Yes, Rob, all comments are addressed in v-15, ready to go, I believe. 发件人: Rob Wilton (rwilton)<[email protected]<mailto:[email protected]>> 收件人: Qin Wu<[email protected]<mailto:[email protected]>> 抄送: netmod-chairs<[email protected]<mailto:[email protected]>>;Kent Watsen<[email protected]<mailto:[email protected]>>;draft-ietf-netmod-factory-default<[email protected]<mailto:[email protected]>>;netmod<[email protected]<mailto:[email protected]>>;The IESG<[email protected]<mailto:[email protected]>> 主题: RE: Roman Danyliw's Discuss on draft-ietf-netmod-factory-default-14: (with DISCUSS and COMMENT) 时间: 2020-05-11 21:15:16
Qin, Please can you confirm that -15 addresses all IESG comments and directorate review comments, and this version is ready to go. Regards, Rob > -----Original Message----- > From: Qin Wu <[email protected]> > Sent: 09 May 2020 02:19 > To: Roman Danyliw <[email protected]>; Rob Wilton (rwilton) <[email protected]> > Cc: [email protected]; Kent Watsen <[email protected]>; draft- > [email protected]; [email protected]; The IESG > <[email protected]> > Subject: RE: Roman Danyliw's Discuss on draft-ietf-netmod-factory-default- > 14: (with DISCUSS and COMMENT) > > Thanks Roman. > > -Qin > -----邮件原件----- > 发件人: Roman Danyliw [mailto:[email protected]] > 发送时间: 2020年5月9日 4:16 > 收件人: Qin Wu <[email protected]>; Rob Wilton (rwilton) > <[email protected]> > 抄送: [email protected]; Kent Watsen <[email protected]>; draft- > [email protected]; [email protected]; The IESG > <[email protected]> > 主题: RE: Roman Danyliw's Discuss on draft-ietf-netmod-factory-default-14: > (with DISCUSS and COMMENT) > > Hi Qin! > > Top posting to say thanks for the updated texted that was added to -15. > It addresses my DISCUSS points. > > Regards, > Roman > > > -----Original Message----- > > From: Qin Wu <[email protected]> > > Sent: Saturday, April 25, 2020 11:00 PM > > To: Rob Wilton (rwilton) <[email protected]>; Roman Danyliw > > <[email protected]> > > Cc: [email protected]; Kent Watsen <[email protected]>; > > draft-ietf- [email protected]; [email protected]; The IESG > > <[email protected]> > > Subject: RE: Roman Danyliw's Discuss on draft-ietf-netmod-factory- > default-14: > > (with DISCUSS and COMMENT) > > > > -----邮件原件----- > > 发件人: Rob Wilton (rwilton) [mailto:[email protected]] > > 发送时间: 2020年4月25日 0:54 > > 收件人: Qin Wu <[email protected]>; Roman Danyliw <[email protected]> > > 抄送: [email protected]; Kent Watsen <[email protected]>; draft- > > [email protected]; [email protected]; The IESG > > <[email protected]> > > 主题: RE: Roman Danyliw's Discuss on draft-ietf-netmod-factory-default- > 14: > > (with DISCUSS and COMMENT) > > > > Hi Qin, > > > > This document was discussed today. I think that Roman plans to follow > > up regarding the security considerations discuss. > > > > From the discussion today, and reading the Discuss, my understanding > > is that Roman has two concerns that are more about the specific text > > than the use of the template: > > > > 1) Concerns read access to the factory-default datastore which could > > contain sensitive information. Perhaps read access to that datastore > > should default to nacm:default-deny-all? If so, then this should > > probably be documented in section 3, with a sentence in section 6 to > explain that is how it is protected. > > > > [Qin]: Please See Jurgen and Andy's comment in this thread, I agree > > with Jurgen we should treat factory in the same way as running and > > other datastores. If any text is needed, I could add a few text in the > > section 6 based on the discussion in this thread: > > " > > Access to the "factory-reset" RPC operation and factory default values > > of all configuration data nodes within "factory-default" datastore is > > considered sensitive and therefore has been restricted using the > > "default-deny-all" access control defined in [RFC8341]. > > " > > 2) The second point is asking to expand this paragraph: > > > > The operational disruption caused by setting the config to factory > > default contents varies greatly depending on the implementation and > > current config. > > > > Such that the description also covers "Please note that a default > > configuration could be insecure or not have security controls enabled > > whereby exposing the network to compromise." > > > > [Qin]:So we will see exposing factory default configuration to the > > network to compromise also as one kind of operational disruption, if > > this is true, here is the proposed change: > > OLD TEXT: > > " > > The operational disruption caused by setting the