I thought the topology models are coming more or less from OpenDaylight. If so, is ODL and I2RS implementation?
/js On Mon, Jan 23, 2017 at 06:04:28AM -0500, Susan Hares wrote: > Juergen: > > Let's focus on your second point. The topology drafts are I2RS drafts > designed for the I2RS ephemeral control plane data store. How can these be > generic YANG modules when the following is true: > > 1) I2RS Data models do not utilize the configuration data store, > 2) I2RS Data Models do not require the same validation as configuration data > store, > 3) I2RS Data models require the use of priority to handle the multi-write > contention problem into the I2RS Control Plane data store, > 4) I2RS require TLS with X.509v3 over TCP for the mandatory-to-implement > transport, > > Do you disagree with draft-ietf-netmod-revised-datastores? If so, the > discussion should be taken up with netmod WG list. > Do you disagree with i2rs-protocol-security-requirements? That issue is > closed based on IESG approval. > > Sue Hares > > -----Original Message----- > From: Juergen Schoenwaelder [mailto:[email protected]] > Sent: Monday, January 23, 2017 3:39 AM > To: Susan Hares > Cc: 'Kathleen Moriarty'; 'The IESG'; > [email protected]; [email protected]; > [email protected] > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > Susan, > > I consider tagging a YANG object statically and universally in the data > model as "does not need secure communication" fundamentally flawed; I am not > having an issue with insecure communication in certain deployment contexts. > > The topology drafts are regular generic YANG models that just happen to be > done in I2RS - I believe that using the generic YANG security guidelines we > have is good enough to progress these drafts. > > /js > > On Thu, Jan 19, 2017 at 01:15:15PM -0500, Susan Hares wrote: > > Juergen: > > > > I recognize that dislike insecure communication. You made a similar > > comment during the WG LC and IETF review of > > draft-ietf-i2rs-protocol-security-requirements. However, the > > draft-ietf-i2rs-protocol-security-requirements were passed by the I2RS > > WG and approved by the IESG for RFC publication and it contains the > > non-secure communication. The mandate from the I2RS WG for this > > shepherd/co-chair is clear. > > > > As the shepherd for the topology drafts, I try to write-up something > > that might address Kathleen's Moriarty's concerns about the topology > > draft's security issues about privacy and the I2RS ephemeral control plane > data > > store. I welcome an open discussion on my ideas > > (https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider). > The > > yang doctor's YANG security consideration template > > (https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines) and the > > privacy related RFCs (RFC6973) note that some information is sensitive. > > Hopefully, this document extends these guidelines to a new data store. > > > > Cheerily, > > Sue Hares > > > > -----Original Message----- > > From: Juergen Schoenwaelder > > [mailto:[email protected]] > > Sent: Thursday, January 19, 2017 10:34 AM > > To: Susan Hares > > Cc: 'Kathleen Moriarty'; 'The IESG'; > > [email protected]; [email protected]; > > [email protected] > > Subject: Re: [i2rs] Kathleen Moriarty's No Objection on > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > > > For what it is worth, I find the notion that data models may be > > written for a specific non-secure transport plain broken. There is > > hardly any content of a data model I can think of which is generally > > suitable for insecure transports. > > > > Can we please kill this idea of _standardizing_ information that is > > suitable to send over non-secure transports? I really do not see how > > the IETF can make a claim that a given piece of information is never > > worth protecting (= suitable for non-secure transports). > > > > Note that I am fine if in a certain trusted tightly-coupled deployment > > information is shipped in whatever way but this is then a property of > > the _deployment_ and not a property of the _information_. > > > > /js > > > > On Thu, Jan 19, 2017 at 09:28:14AM -0500, Susan Hares wrote: > > > Kathleen: > > > > > > I have written a draft suggesting a template for the I2RS YANG > > > modules > > which are designed to exist in the I2RS Ephemeral Control Plane data store > > (configuration and operational state). > > > > > > Draft location: > > > https://datatracker.ietf.org/doc/draft-hares-i2rs-yang-sec-consider/ > > > > > > I would appreciate an email discussion with the security ADs, OPS/NM > > > ADs, > > and Routing AD (Alia Atlas). I agree that this I2RS YANG data model > > (L3) and the base I2RS topology model should both provide updated YANG > > Security Considerations sections. I would appreciate if Benoit or you > > hold a discuss until we sort out these issues. > > > > > > Thank you, > > > > > > Sue > > > > > > -----Original Message----- > > > From: Kathleen Moriarty [mailto:[email protected]] > > > Sent: Wednesday, January 18, 2017 9:44 PM > > > To: The IESG > > > Cc: [email protected]; [email protected]; > > > [email protected]; [email protected]; [email protected] > > > Subject: Kathleen Moriarty's No Objection on > > > draft-ietf-i2rs-yang-l3-topology-08: (with COMMENT) > > > > > > Kathleen Moriarty has entered the following ballot position for > > > draft-ietf-i2rs-yang-l3-topology-08: No Objection > > > > > > When responding, please keep the subject line intact and reply to > > > all email addresses included in the To and CC lines. (Feel free to > > > cut this introductory paragraph, however.) > > > > > > > > > Please refer to > > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > https://datatracker.ietf.org/doc/draft-ietf-i2rs-yang-l3-topology/ > > > > > > > > > > > > -------------------------------------------------------------------- > > > -- > > > COMMENT: > > > -------------------------------------------------------------------- > > > -- > > > > > > I agree with Alissa's comment that the YANG module security > > > consideration > > section guidelines need to be followed and this shouldn't go forward > > until that is corrected. I'm told it will be, thanks. > > > > > > > > > > > > _______________________________________________ > > > i2rs mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/i2rs > > > > -- > > Juergen Schoenwaelder Jacobs University Bremen gGmbH > > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > > > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
