[yang-doctors] Fwd: [netmod] YANG module security considerations
Benoit Claise <bclaise@cisco.com> Thu, 21 December 2017 09:41 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A967C1272E1; Thu, 21 Dec 2017 01:41:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8qXVjx_eEti; Thu, 21 Dec 2017 01:41:15 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE5BF1200FC; Thu, 21 Dec 2017 01:41:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4629; q=dns/txt; s=iport; t=1513849275; x=1515058875; h=subject:references:to:cc:from:message-id:date: mime-version:in-reply-to; bh=+/9pRI7LaYaypuP219PkjZjvOAeqJgrMv3cCygVVG9w=; b=K5t8ExsecLAQ2I4eE2RDi5mnD1cORXvpeugGT1h/kOZKYZZBYIyLC1S1 PWhM+FUow03LTJW3OjMyyeg5xyZBingAEycU9kxr+PbBdeiQm4Zv4DVE9 UoC7uCen3q129XJcDqV/iwVXWOTf/7gSu0hN03cwGiV23ccaOFpKL0gPF M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C9BABKgTta/xbLJq1bHAEBAQQBAQoBAYQkdCePHpAdkVeFUoIVChgBCoRJTwKFVhYBAQEBAQEBAQFrKIUjAQIBAwEBbAsQDw0DAQIvJyYCCAYNBgIBAYonEKcDJopIAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDf4NoghKDBYMvAYIOhVwFo0iIAY0ujBiHYo0hgVmIBYE7Jg0lJYEqMhoIGxU8gimEWEA3iXcBAQE
X-IronPort-AV: E=Sophos;i="5.45,435,1508803200"; d="scan'208,217";a="1063014"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2017 09:40:52 +0000
Received: from [10.55.221.36] (ams-bclaise-nitro3.cisco.com [10.55.221.36]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id vBL9eqW2026833; Thu, 21 Dec 2017 09:40:52 GMT
References: <1512130382.9397.20.camel@nic.cz>
To: YANG Doctors <yang-doctors@ietf.org>
Cc: "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>
From: Benoit Claise <bclaise@cisco.com>
X-Forwarded-Message-Id: <1512130382.9397.20.camel@nic.cz>
Message-ID: <e2456622-0b06-a6cb-8a87-8e07750efb00@cisco.com>
Date: Thu, 21 Dec 2017 10:40:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <1512130382.9397.20.camel@nic.cz>
Content-Type: multipart/alternative; boundary="------------3D4A80A8216C2604AF72A846"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/9PxCMKo3TnHZ9_rSeMDXAi7nQyk>
Subject: [yang-doctors] Fwd: [netmod] YANG module security considerations
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 09:41:18 -0000
YANG doctors, I have not seen any reaction to this proposal on the NETMOD mailing list. On one side, Lada's proposal is more accurate One the other side, some consistency in the Security Considerations for all YANG module makes sense. Is it worth updating the Security Considerations template? What do you think? Regards, Benoit -------- Forwarded Message -------- Subject: [netmod] YANG module security considerations Date: Fri, 01 Dec 2017 13:13:02 +0100 From: Ladislav Lhotka <lhotka@nic.cz> Organization: CZ.NIC To: NETMOD WG <netmod@ietf.org> Hi, the security considerations template text [1] that has already been used in a number of documents is apparently incorrect - YANG modules aren't accessed by NM protocols. Hence OLD The YANG module defined in this document is designed to be accessed via network management protocols such as ... NEW The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as ... [1] https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines Lada -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod .
- [yang-doctors] Fwd: [netmod] YANG module security… Benoit Claise
- Re: [yang-doctors] Fwd: [netmod] YANG module secu… Juergen Schoenwaelder
- Re: [yang-doctors] Fwd: [netmod] YANG module secu… Ladislav Lhotka
- Re: [yang-doctors] Fwd: [netmod] YANG module secu… Martin Bjorklund
- Re: [yang-doctors] Fwd: [netmod] YANG module secu… Benoit Claise