The IESG has received a request from the Operations and Management Area
Working Group WG (opsawg) to consider the following document: - 'Discovering
and Retrieving Software Transparency and Vulnerability
Information'
as Proposed Standard
The IESG plans to make a decision in the next few
Hi Eliot,
I see that mostly the security section is really about the sensitivity of the
data fields in the data model, and also whether those fields have default
deny-all NACM rules. How the data is accessed shouldn’t really matter so much
since the same principles should apply.
However,
I do think it's worth having a broader conversation about security
considerations of YANG models, because the very idea that YANG is tied
to NETCONF/RESTCONF means that either we end up in these sorts of silly
situations in which the security considerations are largely inapplicable
*OR* we end
Hi Eliot,
Thanks. I’ll initiate IETF LC on -14. It is possible that the “necessarily”
may mean that the SEC ADs will want more of the regular YANG security
considerations to be included, but we can cross that bridge during the IESG
review, if needed.
Regards,
Rob
From: Eliot Lear
Sent:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This Internet-Draft is a work item of the Operations and Management Area
Working Group WG of the IETF.
Title : Discovering and Retrieving Software Transparency and
Vulnerability Information
Rob:
I think it's appropriate to accept all of your proposed changes with one
caveat:
On 07.02.23 14:50, Rob Wilton (rwilton) wrote:
Hi Eliot,
The only thing that I think that we need to tweak is the security section,
where I think that we need to be more explicit that this module is not
Hi WG,
The IETF116 preliminary agenda is posted.
The OPSAWG meeting is scheduled at 09:30 - 11:30 Tuesday Session I.
We open the call for presentation on the meeting.
Please send over your request with the topic, speaker, time slot to the chairs.
Look forward to seeing you in Yokohama.
Cheers,
