IETF Logo Mail Archive

[yang-doctors] Fwd: [netmod] YANG module security considerations

Benoit Claise <bclaise@cisco.com> Thu, 21 December 2017 09:41 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A967C1272E1; Thu, 21 Dec 2017 01:41:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h8qXVjx_eEti; Thu, 21 Dec 2017 01:41:15 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE5BF1200FC; Thu, 21 Dec 2017 01:41:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4629; q=dns/txt; s=iport; t=1513849275; x=1515058875; h=subject:references:to:cc:from:message-id:date: mime-version:in-reply-to; bh=+/9pRI7LaYaypuP219PkjZjvOAeqJgrMv3cCygVVG9w=; b=K5t8ExsecLAQ2I4eE2RDi5mnD1cORXvpeugGT1h/kOZKYZZBYIyLC1S1 PWhM+FUow03LTJW3OjMyyeg5xyZBingAEycU9kxr+PbBdeiQm4Zv4DVE9 UoC7uCen3q129XJcDqV/iwVXWOTf/7gSu0hN03cwGiV23ccaOFpKL0gPF M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C9BABKgTta/xbLJq1bHAEBAQQBAQoBAYQkdCePHpAdkVeFUoIVChgBCoRJTwKFVhYBAQEBAQEBAQFrKIUjAQIBAwEBbAsQDw0DAQIvJyYCCAYNBgIBAYonEKcDJopIAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDf4NoghKDBYMvAYIOhVwFo0iIAY0ujBiHYo0hgVmIBYE7Jg0lJYEqMhoIGxU8gimEWEA3iXcBAQE
X-IronPort-AV: E=Sophos;i="5.45,435,1508803200"; d="scan'208,217";a="1063014"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2017 09:40:52 +0000
Received: from [10.55.221.36] (ams-bclaise-nitro3.cisco.com [10.55.221.36]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id vBL9eqW2026833; Thu, 21 Dec 2017 09:40:52 GMT
References: <1512130382.9397.20.camel@nic.cz>
To: YANG Doctors <yang-doctors@ietf.org>
Cc: "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>
From: Benoit Claise <bclaise@cisco.com>
X-Forwarded-Message-Id: <1512130382.9397.20.camel@nic.cz>
Message-ID: <e2456622-0b06-a6cb-8a87-8e07750efb00@cisco.com>
Date: Thu, 21 Dec 2017 10:40:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <1512130382.9397.20.camel@nic.cz>
Content-Type: multipart/alternative; boundary="------------3D4A80A8216C2604AF72A846"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/9PxCMKo3TnHZ9_rSeMDXAi7nQyk>
Subject: [yang-doctors] Fwd: [netmod] YANG module security considerations
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 09:41:18 -0000

YANG doctors,

I have not seen any reaction to this proposal on the NETMOD mailing list.

On one side, Lada's proposal is more accurate
One the other side, some consistency in the Security Considerations for 
all YANG module makes sense.

Is it worth updating the Security Considerations template?
What do you think?

Regards, Benoit


-------- Forwarded Message --------
Subject: 	[netmod] YANG module security considerations
Date: 	Fri, 01 Dec 2017 13:13:02 +0100
From: 	Ladislav Lhotka <lhotka@nic.cz>
Organization: 	CZ.NIC
To: 	NETMOD WG <netmod@ietf.org>



Hi,

the security considerations template text [1] that has already been used in a
number of documents is apparently incorrect - YANG modules aren't accessed by NM
protocols. Hence

OLD

The YANG module defined in this document is designed to be accessed via network
management protocols such as ...

NEW

The YANG module specified in this document defines a schema for data that is
designed to be accessed via network management protocols such as ...


[1] https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines

Lada

-- 
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
.

v2.23.0 | Report a Bug | By Email