Susan, I consider tagging a YANG object statically and universally in the data model as "does not need secure communication" fundamentally flawed; I am not having an issue with insecure communication in certain deployment contexts.
The topology drafts are regular generic YANG models that just happen to be done in I2RS - I believe that using the generic YANG security guidelines we have is good enough to progress these drafts. /js On Thu, Jan 19, 2017 at 01:15:15PM -0500, Susan Hares wrote: > Juergen: > > I recognize that dislike insecure communication. You made a similar comment > during the WG LC and IETF review of > draft-ietf-i2rs-protocol-security-requirements. However, the > draft-ietf-i2rs-protocol-security-requirements were passed by the I2RS WG > and approved by the IESG for RFC publication and it contains the non-secure > communication. The mandate from the I2RS WG for this shepherd/co-chair is > clear. > > As the shepherd for the topology drafts, I try to write-up something that > might address Kathleen's Moriarty's concerns about the topology draft's > security issues about privacy and the I2RS ephemeral control plane data > store. I welcome an open discussion on my ideas > (https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider). The > yang doctor's YANG security consideration template > (https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines) and the > privacy related RFCs (RFC6973) note that some information is sensitive. > Hopefully, this document extends these guidelines to a new data store. > > Cheerily, > Sue Hares > > -----Original Message----- > From: Juergen Schoenwaelder [mailto:[email protected]] > Sent: Thursday, January 19, 2017 10:34 AM > To: Susan Hares > Cc: 'Kathleen Moriarty'; 'The IESG'; > [email protected]; [email protected]; > [email protected] > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > For what it is worth, I find the notion that data models may be written for > a specific non-secure transport plain broken. There is hardly any content of > a data model I can think of which is generally suitable for insecure > transports. > > Can we please kill this idea of _standardizing_ information that is suitable > to send over non-secure transports? I really do not see how the IETF can > make a claim that a given piece of information is never worth protecting (= > suitable for non-secure transports). > > Note that I am fine if in a certain trusted tightly-coupled deployment > information is shipped in whatever way but this is then a property of the > _deployment_ and not a property of the _information_. > > /js > > On Thu, Jan 19, 2017 at 09:28:14AM -0500, Susan Hares wrote: > > Kathleen: > > > > I have written a draft suggesting a template for the I2RS YANG modules > which are designed to exist in the I2RS Ephemeral Control Plane data store > (configuration and operational state). > > > > Draft location: > > https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider/ > > > > I would appreciate an email discussion with the security ADs, OPS/NM ADs, > and Routing AD (Alia Atlas). I agree that this I2RS YANG data model (L3) > and the base I2RS topology model should both provide updated YANG Security > Considerations sections. I would appreciate if Benoit or you hold a discuss > until we sort out these issues. > > > > Thank you, > > > > Sue > > > > -----Original Message----- > > From: Kathleen Moriarty [mailto:[email protected]] > > Sent: Wednesday, January 18, 2017 9:44 PM > > To: The IESG > > Cc: [email protected]; [email protected]; > > [email protected]; [email protected]; [email protected] > > Subject: Kathleen Moriarty's No Objection on > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > > > Kathleen Moriarty has entered the following ballot position for > > draft-ietf-i2rs-yang-l3-topology-08: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l3-topology/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I agree with Alissa's comment that the YANG module security consideration > section guidelines need to be followed and this shouldn't go forward until > that is corrected. I'm told it will be, thanks. > > > > > > > > _______________________________________________ > > i2rs mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/i2rs > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
