Re: [core] progressing ietf-core-yang-cbor and ietf-core-sid

Andy Bierman <> Tue, 21 January 2020 19:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4619312003F for <>; Tue, 21 Jan 2020 11:29:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rixiTsgqKhdU for <>; Tue, 21 Jan 2020 11:29:14 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 779E912001B for <>; Tue, 21 Jan 2020 11:29:14 -0800 (PST)
Received: by with SMTP id i16so4203150edr.5 for <>; Tue, 21 Jan 2020 11:29:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2MSmYs6ircSubKcj3JmKWmbJmWL9qpvMcYQiSakBt0c=; b=1LfE5XYvu12D8orfB1LfPA2b4YqrAjCMsDYrESLB+pD5QgESIWal2284YYvy1Y8XVv i9/PSSzvCXfoNLABG5aNmvfWlGN57V+aw0p60ubU2g6YKkNIjcmyWkxL/K4pTagBf5tk EmPIgJhSh3NsbvO4ATxPVhhFEnhTP/2K/4m7JPSM/n6p1q2d3E/iAxJ/WiqPMAik0aUT MoGP4TD3ZkfcDNZAIwckqpwiK0GMSFk9RuCMMLCVCJ/GPQ63WAkBROL/GpXj98Ekn2x0 0ZDE71/7jKCH6/0X2/eGmGwxIdmNHv0saBMdGYRmykvSol/yrFf2T326+v1pwK88EOD2 Y5UQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2MSmYs6ircSubKcj3JmKWmbJmWL9qpvMcYQiSakBt0c=; b=D5BovdzRY4PBZSR8hv0V4VM2GzT7Mlgjc85uSQmEhqkbGY3ofzSsoRW1zTVSe6Qo/A TI3u9hKVzLy+EC8YYMZ2crNhlDKUx5x6FpDIcdKHW/WFC1S6w39pgsURuqokrM6nQSpg oAWiCzBrhbbCOeVnEWedtbSSfsCkg7HiAB3Ep/lVSEpIezbkaHQDEjSxHdahLC/RMK/D ZsqRJa35+vlmZ6evbhtLRiGAjo1iqAgaFUV5kTU/3GppbpRul/uTcjs/7RxwM6A1wCNd 7GztbpgJoANAWq/koMXoiDF+JXogLebQ1lPrJjtgCydrR4AqVg5GUTIFj53jbhTtUTc/ D8Aw==
X-Gm-Message-State: APjAAAUSINs7ok7DiBJBBuYk59i4M4eSByNqh2oG3RCj1Rz+/HXV7aLq V8v+NSawe9yahM9SiTBDWsbpOIa3XsdY/WAz5hp+rA8A
X-Google-Smtp-Source: APXvYqwjCuyZPSbs8ofXukieL3Tt7acMpQeklvlCokC2MIdGUwzx5NsJSAWAXWnQfpqDh1EOHT+VbBxj+32D9yK43DE=
X-Received: by 2002:a05:6512:15d:: with SMTP id m29mr3666962lfo.51.1579634952270; Tue, 21 Jan 2020 11:29:12 -0800 (PST)
MIME-Version: 1.0
References: <29380.1565102380@localhost> <> <7505.1565633977@localhost> <> <18990.1577231446@localhost> <> <22612.1578626081@localhost> <> <15754.1578789013@localhost> <> <6025.1578939111@localhost> <> <26398.1579112884@localhost> <> <14603.1579125396@localhost> <> <18568.1579133839@localhost> <> <> <> <> <> <>
In-Reply-To: <>
From: Andy Bierman <>
Date: Tue, 21 Jan 2020 11:29:00 -0800
Message-ID: <>
To: Ivaylo Petrov <>
Cc: Carsten Bormann <>, Core <>, Alexander Pelov <>
Content-Type: multipart/alternative; boundary="000000000000348d80059cab6cb4"
Archived-At: <>
Subject: Re: [core] progressing ietf-core-yang-cbor and ietf-core-sid
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Jan 2020 19:29:18 -0000

