From: netmod <[email protected]> on behalf of Italo Busi <[email protected]> Sent: 13 January 2023 11:32
Andy, Carsten, Jürgen, Tom, Thanks for your feedbacks If I understand correctly: * Andy, Carsten and Jürgen agree that using unrestricted string for non-key attributes makes sense * Andy has a concern only about using unrestricted string for key attributes and his proposal is to use the yang-identifier (which does not bound the maximum length of the string) instead Is my understanding correct? I think that what I have understood would make sense Any other opinion or suggestion? <tp> I go further and think that the character set and the length should be restricted and that is what I am implying when I point out unrestricted string as a key when reviewing an I-D but realise that my comments are mostly not acted on. I saw a discussion recently about how many emoji should be allowed in e-mail with some proposing no limit and I wondered how many emoji are allowed in a YANG key string. I do not know my ISO documents well enough to answer that. Tom Petch Thanks, Italo From: Andy Bierman <[email protected]> Sent: giovedì 12 gennaio 2023 19:24 To: Jürgen Schönwälder <[email protected]>; Andy Bierman <[email protected]>; Italo Busi <[email protected]>; [email protected] Subject: Re: [netmod] Use of unrestricted string in YANG (was RE: naming scope of a grouping which uses a grouping) On Thu, Jan 12, 2023 at 8:33 AM Jürgen Schönwälder <[email protected]<mailto:[email protected]>> wrote: On Thu, Jan 12, 2023 at 07:08:05AM -0800, Andy Bierman wrote: > > Just because the escaped string is "safe" inside a NETCONF protocol message > does not mean it is safe to use in other tools. Data (especially list keys) > gets moved > between software programs. Unrestricted strings increase the risk of data > injection attacks. > Sorry, broken code that does not handle inputs of unexpected length can't be secured by standardizing arbitrary limits. The only option is to fix the broken code. Code that fails to validate its inputs can't be fixed by arbitrary limits and the pure hope that the broken code will never see something causing it to crash. My statement is about the risk of using unconstrained values in strings, not the length. It is my preference to avoid characters in leaf keys that are known to cause problems with shells and other tools. It is a tradeoff. You can have the freedom to construct all-whitespace key leafs, but at the risk of implementations not handling it correctly. The designer(s) should pick the most appropriate type, based on priorities. /js Andy -- Jürgen Schönwälder Constructor University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/> _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
