Hi Med,
Ah. Thanks. I forgot about that issue :-(
Let me carefully avoid to re-invest any of my time in this process
issue. Do what's right.
Hopefully, we are not going towards a path where we need a bis document
each time the template is changed...
Regards, Benoit
On 11/12/2024 9:34 AM, [email protected] wrote:
Hi Benoît,
I don’t think removing the template from the doc is a good idea.
FWIW, one of the goals set for the bis was to fix an issue raised by
the IETF Trust about the template. Please refer, e.g., to
https://mailarchive.ietf.org/arch/msg/netmod/gBEuz3mgOuyghmeQk7T4so_ZxF8/
or
https://datatracker.ietf.org/meeting/116/materials/slides-116-netmod-05-security-considerations-template-for-yang-module-documents-00.
Cheers,
Med
*De :* Benoit Claise <[email protected]>
*Envoyé :* dimanche 10 novembre 2024 13:15
*À :* BOUCADAIR Mohamed INNOV/NET <[email protected]>; Rob
Wilton (rwilton) <[email protected]>
*Cc :* [email protected]
*Objet :* Re: [netmod] Re: Rob's comment to the security template
Dear all,
I read section 3.7 "security considerations section" of
https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc8407bis/
<https://datatracker.ietf.org/doc/draft-ietf-netmod-rfc8407bis/>
This section must only contain the first two paragraphs:
Each specification that defines one or more modules MUST contain a
section that discusses security considerations relevant to those
modules.
Unless the modules comply with [RFC8791] or define YANG extensions
(e.g., [RFC7952]), the security section MUST be modeled after the
latest approved template (available at
<https://wiki.ietf.org/group/ops/yang-security-guidelines>
<https://wiki.ietf.org/group/ops/yang-security-guidelines>).
The paragraph "In particular:" with the bullet points must be removed.
What if the template changes in the future?
On top of that, I am absolutely against inserting the Template itself
in this document (section 3.7.1.)
Can we please trust the AD, the YANG-doctors, and the community to do
the right thing, which means updating
https://wiki.ietf.org/group/ops/yang-security-guidelines when it's
required (as I mentioned on the mic., with community and IESG approval).
I see it coming in case if we insert the security considerations
template in this document: "Oh, if we need to update the template, we
must revise the RFC8407bis". Let's avoid this, there is no problem to
be solved here... and certainly not by introducing what seems to be
yet another process.
Obviously, I read this sentence "Authors MUST check the web page at
the URL listed above in case there is a more recent version
available." As a YANG module writer, on top of reading this section, I
have to see if there is a different template somewhere else? A waste
of time.
Regards, Benoit
On 11/6/2024 4:51 PM, [email protected] wrote:
Hi Rob,
I like the sections you added. If you can put a PR this would be
helpful.
For the readable one, I prefer to leave the OLD wording and not
only focus on the “config false”
(those are all the "config false" nodes, but also all other
-- nodes, because they can also be read via operations like get or
-- get-config)
Thank you.
Cheers,
Med
*De :* Rob Wilton (rwilton) <[email protected]>
<mailto:[email protected]>
*Envoyé :* mercredi 6 novembre 2024 13:26
*À :* BOUCADAIR Mohamed INNOV/NET <[email protected]>
<mailto:[email protected]>
*Cc :* [email protected]
*Objet :* Re: Rob's comment to the security template
Hi Med,
I was hoping for further changes to the template to try and make
it a bit more explicit.
I’ve given an example of what these changes would look like for
readable/writable nodes, but the other parts of the template would
need to be similarly updated, which I can have a go at, if you
think that this is helpful and heading in the right direction.
Currently on a separate branch/repo, but I could put a pull
request in if that helps.
https://github.com/netmod-wg/rfc8407bis/compare/main...rgwilton:rfc8407bis:patch-1
Regards,
Rob
*From: *[email protected] <[email protected]>
*Date: *Tuesday, 5 November 2024 at 08:24
*To: *Rob Wilton (rwilton) <[email protected]>
*Cc: *[email protected] <[email protected]>
*Subject: *[netmod] Rob's comment to the security template
Hi Rob,
An attempt to address a comment your raised in the netmod session
can be found at:
https://github.com/netmod-wg/rfc8407bis/pull/73/files.
Let me know if this is OK or you prefer we tweak more. Thanks.
Cheers,
Med
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
netmod mailing list [email protected]
To unsubscribe send an email [email protected]
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
netmod mailing list -- [email protected]
To unsubscribe send an email to [email protected]