On Tue, Jan 21, 2020 at 2:55 AM Ivaylo Petrov <> wrote:

> Hello Andy,
> Find my answers below
> On Sun, Jan 19, 2020 at 6:37 AM Andy Bierman <> wrote:
> >
> >
> >
> > On Thu, Jan 16, 2020 at 9:47 AM Carsten Bormann <> wrote:
> >>
> >> On 2020-01-16, at 13:50, Andy Bierman <> wrote:
> >> >
> >> > There is a significant amount of metadata needed to generate a SID
> file,
> >> > starting with all the previous YANG revisions or SID files, and
> when/if
> >> > the SID files have been reset vs. updated with preserved numbers.
> >>
> >> Well, specifically, the current YANG module and the previous SID file;
> not the entire history of the universe.
> >>
> >> The need for the previous SID file means that there needs to be a
> single lineage; SID files cannot be independently progressed.  This calls
> for central entity (or a blockchain :-).
> >> What we need to define unambiguously is who that entity is.
> >> One we are at the IANA, the Designated Expert (DE) can play this role.
> >> But we need to define the process leading up to this.
> >> (Yes, that process will evolve, and we probably also need to allow
> exceptions.
> >> But there must be strong guide rails that work for the vast majority of
> cases.)
> >>
> >> Adding a version number to the SID file could indeed help with
> accidents/disasters.
> >> But it could also lead to people thinking they can get away with
> concurrent lineages; thinking that version numbers will fix any fallout.
> >> That would be a disaster on its own, most likely leading to permanent
> universe splits.
> >> So I’m not so sure we want to open that Pandora’s box.
> >>
> >
> >
> > We already opened Pandora's box by attempting to create a 1-flat-number
> globally unique, multi-module,
> > multi-owner object identifier. I think YANG is quite different than the
> MAC address example of success
> > in this endeavour because YANG modules need the numbers assigned in the
> development phase,
> > not the manufacturing phase.
> >
> > YANG has many features that make it easier on the writer and harder on
> the tool maker,
> > such as no order dependencies, but is has some guardrails. No matter how
> the writer may
> > possibly alter or refactor a YANG module, nothing unintentional can
> change the YANG identifier for
> > any defined data node.  SID has no such guardrails.
> [ivaylo]:
> It seems that you are implying that refactoring a YANG without changing the
> YANG identifiers and the paths will cause changes to the .sid file. Could
> you
> provide an example as I am not sure I see why this needs to be the case.
> Note that I added the restriction of not changing paths as otherwise I
> believe the
> NETCONF representation will also change, so CORECONF will be no different.

YANG modules under development do not follow any of the "module update"
so there are no restrictions that can be relied on in real YANG development.
This requires the tools and developers to be more careful, especially
since YANG tools have no existing reason to be careful in these areas.

> >
> > I think there is a practical solution for deployment, which does not
> require the use of the
> > centrally maintained SID files, which is not realistic for 4 reasons:
> >   - no way to apply changes to an incorrect SID file (without a
> sid-file-identifier)
> [ivaylo]:
> I believe currently the way to achieve this is to have a new version
> of the YANG module,
> so that a new version of the SID file can be generated. Having a
> global version of .sid
> file that is an integer that progresses lineary seems as a good
> solution to me. It should
> also be able to accommodate your concern here I believe. As Michael
> said, the latest
> version of the .sid file should be able to handle both all clients of
> previous versions of
> the YANG module and the latest one. As there could be multiple versions
> for one
> version of a YANG module, errors could be corrected. Does this sound
> good to you?

This will not work at all.
There is no reason to update the YANG module.
What would change? Just the revision-date?

