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-teas-yang-te-topo@ietf.org" <draft-ietf-teas-yang-te-topo@ietf.org>, Lou Berger <lberger@labn.net>, TEAS WG Chairs <teas-chairs@ietf.org>, TEAS WG <teas@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000774f8058b8f2597"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/ttsfKA9duxHyrgyXPjWu96VDPIA>
Subject: Re: [Teas] Roman Danyliw's No Objection on draft-ietf-teas-yang-te-topo-21: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 01:36:44 -0000

Hi Roman,

(2) Section 4.2.  Per “Although an authorized client MAY receive a TE
topology

> with the client ID field   matching some other client”, why would this
>> happen?
>> Couldn’t this potentially leak customized TE information across clients?
>>
> [Xufeng]: Right. This does leak the information across clients. Whether
> to allow this or not is an implementation policy, which can be supported
> by other IETF documents and models, such as RFC8341 Network Configuration
> Access Control Model. Section 8. contains the following:
>
> The Network Configuration Access Control Model (NACM) [RFC8341]
> provides the means to restrict access for particular NETCONF or
> RESTCONF users to a preconfigured subset of all available NETCONF or
> RESTCONF protocol operations and content.
>
>
> Understood. As non-blocking feedback, I’d recommend adding sentence to
> explain this nuance.
>


[Xufeng]: Agree that a bit more description would be better. Would it be OK
to add the following to the end of this section:

Even though this data model allows to access TE topology information across
clients, implementations MAY restrict access for particular clients to
particular data fields. The Network Configuration Access Control Model
(NACM) [RFC8341] provides such a mechanism.

Thanks,

- Xufeng

v2.23.0 | Report a Bug | By Email