Re: [Last-Call] Secdir last call review of draft-ietf-ccamp-l1csm-yang-24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Yaron,

 

Thank you for the proposal. Now we are aligned and the -25 is uploadedJ

 

Best wishes,

Haomian

 

From: Yaron Sheffer [mailto:yaronf.ietf@xxxxxxxxx]
Sent: Wednesday, February 7, 2024 2:45 AM
To: Zhenghaomian <zhenghaomian@xxxxxxxxxx>; secdir@xxxxxxxx
Cc: ccamp@xxxxxxxx; draft-ietf-ccamp-l1csm-yang.all@xxxxxxxx; last-call@xxxxxxxx
Subject: Re: Secdir last call review of draft-ietf-ccamp-l1csm-yang-24

 

Hi Haomian,

 

If we agree that the entire subtrees of these three nodes are sensitive, then the existing text is mostly good with a few small changes for clarity. Here’s my proposal (changes in bold):

 

NEW

 

There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can negatively affect network operations and services. Nodes in this YANG module are susceptible to intentional (malicious) and unintentional (misconfiguration) configuration, adversely affecting the connection. These are the subtrees and data nodes and their sensitivity/vulnerability The following data nodes and their entire subtrees are considered sensitive:

 

 

UNI:

 

 

- uni-id

 

 

Service:

 

 

- service-id

 

 

- endpoint-id

 

 

The IDs above identify a connection between the subscriber and service provider; they will be unique and may contain sensitive information such as customer information, service type, port information, and location. They must also be correctly configured to ensure the Subscriber and Service Provider connection is established. The security considerations spelled out in the YANG 1.1 specification [RFC7950] apply for this document as well.

 

END TEXT

 

Thanks,

                Yaron

 

 

On 06/02/2024, 3:46, "Zhenghaomian" <zhenghaomian@xxxxxxxxxx <mailto:zhenghaomian@xxxxxxxxxx>> wrote:

 

 

Hi Yaron,

 

 

Thank you for the review and comments.

I am not a sec experts so would like align with you before updating the document, please check if the inline proposal solves your comments.

 

 

Best wishes,

Haomian (on behalf of authors&contributors)

 

 

-----Original Message-----

From: Yaron Sheffer via Datatracker [mailto:noreply@xxxxxxxx <mailto:noreply@xxxxxxxx>]

Sent: Sunday, January 28, 2024 4:53 PM

To: secdir@xxxxxxxx <mailto:secdir@xxxxxxxx>

Cc: ccamp@xxxxxxxx <mailto:ccamp@xxxxxxxx>; draft-ietf-ccamp-l1csm-yang.all@xxxxxxxx <mailto:draft-ietf-ccamp-l1csm-yang.all@xxxxxxxx>; last-call@xxxxxxxx <mailto:last-call@xxxxxxxx>

Subject: Secdir last call review of draft-ietf-ccamp-l1csm-yang-24

 

 

Reviewer: Yaron Sheffer

Review result: Has Nits

 

 

The document describes a simple YANG model for L1 service management. IMO it is ready to go, with a few nits:

 

 

Sec. 1.2: the actual YANG module in Sec. 4 says "Refer to MEF 63 for all terms", so I would expect MEF 63 to be used as a reference for terminology here (and that document does have a very nice glossary).

 

 

Sec. 2, 2nd paragraph: the word "includes" is redundant.

[Haomian] Ok for the above two.

 

 

Sec. 5: I'm a bit puzzled about the three IDs that were called out as

sensitive: uni-id, service-id and endpoint-id. One reason for sensitivity is that they may disclose interesting information. Another reason is that "they must also be correctly configured to ensure the Subscriber and Service Provider connection is established." But I think the latter reason applies to everything else, e.g. "protocol", "optical-interface". In other words, just about everything in this module can be used to bring down the UNI, and therefore all attributes should be considered sensitive.

[Haomian] I basically agree with what you said, and found that removing the sentence 'they must also be correctly configured to ensure the Subscriber and Service Provider connection is established' would be a straightforward way to resolve. Do you think it works?

 

 

Sec. 5: "These are the subtrees and data nodes and their sensitivity/vulnerability" - but then we list the subtrees but no specific details about sensitivity/vulnerability.

[Haomian] My understanding is that in the previous paragraph the following statement indicates the reason of sensitivity/vulnerability. Do you prefer we move these below the subtrees and data nodes?

 

 

These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can negatively affect network operations and services. It is susceptible to intentional (malicious) and unintentional (misconfiguration) configuration, adversely affecting the connection.

 

 

Then the revision (towards the two comments above) will be:

OLD

There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can negatively affect network operations and services. It is susceptible to intentional (malicious) and unintentional (misconfiguration) configuration, adversely affecting the connection. These are the subtrees and data nodes and their sensitivity/vulnerability:

 

 

UNI:

 

 

- uni-id

 

 

Service:

 

 

- service-id

 

 

- endpoint-id

 

 

The IDs above identify a connection between the subscriber and service provider; they will be unique and may contain sensitive information such as customer information, service type, port information, and location. They must also be correctly configured to ensure the Subscriber and Service Provider connection is established. The security considerations spelled out in the YANG 1.1 specification [RFC7950] apply for this document as well.

 

 

NEW

 

 

There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These are the subtrees and data nodes and their sensitivity/vulnerability:

 

 

UNI:

 

 

- uni-id

 

 

Service:

 

 

- service-id

 

 

- endpoint-id

 

 

The IDs above identify a connection between the subscriber and service provider; they will be unique and may contain sensitive information such as customer information, service type, port information, and location. These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can negatively affect network operations and services. It is susceptible to intentional (malicious) and unintentional (misconfiguration) configuration, adversely affecting the connection. The security considerations spelled out in the YANG 1.1 specification [RFC7950] apply for this document as well.

 

 

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux