On Wed, Jan 10, 2018 at 11:21:13AM -0800, Kathleen Moriarty wrote: > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Hello, > > Thanks for your work on this draft. I'm a little confused with some text in > the draft and have a few questions. > > 1. The introductions says, > "This architectural framework identifies a set of conceptual datastores but > it does not mandate that all network management protocols expose all > these conceptual datastores. This architecture is agnostic with > regard to the encoding used by network management protocols." > > As such, the data stores could be exposed for some implementations, using > whatever network management protocol (likely NetCONF or RESTCONF). If this is > the case, why doesn't at least some of the security considerations template > apply for at least secure transport?
The security considerations text is IMHO correct. The YANG modules defined in this document do not define any accessible objects. Hence, the security YANG template does not apply. > 2. Section 5.3.4 - Is there any integrity protection on the origin > information? > If not, can it be added or is there a good reason why it’s not possible? I > realize these are conceptual models that may or may not be exposed, but if > exposed and used, wouldn’t some integrity protection on this be helpful? Can you clarify what you mean with 'integrity protection' in this context and why you think origin attributes are special? The known published network management protocols all use standard security protocols (SSH and TLS). In general, security mechanisms are protocol specific, I do not see how the architectual definition of datastores requires discussion of special integrity mechanisms. Perhaps I do not understand your concern. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
