Re: [Lsr] Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS)

2019-10-02 Thread Roman Danyliw 
Hi Acee!

You're proposed edits would address my DISCUSS point.  Thanks for this clarity.

> -Original Message-
> From: Acee Lindem (acee) [mailto:a...@cisco.com]
> Sent: Wednesday, October 02, 2019 9:52 AM
> To: Roman Danyliw ; The IESG 
> Cc: draft-ietf-isis-yang-isis-...@ietf.org; Yingzhen Qu
> ; aretana.i...@gmail.com; lsr-cha...@ietf.org;
> lsr@ietf.org
> Subject: Re: Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: 
> (with
> DISCUSS)
> 
> Hi Roman,
> 
> On 10/1/19, 4:28 PM, "Roman Danyliw via Datatracker" 
> wrote:
> 
> Roman Danyliw has entered the following ballot position for
> draft-ietf-isis-yang-isis-cfg-40: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-isis-yang-isis-cfg/
> 
> 
> 
> --
> DISCUSS:
> --
> 
> Section 7.  A DISCUSS for discussion.  Thanks for this enumeration of
> writeable
> and readable nodes which could be considered sensitive.  Per the list of
> nodes
> that could expose the topology of the network, wouldn’t the following also
> have
> sensitive topology information:
> 
> -- /isis/local-rib
> 
> Although not as detailed as the Link State Database, a case could also be
> made for the local RIB. I'll add it to the sensitive operational data.

Thanks.

> -- /isis/hostnames
> 
> These is basically a mapping of hostnames to ISO System IDs. The ISO System
> ID is really only used by IS-IS (native CLNS is a thing of the past). I 
> really don't
> see this as being all that useful to an attacker.

Ok.

> Furthermore, shouldn’t the log files also be protected as the errors or
> status
> posted there could also leak topology information: -- /isis/spf-log --
> /isis/lsp-log
> 
> This doesn't include the contents of the LSP - only the LSP ID that caused the
> SPF. I don't see how this would that sensitive - other than that someone
> accessing the SPF and LSP logs could determine that the IS-IS Routing domain
> is volatile.

Ok.

> Thanks,
> Acee
> 
> 
> 
> 
> 
> 

___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr

[Lsr] Roman Danyliw's Discuss on draft-ietf-isis-yang-isis-cfg-40: (with DISCUSS)

2019-10-01 Thread Roman Danyliw via Datatracker 
Roman Danyliw has entered the following ballot position for
draft-ietf-isis-yang-isis-cfg-40: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-isis-yang-isis-cfg/



--
DISCUSS:
--

Section 7.  A DISCUSS for discussion.  Thanks for this enumeration of writeable
and readable nodes which could be considered sensitive.  Per the list of nodes
that could expose the topology of the network, wouldn’t the following also have
sensitive topology information:

-- /isis/local-rib

-- /isis/hostnames

Furthermore, shouldn’t the log files also be protected as the errors or status
posted there could also leak topology information: -- /isis/spf-log

-- /isis/lsp-log




___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr