On Mon, Aug 22, 2016 at 3:07 AM, Juergen Schoenwaelder < [email protected]> wrote:
> On Fri, Aug 19, 2016 at 12:55:53PM -0400, Susan Hares wrote: > > Andy: > > > > > > > > The easy of reviewing per leaf – is why I suggested the per leaf. > > > > I also agree it is important to mention this non-secure/secure > requirement to the PUSH work team we are both on. > > > > > > > > Should I change: > > > > Old: / > > > > A non-secure transport can be used for publishing telemetry data or > > > > other operational state that was specifically indicated to non- > > > > confidential in the data model in the Yang syntax. / > > > > New: > > > > / A non-secure transport can be used for publishing telemetry data or > > > > other operational state that was specifically indicated to non- > > > > confidential in the data model. / > > > > Tagging something in the data model as 'non-confidential' remains a > flawed idea. What can be considered 'non-confidential' depends on the > deployment scenario. It is even worse to standardize some piece of > information as 'non-confidential'. How can the IETF claim that > something is always 'non-confidential'? (And note, a non-secure > transport is not just about confidentiality, it also implies that > boxes on the path can arbitrarily change the information.) > > This additional note is quite interesting. It is 1 thing to decide if the data is public info or not. (Assume security guidelines could be provided that clearly define that.) It is quite another to say "it's OK if the monitoring data gets modified in flight". I can't imagine any use-cases for that. In case this is not clear: What we have done for ~30 years is to have > the decision which information goes into an insecure transport be > taken by an access control model. This makes the decision runtime > configurable and thus things can be deployment specific. This has > worked for 30 years and I have no problem with this. What I am > struggling with is the idea to standardize parts of YANG data models > as 'non-confidential'. > > /js > > Andy > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> >
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
