RE: Secdir last call review of draft-ietf-tictoc-1588v2-yang-10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ben and Samuel,

Yes, the draft says:" The lowest NETCONF layer is the secure transport layer, and the
   mandatory-to-implement secure transport is Secure Shell (SSH)
   [RFC6242]. The lowest RESTCONF layer is HTTPS, and the mandatory-
   to-implement secure transport is TLS [RFC8446]." Thus authentication is a mandatory part of this layer.
BTW, the security considerations in this draft are fully in accordance with "Guidelines for Authors and Reviewers of YANG Data Model Documents" https://tools.ietf.org/html/draft-ietf-netmod-rfc6087bis-20#page-13 (which is now in RFC Editor Queue), and all future YANG docs developed in the IETF are requested to follow its guidelines).

Thanks,
Yuanlong

> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@xxxxxxx]
> Sent: Thursday, October 04, 2018 10:50 AM
> To: Samuel Weiler
> Cc: secdir@xxxxxxxx; draft-ietf-tictoc-1588v2-yang.all@xxxxxxxx; ietf@xxxxxxxx;
> tictoc@xxxxxxxx
> Subject: Re: Secdir last call review of draft-ietf-tictoc-1588v2-yang-10
> 
> On Wed, Oct 03, 2018 at 08:18:55AM -0700, Samuel Weiler wrote:
> > Reviewer: Samuel Weiler
> > Review result: Has Issues
> >
> > I wonder whether there should be a requirement to use authentication
> when
> > making updates.  As the doc says:
> 
> The NETCONF and RESTCONF secure transport layers already handle the
> authentication requirements.  E.g., RFC 8040 Section 2.5:
> 
>    The RESTCONF server MUST authenticate client access to any protected
>    resource.  If the RESTCONF client is not authenticated, the server
>    SHOULD send an HTTP response with a "401 Unauthorized" status-line,
>    as defined in Section 3.1 of [RFC7235].  The error-tag value
>    "access-denied" is used in this case.
> 
> But thank you for doing the review, and you're right that this is
> important!
> 
> -Ben
> 
> >    Write operations (e.g., edit-config) to these data nodes without
> >    proper protection can have a negative effect on network operations.
> >
> > I'm sure someone will argue "if this is used in a closed network, we can
> avoid
> > the use of authentication".  Prudence suggests that "closed" networks
> don't
> > remain that way forever, and defense-in-depth is advisable.  Let's add a
> MUST
> > or at least a SHOULD.
> >
> >
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux