Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Dear all, The new YANG module security guidelines have been posted, in agreement with our SEC AD Kathleen. See https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines Regards, Benoit Dear all, As discussed during the IESG telechat today, we should only focus on the addition of the REST

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

I¹m if I looked hard enough I'd find it. However, I imagine many others will have the same question. Where is Wiki or format URL where the boilerplate will be maintained? Thanks, Acee On 3/17/17, 11:36 AM, "netmod on behalf of Kent Watsen" wrote: > >Adding a final thought to this, I found it

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Adding a final thought to this, I found it strange when I copied the Security guidelines into some of my YANG-model focused drafts, that I suddenly had to add Informative References for some transport protocols. Why should a YANG model care about transport protocols? Are we going to extend this

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Kent Watsen writes: > A couple comments: > > 1) drilling down on the mandatory-to-implement NC/RC protocols >is somewhat missing the point. The important bit is that >*all* protocols transporting YANG-modeled data *only* have >secure transport layers. More specifically, YANG-modeled

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

The considerations should say more about how we delegate encryption and authentication to the underlaying protocols, whatever they may be. We don't need details, just an understanding of the role of each layer. Thanks, Phil Kent Watsen writes: > >A couple comments: > >1) drilling down on the m

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

>> 1) drilling down on the mandatory-to-implement NC/RC protocols >>is somewhat missing the point. The important bit is that >>*all* protocols transporting YANG-modeled data *only* have >>secure transport layers. More specifically, YANG-modeled >>data may be transported over oth

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Dear all, As discussed during the IESG telechat today, we should only focus on the addition of the RESTCONF bits, and not attempt to include the I2RS future protocol now. Hence this minimum change proposal: The YANG module defined in this document is designed to be accessed

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On Thu, Mar 16, 2017 at 10:13:18AM -0400, Alia Atlas wrote: > > > > Keep in mind that I2RS believes in a requirement for cleartext > > transport protocols. Perhaps this never makes it through the IESG but > > so far it was not possible to stop this... > > > > This is solely for notifications that

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Juergen, On Thu, Mar 16, 2017 at 9:51 AM, Juergen Schoenwaelder < j.schoenwael...@jacobs-university.de> wrote: > On Thu, Mar 16, 2017 at 12:48:34PM +, Kent Watsen wrote: > > > > A couple comments: > > > > 1) drilling down on the mandatory-to-implement NC/RC protocols > >is somewhat missin

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On Thu, Mar 16, 2017 at 12:48:34PM +, Kent Watsen wrote: > > A couple comments: > > 1) drilling down on the mandatory-to-implement NC/RC protocols >is somewhat missing the point. The important bit is that >*all* protocols transporting YANG-modeled data *only* have >secure transpo

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

I just have a general comment, I'm happy with the direction and objective of the new text. It looks like you are down to editorial nits and I'll stay out of that now that secure transport for RESTCONF is covered in the considerations. Thank you for the updated boilerplate! Kathleen On Thu, Mar 1

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

typo: new: one of the protocols *may* have an insecure protocol K. -ORIGINAL MESSAGE- A couple comments: 1) drilling down on the mandatory-to-implement NC/RC protocols is somewhat missing the point. The important bit is that *all* protocols transporting YANG-modeled data *only*

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

A couple comments: 1) drilling down on the mandatory-to-implement NC/RC protocols is somewhat missing the point. The important bit is that *all* protocols transporting YANG-modeled data *only* have secure transport layers. More specifically, YANG-modeled data may be transported over

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On 3/16/2017 8:56 AM, Juergen Schoenwaelder wrote: On Thu, Mar 16, 2017 at 08:37:39AM +0100, Benoit Claise wrote: Latest proposal: The YANG module defined in this document is designed to be accessed via network management protocols such as NETCONF [RFC6241] or RESTCONF [RFC8040].

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On Thu, Mar 16, 2017 at 08:37:39AM +0100, Benoit Claise wrote: > Latest proposal: > > The YANG module defined in this document is designed to be accessed > via network management protocols such as NETCONF [RFC6241] or > RESTCONF [RFC8040]. The lowest NETCONF layer is the secure transpo

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On 3/16/2017 8:27 AM, Juergen Schoenwaelder wrote: On Wed, Mar 15, 2017 at 08:10:22PM +0100, Benoit Claise wrote: I like the "YANG based management protocols" part I think 'YANG based' is not needed (and to some extend even incorrect) and I would spell out 'network management' instead of 'mana

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On Wed, Mar 15, 2017 at 08:10:22PM +0100, Benoit Claise wrote: > I like the "YANG based management protocols" part I think 'YANG based' is not needed (and to some extend even incorrect) and I would spell out 'network management' instead of 'management': The YANG module defined in this documen

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

On 3/15/2017 6:32 PM, Kent Watsen wrote: Benoit, I fixed this text in my drafts already. Actually, I found the old text difficult to read, so I fixed it like this: The YANG module defined in this document is designed to be accessed via YANG based management protocols, such as NETCON

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Benoit, I fixed this text in my drafts already. Actually, I found the old text difficult to read, so I fixed it like this: The YANG module defined in this document is designed to be accessed via YANG based management protocols, such as NETCONF [RFC6241

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

: netmod@ietf.org Cc: sec-...@ietf.org Subject: Re: [netmod] security considerations boilerplate updates to cover RESTCONF Dear all, [copying the security ADs to make sure the new security section is fine] Let's separate the two issues 1. the multiple URLs in draft-ietf-netmod-rfc6087b

Re: [netmod] security considerations boilerplate updates to cover RESTCONF

Dear all, [copying the security ADs to make sure the new security section is fine] Let's separate the two issues 1. the multiple URLs in draft-ietf-netmod-rfc6087bis-12.txt Basically, I agree with Jürgen I see section 4.7: This section MUST be patterned after the latest approved template

[netmod] security considerations boilerplate updates to cover RESTCONF

Hi, this came up during IESG processing of a YANG module - is there a new security guideline boilerplate text covering RESTCONF? This was briefly discussed on the yang-doctors but somehow the discussion stopped because RESTCONF was not published yet at that time. I think this affects draft-ietf-ne