[alto] Roman Danyliw's No Objection on draft-ietf-alto-oam-yang-17: (with COMMENT)

2024-01-19 Thread Roman Danyliw via Datatracker
Roman Danyliw has entered the following ballot position for
draft-ietf-alto-oam-yang-17: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-alto-oam-yang/



--
COMMENT:
--

Thank you to Rich Salz for the SECDIR review.

Thank you for addressed by COMMENT and DISCUSS feedback.



___
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto


Re: [alto] Roman Danyliw's Discuss on draft-ietf-alto-oam-yang-16: (with DISCUSS and COMMENT)

2024-01-19 Thread Jensen Zhang
Hi Roman,

Many thanks for your further feedback. We just uploaded revision -17 to
address your comments.

HTML: https://datatracker.ietf.org/doc/html/draft-ietf-alto-oam-yang-17
Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-alto-oam-yang-17

Please see our detailed responses inline below. If there are others needed,
please let us know.

Thanks,
Jensen


On Thu, Jan 18, 2024 at 10:50 PM Roman Danyliw via Datatracker <
nore...@ietf.org> wrote:

> Roman Danyliw has entered the following ballot position for
> draft-ietf-alto-oam-yang-16: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-alto-oam-yang/
>
>
>
> --
> DISCUSS:
> --
>
> Per -15 ballot review:
>
> ** Section 8.  Per the guidance on writeable data, aren’t significant
> parts of
> alto-server/listen sensitive as one could alter the stored keys for the
> server
> or client; or the username/password combinations (in
> http-server-parameters)?
>
> ** Section 8.  Per the guidance about readable data:
>
> -- isn’t tls-server-parameters sensitive since it could contain raw private
> keys (e.g., ks:inline-or-keystore-symmetric-key-grouping)?
>

Agree. We should make it clear. Writeable data nodes in
'http-server-parameters' and 'tls-server-parameters' are sensitive. We
added the list of the concrete sensitive data nodes and their referenced
groupings and modules. The security considerations of the corresponding
I-Ds are applied to them.


>
> -- Would it be best practice to be able to read all of the authorized
> users?
>

The admin should be able to operate the access control of the authorized
users. Therefore, accessing the identifiers of the authorized users is a
minimal requirement. But more sensitive user information is not required.


>
> Thanks for the response at
> https://mailarchive.ietf.org/arch/msg/alto/tD88zktK20QDBIbd-jbGt5JJDLc/
>
> > Yes, some groupings in alto-server/listen are also sensitive. But they
> are
> > defined in other RFCs, thus the security considerations in those RFCs
> also
> > apply to them.
>
> This described approach is inconsistent with my observation on how the YANG
> security template is used.  If there is a path which has security
> considerations, the issues are typically highlighted regardless of whether
> there is reuse.  Setting aside that this is a YANG module, my experience
> with
> any protocol document is that if there is a mechanism reused by reference
> and
> it introduces a relevant security dependency, it would have been cited in
> the
> Security Considerations as applicable.  Neither of these approach appear
> to be
> taken here.  Is there a reason why not?
>

Make sense. We added the security considerations for the reused data nodes.


>
>
> --
> COMMENT:
> --
>
> Thank you to Rich Salz for the SECDIR review.
>
> Thank you for addressed by COMMENT and DISCUSS feedback.
>
>
>
>
___
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto


[alto] I-D Action: draft-ietf-alto-oam-yang-17.txt

2024-01-19 Thread internet-drafts
Internet-Draft draft-ietf-alto-oam-yang-17.txt is now available. It is a work
item of the Application-Layer Traffic Optimization (ALTO) WG of the IETF.

   Title:   YANG Data Models for the Application-Layer Traffic Optimization 
(ALTO) Protocol
   Authors: Jingxuan Jensen Zhang
Dhruv Dhody
Kai Gao
Roland Schott
Qiufang Ma
   Name:draft-ietf-alto-oam-yang-17.txt
   Pages:   86
   Dates:   2024-01-19

Abstract:

   This document defines a YANG data model for Operations,
   Administration, and Maintenance (OAM) & Management of the
   Application-Layer Traffic Optimization (ALTO) Protocol.  The operator
   of an ALTO server can use this data model to (1) set up the ALTO
   server, (2) configure server discovery, (3) create, update and remove
   ALTO information resources, (4) manage the access control of each
   ALTO information resource, and (5) collect statistical data from the
   ALTO server.  The application provider can also use this data model
   to configure ALTO clients to communicate with known ALTO servers.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-alto-oam-yang/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-alto-oam-yang-17.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-alto-oam-yang-17

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


___
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto