Re: [Netconf] Netconf Notification: One last bit of Discuss: Session Accumulation

["Romascanu, Dan (Dan)" <dromasca at avaya.com>]

This was not so obvious for the Security AD Tim Polk who entered the
DISCUSS. If the clarification proposed by Sharon is accepted by Tim and
can be added by an RFC Editor note, we can resolve the DISCUSS. 

Dan
  

> -----Original Message-----
> From: netconf-bounces at ietf.org 
> [mailto:netconf-bounces at ietf.org] On Behalf Of Andy Bierman
> Sent: Monday, June 16, 2008 6:17 PM
> To: Sharon Chisholm
> Cc: netconf at ietf.org
> Subject: Re: [Netconf] Netconf Notification: One last bit of 
> Discuss: Session Accumulation
> 
> Sharon Chisholm wrote:
> > Hi
> > 
> > I originally thought this would not require an update to 
> the document, 
> > but here it is. I propose the following text to resolve:
> > 
> > If a malicious or buggy NETCONF client sends a number of 
> > <create-subscription> requests  without ever terminating 
> any of them, 
> > they will accumulate subscriptions and begin to use up 
> system resources.
> > They do so while accumulating NETCONF sessions and when the 
> underlying 
> > NETCONF session is terminated, so is the Notification subscription. 
> > The <kill-session> operation should be used to terminate 
> any suspect 
> > NETCONF sessions.
> 
> I don't see why a new doc-rev is needed.
> Isn't this incredibly obvious?
> Isn't this the same for any session-based protocol?
> 
> IMO, there is no need to mention that the agent should clean 
> up underlying resources when a session is terminated.
> This is either an implementation detail, or it is already 
> covered in RFC 4741.
> 
> 
> 
> Andy
> 
> 
> 
> > 
> >> There is only one remaining issue.  I identified tha 
> following issue
> > from Blake Ramsdell's >secdir review as blocking:
> >>>
> >>>> * Is there a risk of sessions accumulating? That is, too many
> >>>>   create-subscription requests without termination?
> >>>>
> >> From the authors explanation, it is the netconf server's
> > responsibility to kill sessions if needed to address a DoS attack.
> >>> The subscription terminates when the underlying NETCONF 
> session goes 
> >>> way. In order to accumulate subscriptions, you need to accumulate 
> >>> NETCONF sessions. These may well be a finite resource, 
> but the base 
> >>> protocol provides a <kill-session> command to kill a particular 
> >>> session from another session if there is an issue.
> >>>
> >> The explanation is fine, but I think a sentence or two in the 
> >> security
> > considerations is needed to alert implementers.  I believe 
> this can be 
> > easily resolved with an RFC Editor Note.
> > 
> > Sharon Chisholm
> > Nortel
> > Ottawa, Ontario
> > Canada
> > _______________________________________________
> > Netconf mailing list
> > Netconf at ietf.org
> > https://www.ietf.org/mailman/listinfo/netconf
> > 
> > 
> > 
> 
> 
> _______________________________________________
> Netconf mailing list
> Netconf at ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
> 
_______________________________________________
Netconf mailing list
Netconf at ietf.org
https://www.ietf.org/mailman/listinfo/netconf