Re: [Netconf] notification access control

To: "NETCONF" <netconf at ietf.org>
Subject: Re: [Netconf] notification access control
From: "Randy Presuhn" <randy_presuhn at mindspring.com>
Date: Wed, 17 Jun 2009 18:03:40 -0700
Delivered-to: netconf at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=PLsH1meSvnY3sn76hnI4pgqE3AWX5Kid9JFrqEzvocQhBwlp3wYrpPKx9saO47fR; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
References: <200906171944.n5HJiBBo056500 at idle.juniper.net> <4A394F71.4090500 at netconfcentral.com> <001201c9ef9c$832a64a0$6801a8c0 at oemcomputer> <4A397C90.1050801 at netconfcentral.com> <000c01c9efaa$f6489340$6801a8c0 at oemcomputer> <4A398AAE.5000300 at netconfcentral.com>

Hi -

> From: "Andy Bierman" <andy at netconfcentral.com>
> To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> Cc: "NETCONF" <netconf at ietf.org>
> Sent: Wednesday, June 17, 2009 5:30 PM
> Subject: Re: [Netconf] notification access control
>
> Randy Presuhn wrote:
> > Hi -
> > 
> >> From: "Andy Bierman" <andy at netconfcentral.com>
> >> To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> >> Cc: "NETCONF" <netconf at ietf.org>
> >> Sent: Wednesday, June 17, 2009 4:30 PM
> >> Subject: Re: [Netconf] notification access control
> >>
> >> Randy Presuhn wrote:
> >>> Hi -
> >>>
> >>>> From: "Andy Bierman" <andy at netconfcentral.com>
> >>>> To: "Phil Shafer" <phil at juniper.net>
> >>>> Cc: "NETCONF" <netconf at ietf.org>
> >>>> Sent: Wednesday, June 17, 2009 1:17 PM
> >>>> Subject: Re: [Netconf] notification access control
> > ...
> >> Since the filters will be removed from monitoring data,
> >> an attacker won't really have any way of knowing which
> >> sessions are trying to filter which content.  Therefore,
> >> presence or absence of a notification does not really
> >> mean anything.
> > 
> > You're only looking at the potential eavesdropper.
> > Consider where the atacker is the authorized user,
> > trying to ferrer out information s/he is not supposed
> > to be able to have access to.
> > 
> 
> How does guessing that one session received a
> notification but another one didn't help here?

That's not the issue.  Don't think about eavesdroppers.
Think about an authorized user being able to figure
out things from the information stream legitimately
delivered with "redacted" payloads.  Trivial example:
system has two users who are not allowed to see each
others' data.  By subscribing to all events, the receipt
of ones with empty or partial payloads would let one
user know what was going on with the other.

...
> > How did we get from notifications into get requests?
> > 
> 
> To me, a <get> and a <notification> that reveal the
> same information are just 'read' operations.
> I do not understand why access control should work
> differently for these 2 forms of a read operation.

A notification conveys more information than just its
payload.

Randy

Follow-Ups:
- Re: [Netconf] notification access control
  - From: Andy Bierman

References:
- Re: [Netconf] notification access control
  - From: Phil Shafer
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman
- Re: [Netconf] notification access control
  - From: Randy Presuhn
- Re: [Netconf] notification access control
  - From: Andy Bierman

Prev by Date: Re: [Netconf] notification access control
Next by Date: Re: [Netconf] notification access control
Previous by thread: Re: [Netconf] notification access control
Next by thread: Re: [Netconf] notification access control
Index(es):
- Date
- Thread

Re: [Netconf] notification access control

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.