Hi, Med, Kent, all
2) In the Security Considerations section, the template should be amended to
have the following paragraph:
Please be aware that this YANG module uses groupings from other
YANG
modules that define nodes that may be considered sensitive or
vulnerable
in network environments. Please review the Security Considerations
for
dependent YANG modules for information as to which nodes may be
considered sensitive or vulnerable in network environments.
[Med] We need to be careful for this one as the document that defines the
grouping may not include that analysis (because those are not used as data
nodes). Here is a proposal for discussion:
NEW:
==
-- if your YANG module reuses groupings from other modules and
-- the document that specifies these groupings also
-- includes those as data nodes, then add this text to remind
-- the specific sensitivity or vulnerability of reused nodes.
This YANG module uses groupings from other YANG modules that
define nodes that may be considered sensitive or vulnerable
in network environments. Refer to the Security Considerations
of <RFC-insert-numbers> for information as to which nodes may
be considered sensitive or vulnerable in network environments.
-- if your YANG module does not define any data nodes, then
-- add the following text
The YANG module defines a set of identities, types, and
groupings. These nodes are intended to be reused by other YANG
modules. The module by itself does not expose any data nodes that
are writable, data nodes that contain read-only state, or RPCs.
As such, there are no additional security issues related to
the YANG module that need to be considered.
Modules that use the groupings that are defined in this document
should identify the corresponding security considerations. For
example, reusing some of these groupings will expose privacy-related
information (e.g., 'node-example').
===
[Qiufang]
In addition to the cases above, for YANG modules that reuse groupings from
other modules
and expose data nodes that have security considerations as a result, probably
it’s also
worth mentioning that “
This YANG module uses groupings from other YANG modules that
define nodes that may be considered sensitive or vulnerable
in network environments.” and followed by a list of data nodes exposed
and identified as sensitive,
those nodes are defined in the grouping, thus it might be slightly different
from what the
template has stated in the current version.
Best Regards,
Qiufang
On Feb 28, 2024, at 4:51 AM,
[email protected]<mailto:[email protected]> wrote:
Hi all,
I think that this version is ready for the WGLC.
The document fully covers the items promised when requesting adoption [1]. As
listed in the ACK section, we also solicited and integrated feedback from many
yangdoctors, solicited SAAG WG to review the security text, etc. Refer to 1.1
for a comprehensive list of the changes.
Cheers,
Med
[1] Slide#7 of
https://datatracker.ietf.org/meeting/117/materials/slides-117-netmod-7-guidelines-for-authors-and-reviewers-of-documents-containing-yang-data-models-00
-----Message d'origine-----
De : I-D-Announce
<[email protected]<mailto:[email protected]>> De la
part de
[email protected]<mailto:[email protected]>
Envoyé : mercredi 28 février 2024 10:01
À : [email protected]<mailto:[email protected]>
Cc : [email protected]<mailto:[email protected]>
Objet : I-D Action: draft-ietf-netmod-rfc8407bis-09.txt
Internet-Draft draft-ietf-netmod-rfc8407bis-09.txt is now available.
It is a work item of the Network Modeling (NETMOD) WG of the IETF.
Title: Guidelines for Authors and Reviewers of Documents
Containing YANG Data Models
Authors: Andy Bierman
Mohamed Boucadair
Qin Wu
Name: draft-ietf-netmod-rfc8407bis-09.txt
Pages: 84
Dates: 2024-02-28
Abstract:
This memo provides guidelines for authors and reviewers of
specifications containing YANG modules, including IANA-maintained
modules. Recommendations and procedures are defined, which are
intended to increase interoperability and usability of Network
Configuration Protocol (NETCONF) and RESTCONF protocol
implementations that utilize YANG modules. This document obsoletes
RFC 8407.
Also, this document updates RFC 8126 by providing additional
guidelines for writing the IANA considerations for RFCs that
specify
IANA-maintained modules.
The IETF datatracker status page for this Internet-Draft is:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata<https://data/>
tracker.ietf.org%2Fdoc%2Fdraft-ietf-netmod-
rfc8407bis%2F&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C51672231
30c943a5a4c608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C
638447076716455966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=s5VX9Hb%2Fl
P9v5QurysF69syyEyba9yYss7xd7K5E2FE%3D&reserved=0
There is also an HTML version available at:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww<https://www/>.
ietf.org%2Farchive%2Fid%2Fdraft-ietf-netmod-rfc8407bis-
09.html&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C5167223130c943
a5a4c608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C638447
076716464395%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Br3nHahSq8OV24f
hFxBkJaqY43Q0GUxcbPZSFhji4uk%3D&reserved=0
A diff from the previous version is available at:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauth<https://auth/>
or-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-netmod-rfc8407bis-
09&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C5167223130c943a5a4c
608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C63844707671
6470644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zo%2FrtFJrYJkJXOceIpzR
mlGAQF2c8m9Z%2F0vShl5o8gQ%3D&reserved=0
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
netmod mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/netmod
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_______________________________________________
netmod mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/netmod
