Hi Benoît, I don't think removing the template from the doc is a good idea.
FWIW, one of the goals set for the bis was to fix an issue raised by the IETF Trust about the template. Please refer, e.g., to https://mailarchive.ietf.org/arch/msg/netmod/gBEuz3mgOuyghmeQk7T4so_ZxF8/ or https://datatracker.ietf.org/meeting/116/materials/slides-116-netmod-05-security-considerations-template-for-yang-module-documents-00. Cheers, Med De : Benoit Claise <[email protected]> Envoyé : dimanche 10 novembre 2024 13:15 À : BOUCADAIR Mohamed INNOV/NET <[email protected]>; Rob Wilton (rwilton) <[email protected]> Cc : [email protected] Objet : Re: [netmod] Re: Rob's comment to the security template Dear all, I read section 3.7 "security considerations section" of https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc8407bis/ This section must only contain the first two paragraphs: Each specification that defines one or more modules MUST contain a section that discusses security considerations relevant to those modules. Unless the modules comply with [RFC8791] or define YANG extensions (e.g., [RFC7952]), the security section MUST be modeled after the latest approved template (available at <https://wiki.ietf.org/group/ops/yang-security-guidelines><https://wiki.ietf.org/group/ops/yang-security-guidelines>). The paragraph "In particular:" with the bullet points must be removed. What if the template changes in the future? On top of that, I am absolutely against inserting the Template itself in this document (section 3.7.1.) Can we please trust the AD, the YANG-doctors, and the community to do the right thing, which means updating https://wiki.ietf.org/group/ops/yang-security-guidelines when it's required (as I mentioned on the mic., with community and IESG approval). I see it coming in case if we insert the security considerations template in this document: "Oh, if we need to update the template, we must revise the RFC8407bis". Let's avoid this, there is no problem to be solved here... and certainly not by introducing what seems to be yet another process. Obviously, I read this sentence "Authors MUST check the web page at the URL listed above in case there is a more recent version available." As a YANG module writer, on top of reading this section, I have to see if there is a different template somewhere else? A waste of time. Regards, Benoit On 11/6/2024 4:51 PM, [email protected]<mailto:[email protected]> wrote: Hi Rob, I like the sections you added. If you can put a PR this would be helpful. For the readable one, I prefer to leave the OLD wording and not only focus on the "config false" (those are all the "config false" nodes, but also all other -- nodes, because they can also be read via operations like get or -- get-config) Thank you. Cheers, Med De : Rob Wilton (rwilton) <[email protected]><mailto:[email protected]> Envoyé : mercredi 6 novembre 2024 13:26 À : BOUCADAIR Mohamed INNOV/NET <[email protected]><mailto:[email protected]> Cc : [email protected]<mailto:[email protected]> Objet : Re: Rob's comment to the security template Hi Med, I was hoping for further changes to the template to try and make it a bit more explicit. I've given an example of what these changes would look like for readable/writable nodes, but the other parts of the template would need to be similarly updated, which I can have a go at, if you think that this is helpful and heading in the right direction. Currently on a separate branch/repo, but I could put a pull request in if that helps. https://github.com/netmod-wg/rfc8407bis/compare/main...rgwilton:rfc8407bis:patch-1 Regards, Rob From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Date: Tuesday, 5 November 2024 at 08:24 To: Rob Wilton (rwilton) <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [netmod] Rob's comment to the security template Hi Rob, An attempt to address a comment your raised in the netmod session can be found at: https://github.com/netmod-wg/rfc8407bis/pull/73/files. Let me know if this is OK or you prefer we tweak more. Thanks. Cheers, Med ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ netmod mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
