Hi Juergen, On Fri, Jan 12, 2018 at 4:45 AM, Juergen Schoenwaelder <[email protected]> wrote: > On Thu, Jan 11, 2018 at 11:03:30AM -0500, Kathleen Moriarty wrote: >> Hi Juergen, >> >> Thank you very much for the additional information. This was very >> helpful. Benoit and I discussed it a bit further on the telechat and >> some text changes in the introduction and security considerations >> section to provide some of this information for the reader will be >> helpful. I got the explanations and appreciate them and from the >> explanations, my discuss questions have been answered and I'll switch >> this to a no objection leaving you and Benoit to add the text as >> helpful for other readers. >> > > Kathleen, > > we propose to add this text to the security considerations: > > The origin metadata annotation exposes the origin of values in the > applied configuration. Origin information may provide hints that > certain control plane protocols are active on a device. Since origin > information is tied to applied configuration values, it is only > accessible to clients that have the permissions to read the applied > configuration values. Security administrators should consider the > sensitivity of origin information while defining access control > rules.
Thank you, that is very helpful. Would it also be possible to add text in the introduction on where the data for these values comes from (the device itself)? Best regards, Kathleen > > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> -- Best regards, Kathleen _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
