Re: [Netconf] notification access control

To: NETCONF <netconf at ietf.org>
Subject: Re: [Netconf] notification access control
From: Andy Bierman <andy at netconfcentral.com>
Date: Wed, 17 Jun 2009 17:02:09 -0700
Delivered-to: netconf at core3.amsl.com
In-reply-to: <4A398137.8060403 at netconfcentral.com>
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
References: <200906171944.n5HJiBBo056500 at idle.juniper.net> <4A394F71.4090500 at netconfcentral.com> <20090617233855.GA11123 at elstar.local> <4A398137.8060403 at netconfcentral.com>
User-agent: Thunderbird 2.0.0.21 (Windows/20090302)

Andy Bierman wrote:

Juergen Schoenwaelder wrote:

...

So, you can easily tell that a session is getting
a notification (or not), but you cannot guess the content.


I want to summarize that this is not any new security hole,
and pruning payload data or dropping the notification (on one session
but not another), offers an attacker the same opportunity
to identity 'packets of interest' within the capture log.
Without knowing all the filters as well, this is much
less likely to be a real vulnerability.

/js


Andy


Andy

References:
- Re: [Netconf] notification access control
  - From: Phil Shafer
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Juergen Schoenwaelder
- Re: [Netconf] notification access control
  - From: Andy Bierman

Prev by Date: Re: [Netconf] notification access control
Next by Date: Re: [Netconf] notification access control
Previous by thread: Re: [Netconf] notification access control
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

Re: [Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.