Even if we ignore all possibility that a SID file can have a flaw in it,
there is still the problem caused when imported modules change.
Reusable groupings in a common module are all the rage.
It is very possible that the target module may never even change after
release 1

   module foo {
        import A { prefix a; }
        revision 2019-01-01;

        container top {
           uses a:grouping1;

The SID file contents for /top are not determined by module foo.
Over time, module A will keep changing and module foo will never change.
All of the unspecified revisions imported by module foo determine the
expansion of 'grouping1.
This approach only works within a server implementation because all the
module revisions
are known to the client via the YANG library.

> >   - no way for vendors to apply deviations on any YANG modules, e,.g
> deviation { not-supported; }
> [ivaylo]:
> I am not sure I see why that is the case. In sec 3 of
> draft-ietf-core-yang-library we have
> * 'feature' and 'deviation' are implemented using a SID (i.e. an
> unsigned integer).
> While I agree that more details can be added here, I don't see any
> reason deviations
> not to be supported.
> >   - the SID file generation depends on the specific revisions of all
> modules imported
> >     and submodules included by the target YANG module
> [ivaylo]:
> I agree, but I believe this is a good thing.  As is said sec 5.1.1 of
> RFC6020
> ` modules need to be imported using specific revisions`.

This is not how YANG is used 95% of the time.
Even if I import-by-revision, it is very common for that module to
have its own imports, and I have no control over the revisions used there.

> Could you provide more details of the issue you see?
> >   - vendors are already failing to deploy YANG modules from a central
> source model.
> >     The NETCONF and RESTCONF protocols have robust mechanisms to
> discover and
> >     retrieve the actual YANG files used by the server, and vendors rely
> on this feature.
> >     Some vendors need model branching and other complexity that make SID
> assignment even harder
> >     (see
> >
> [ivaylo]:
> I believe that the envisioned .sid file retrieval mechanism is:
> 1. You find the sid that you are interested in
> 2. You check in which mega range it is and who is the operator of that
> mega range in
> the IANA registry.
> 3. You contact that mega range operator through a given protocol to
> obtain further details.

No. I am interested in loading the SID data from each individual server, as

I understand some people want to hard-wire SIDs into their client or server
and they will not have the YANG identifiers.  I am not interested in this
deployment option for YANG-Push so the SID values will get added at runtime.
The client will consume or use cached the SID files at
session-startup-time, just like the YANG modules.

> Presently we believed as there are not going to be too many mega range
> registries and
> we have no experience operating them it might be unwise to specify the
> protocol that
> they need to implement in order for clients to be able to query them.
> Specifying such a
> protocol might be something we do if this is a really big concern for
> people.
> Would that retrieval mechanism cover the cases that you were thinking
> of? Are there other
> cases that you believe it should cover?

I think vendors will continue to fill in the gaps with proprietary
The SID file format will get augmented, etc. to support real deployment
This could be considered a protocol issue and can be ignored for SID files
in general.

How the client gets the YANG and SID files could be considered an
implementation detail.
The IANA repo is there but there is no requirement to use it.

> > CORECONF (and SID in general) needs a SID file retrieval mechanism.
> > Perhaps based on YANG Data Instance Files
> > A server will make the URI of this resource known somehow, which can be
> used if needed,
> > before a client starts using SIDs.
> >
> > In addition, or instead of listing YANG modules, the data is SID files,
> maybe 1 super-SID-file JSON object.
> > It is not realistic that a client will be able to use all global SID
> files based on the YANG module name
> > and revision date, especially in the development phase. The IANA SID
> file may be useful after the YANG
> > module is very stable.
> >
> > More solution details:
> >   - The WG or vendor can maintain an informal public archive of SID
> files.
> >   - The YangModels repo update process should include SID files.
> >   - Vendors still need the public SID file for the starting point, or
> maybe use it unchanged
> >   - The SID files need <CODE BEGINS> support and probably some tool
> changes in the ID-submission process
> >   - IANA will only archive the RFC version, just like YANG modules.
> >
> >
> >
> >> Grüße, Carsten
> >
> >
> >
> > Andy
> >
> --
> Best regards,
> Ivaylo