Dear all,
I read section 3.7 "security considerations section" of
https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc8407bis/
This section must only contain the first two paragraphs:
Each specification that defines one or more modules MUST contain a
section that discusses security considerations relevant to those
modules.
Unless the modules comply with [RFC8791] or define YANG extensions
(e.g., [RFC7952]), the security section MUST be modeled after the
latest approved template (available at
<https://wiki.ietf.org/group/ops/yang-security-guidelines>).
The paragraph "In particular:" with the bullet points must be removed.
What if the template changes in the future?
On top of that, I am absolutely against inserting the Template itself in
this document (section 3.7.1.)
Can we please trust the AD, the YANG-doctors, and the community to do
the right thing, which means updating
https://wiki.ietf.org/group/ops/yang-security-guidelines when it's
required (as I mentioned on the mic., with community and IESG approval).
I see it coming in case if we insert the security considerations
template in this document: "Oh, if we need to update the template, we
must revise the RFC8407bis". Let's avoid this, there is no problem to be
solved here... and certainly not by introducing what seems to be yet
another process.
Obviously, I read this sentence "Authors MUST check the web page at the
URL listed above in case there is a more recent version available." As a
YANG module writer, on top of reading this section, I have to see if
there is a different template somewhere else? A waste of time.
Regards, Benoit
On 11/6/2024 4:51 PM, [email protected] wrote:
Hi Rob,
I like the sections you added. If you can put a PR this would be helpful.
For the readable one, I prefer to leave the OLD wording and not only
focus on the “config false”
(those are all the "config false" nodes, but also all other
-- nodes, because they can also be read via operations like get or
-- get-config)
Thank you.
Cheers,
Med
*De :*Rob Wilton (rwilton) <[email protected]>
*Envoyé :* mercredi 6 novembre 2024 13:26
*À :* BOUCADAIR Mohamed INNOV/NET <[email protected]>
*Cc :* [email protected]
*Objet :* Re: Rob's comment to the security template
Hi Med,
I was hoping for further changes to the template to try and make it a
bit more explicit.
I’ve given an example of what these changes would look like for
readable/writable nodes, but the other parts of the template would
need to be similarly updated, which I can have a go at, if you think
that this is helpful and heading in the right direction.
Currently on a separate branch/repo, but I could put a pull request in
if that helps.
https://github.com/netmod-wg/rfc8407bis/compare/main...rgwilton:rfc8407bis:patch-1
Regards,
Rob
*From: *[email protected] <[email protected]>
*Date: *Tuesday, 5 November 2024 at 08:24
*To: *Rob Wilton (rwilton) <[email protected]>
*Cc: *[email protected] <[email protected]>
*Subject: *[netmod] Rob's comment to the security template
Hi Rob,
An attempt to address a comment your raised in the netmod session can
be found at: https://github.com/netmod-wg/rfc8407bis/pull/73/files.
Let me know if this is OK or you prefer we tweak more. Thanks.
Cheers,
Med
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
netmod mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
netmod mailing list -- [email protected]
To unsubscribe send an email to [email protected]
