Internet DRAFT - draft-moriarty-yangsecuritytext
draft-moriarty-yangsecuritytext
IETF K. Moriarty
Internet-Draft Center for Internet Security (CIS)
Intended status: Standards Track 8 March 2023
Expires: 9 September 2023
Security Considerations Template for YANG Module Documents
draft-moriarty-yangsecuritytext-02
Abstract
This document includes the template text agreed upon by the
Operations Area and Security Area for inclusion in YANG documents.
The best practices are updated as needed and will result in updates
to this template for use to provide a consistent set of security
considerations for authors, developers, and implementors.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 9 September 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Moriarty Expires 9 September 2023 [Page 1]
Internet-Draft draft-moriarty-yangsecuritytext-01 March 2023
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. YANG Security Considerations Template . . . . . . . . . . . . 2
3. Security Considerations . . . . . . . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 4
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
This document includes the template text agreed upon by the
Operations Area and Security Area for inclusion in YANG documents.
The best practices are updated as needed and will result in updates
to this template for use to provide a consistent set of security
considerations for authors, developers, and implementors.
Updates may be made through errata or a publication of an updated
document for ease of use by the IETF and other standards
organizations. The current version is maintained on a wiki.
2. YANG Security Considerations Template
The following template text, in addition to the guidance provided by
the Security Area Directors in the Security Area wiki, must be
included in the applicable IETF YANG publications. The text is
provided as a template for use by other organizations with a
requirement to reference it appropriately to this document.
This RFC contains text intended for use as a template as designated
below by the markers
<BEGIN TEMPLATE TEXT> and <END TEMPLATE TEXT>
or other clear designation. Such Template Text is subject to the
provisions of Section 9(b) of the
<BEGIN TEMPLATE TEXT>
Security Considerations
The YANG module(s) specified in this document defines a schema for
data that is designed to be accessed via network management protocols
such as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF
Moriarty Expires 9 September 2023 [Page 2]
Internet-Draft draft-moriarty-yangsecuritytext-01 March 2023
layer is the secure transport layer, and the mandatory-to-implement
secure transport is Secure Shell (SSH) [RFC6242]. The lowest
RESTCONF layer is HTTPS, and the mandatory-to-implement secure
transport is TLS [RFC 8446].
The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content.
-- if you have any writable data nodes (those are all the -- "config
true" nodes, and remember, that is the default) -- describe their
specific sensitivity or vulnerability.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative
effect on network operations. These are the subtrees and data nodes
and their sensitivity/vulnerability:
<list subtrees and data nodes and state why they are sensitive>
-- for all YANG modules you must evaluate whether any readable data
-- nodes (those are all the "config false" nodes, but also all other
-- nodes, because they can also be read via operations like get or --
get-config) are sensitive or vulnerable (for instance, if they --
might reveal customer information or violate personal privacy -- laws
such as those of the European Union if exposed to -- unauthorized
parties)
Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data
nodes and their sensitivity/vulnerability:
<list subtrees and data nodes and state why they are sensitive>
-- if your YANG module has defined any rpc operations -- describe
their specific sensitivity or vulnerability.
Some of the RPC operations in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus
important to control access to these operations. These are the
operations and their sensitivity/vulnerability:
Moriarty Expires 9 September 2023 [Page 3]
Internet-Draft draft-moriarty-yangsecuritytext-01 March 2023
<list RPC operations and state why they are sensitive>
<END TEMPLATE TEXT>
Note: [RFC 8446], [RFC6241], [RFC6242], [RFC8341], and [RFC8040] must
be "normative references".
3. Security Considerations
This document defines a template to provide consistent YANG Security
Considerations on publications by the IETF and other standards bodies
and organizations.
4. IANA Considerations
This memo includes no request to IANA.
5. Contributors
Thank you to reviewers and contributors who helped to improve the
security consdierations for YANG. The text has been developed and
refined over many years on an Operations Area working group mailing
list and to a Security Area wiki. Revisions have been made by IETF
Security Area Directors and Operations Area Directors similar to the
template for SNMP security considerations. Thank you to the
following known contributors: Sean Turner, Stephen Farrell, Beniot
Claise, and Erik Rescorla.
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
6.2. Informative References
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
Moriarty Expires 9 September 2023 [Page 4]
Internet-Draft draft-moriarty-yangsecuritytext-01 March 2023
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
Appendix A. Change Log
Note to RFC Editor: if this document does not obsolete an existing
RFC, please remove this appendix before publication as an RFC.
Author's Address
Kathleen M. Moriarty
Center for Internet Security (CIS)
31 Tech Valley Drive
East Greenbush, NY,
United States of America
Email: Kathleen.Moriarty.ietf@gmail.com
Moriarty Expires 9 September 2023 [Page 5]