config to factory > > default contents varies greatly depending on the implementation and > > current config. > > " > > NEW TEXT: > > " > > The operational disruption caused by setting the config to factory > > default contents or lacking appropriate security control on factory > > default configuration varies greatly depending on the implementation > > and current config. > > " > > If not, please advise. > > > > I see that you are already addressing the other comments that have > > been raised. > > > > Regards, > > Rob > > > > > > > -----Original Message----- > > > From: iesg <[email protected]> On Behalf Of Qin Wu > > > Sent: 21 April 2020 14:20 > > > To: Roman Danyliw <[email protected]>; The IESG <[email protected]> > > > Cc: [email protected]; Kent Watsen <[email protected]>; > > > draft- [email protected]; [email protected] > > > Subject: RE: Roman Danyliw's Discuss on > > > draft-ietf-netmod-factory-default- > > > 14: (with DISCUSS and COMMENT) > > > > > > Hi, Roman: > > > A few clarification inline below. > > > -----邮件原件----- > > > 发件人: Roman Danyliw via Datatracker [mailto:[email protected]] > > > 发送时间: 2020年4月21日 20:52 > > > 收件人: The IESG <[email protected]> > > > 抄送: [email protected]; > > > [email protected]; [email protected]; Kent Watsen > > > <[email protected]>; [email protected] > > > 主题: Roman Danyliw's Discuss on draft-ietf-netmod-factory-default-14: > > > (with DISCUSS and COMMENT) > > > > > > Roman Danyliw has entered the following ballot position for > > > draft-ietf-netmod-factory-default-14: Discuss > > > > > > When responding, please keep the subject line intact and reply to > > > all email addresses included in the To and CC lines. (Feel free to > > > cut this introductory paragraph, however.) > > > > > > > > > Please refer to > > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/ > > > > > > > > > > > > -------------------------------------------------------------------- > > > -- > > > DISCUSS: > > > -------------------------------------------------------------------- > > > -- > > > > > > Please use YANG security considerations template from > > > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines. > > > Specifically (as a DISCUSS item): > > > > > > ** (Per the template questions “for all YANG modules you must > > > evaluate whether any readable data”) Would factory-default contain > > > any sensitive information in certain network environments where the > > > ACLs should be more restrictive that world readable for everyone? > > > [Qin]: It does follows yang-security-guidelines but there is no > > > readable data node defined within rpc, that's why we don't use third > > > paragraph boilerplate and fourth paragraph boilerplate of > > > yang-security- > > guidelines. > > > YANG-security-guidelines are more applicable to YANG data model with > > > more readable/writable data nodes. > > > In addition, as clarified in the second paragraph, section 6 of this > > > draft, NACM can be used to restrict access for particular NETCONF or > > > RESTCONF users to a preconfigured subset of all available NETCONF or > > > RESTCONF protocol operations (i.e., factory-reset rpc) > > > > > > Per “The operational disruption caused by setting the config to > > > factory default contents varies greatly depending on the > > > implementation and current config”, it seems like it could be worse > > > than just an operational disruption. Please note that a default > > > configuration could be insecure or not have security controls > > > enabled whereby exposing the network to compromise. > > > > > > [Qin]: As described in the second paragraph of section 6 it by > > > default restrict access for everyone by using the "default-deny-all" > > > access control defined [RFC8341], what else does it need to address > > > this security concern? > > > -------------------------------------------------------------------- > > > -- > > > COMMENT: > > > -------------------------------------------------------------------- > > > -- > > > > > > Please use YANG security considerations template from > > > https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines. > > > Specifically (as a COMMENT item): > > > > > > ** Add “The Network Configuration Access Control Model (NACM) > > > [RFC8341] provides the means to …” > > > > > > [Qin]: We did follow this template, I am wondering how it is > > > different from the second paragraph of section 6? I see they are > > > equivalent but with more fine granularity security measures, if my > understanding is correct.
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
