IETF Logo Mail Archive

Re: [DNSOP] Mapping IANA deprecated to YANG status deprecated [was RE: Robert Wilton's Discuss on draft-ietf-dnsop-iana-class-type-yang-03: (with DISCUSS and COMMENT)]

Warren Kumari <warren@kumari.net> Wed, 16 June 2021 23:27 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1643A0BDB for <dnsop@ietfa.amsl.com>; Wed, 16 Jun 2021 16:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZen787D3vUb for <dnsop@ietfa.amsl.com>; Wed, 16 Jun 2021 16:26:54 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A373A0BCE for <dnsop@ietf.org>; Wed, 16 Jun 2021 16:26:53 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id r16so6132519ljk.9 for <dnsop@ietf.org>; Wed, 16 Jun 2021 16:26:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gyqndlJtIjOBZc4/P937g7Fu+sDr7be2Rp89lYegzk0=; b=r28P6nEP6sI5Wu9jsSbky6cGvb4kecT8lYRNHduJqUtVBt/fkA40bPrTlegSC0022e 66AOCTeoWXChU9u9DPkNWmmkaKgXojYxf5hDoaaasFc4ODo61xGmtYuLTJYus418TA3e vwg4qNRd4fdhQe9MZwsuzo7X/dvxPoJgoitKbLZN3GJ9Q8fqawDykVQGoSXMhOzIN1ym ynRJfpcd8dvjqWAEV13yrw698XYxCOqJ24bx6ojllFJgNZrj6UBLy87lcJn51LeujgLE z6iM90x/WnZCwHE2cYubZDKdkVMp0NyeElbcvp0krdgq7aHoFopDeQQD2a75i9w4W8fV Ge5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gyqndlJtIjOBZc4/P937g7Fu+sDr7be2Rp89lYegzk0=; b=HjJBUktTP7wTlhafj1ilNdnGqo5K6blOC8HDiFtRw43NnCT8/CLR4UN+YaENMtiT0K 1DUp0rFSfgP4QBPgAAlOQEgiRdjxsBM4Hc67LLNCEiwqFz5I4jMg4lvgu6fUOW4RIIth 4spEYY7LvQc4ceMup4upddrNhuAqogtv6oFVaN3FEvS657QkeJG3tKS0jkbnMqpkHuqZ C65P47RktvnCRvhW0ttn578d3FJ1SIyUtn/cKZ8M/EcVP+I5Ismc4GFNAPRqKTX8yKW2 bN88N/p9otfPhBFtXIpk+vJu0ZpWmwplKCKp2YK90JJOU6L26afpg8rwongsC1VElVGW ad5w==
X-Gm-Message-State: AOAM5312VxrtCTf275PA6iSsdDUMm8sJFQlagVsCFus246Bo3zwZRV54 5Pmx+g3UeIT7lHmck7KOvGQNvKJo8Xy/PJnl6F4ZQw==
X-Google-Smtp-Source: ABdhPJxkDRAadGZOXARL5RAQpC2/5QRJ/gkT4Vj17oVNCs47nSpV4r2xF6yAvwpnApwNKjpI5YdF0G+2fCVq1wV7gIE=
X-Received: by 2002:a2e:a787:: with SMTP id c7mr1964760ljf.309.1623886010536; Wed, 16 Jun 2021 16:26:50 -0700 (PDT)
MIME-Version: 1.0
References: <DM4PR11MB5438640E293969D040407683B5359@DM4PR11MB5438.namprd11.prod.outlook.com> <b0426518-2b91-3eb0-1b2e-ddd0ac606b7c@NLnetLabs.nl>
In-Reply-To: <b0426518-2b91-3eb0-1b2e-ddd0ac606b7c@NLnetLabs.nl>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 16 Jun 2021 19:26:14 -0400
Message-ID: <CAHw9_i+dHjyhhwX+o=VueW5Ax9zjYvH0E3P5gpShT29LCj_bwQ@mail.gmail.com>
To: Benno Overeinder <benno@nlnetlabs.nl>
Cc: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "draft-ietf-dnsop-iana-class-type-yang@ietf.org" <draft-ietf-dnsop-iana-class-type-yang@ietf.org>, Ladislav Lhotka <ladislav.lhotka@nic.cz>, The IESG <iesg@ietf.org>, Paul Wouters <paul@nohats.ca>, "michelle.cotton@iana.org" <michelle.cotton@iana.org>
Content-Type: multipart/alternative; boundary="000000000000d0669005c4ea6c97"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RMNdPu33MdjUTwTH6K_XjQLy9Ls>
Subject: Re: [DNSOP] Mapping IANA deprecated to YANG status deprecated [was RE: Robert Wilton's Discuss on draft-ietf-dnsop-iana-class-type-yang-03: (with DISCUSS and COMMENT)]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 23:27:00 -0000

Thank you all.

Having heard no objections, we will go with Rob's proposed text.

Lada / Petr, please fold in this change, and then poke me LOUDLY and I'll
hit the "Go!" button...

Thanks all,
W

On Wed, Jun 16, 2021 at 7:00 AM Benno Overeinder <benno@nlnetlabs.nl> wrote:

> Thank you Rob.
>
> I am the document shepherd, but reply with no hats.
>
> I understand the concern, and I am fine with the proposed change.


> Best,
>
> -- Benno
>
>
> On 10/06/2021 18:05, Rob Wilton (rwilton) wrote:
> > Hi DNS Ops,
> >
> > Warren, Lada and I discussed this further today.  Warren and I think
> that mapping IANA deprecated to YANG deprecated is the right behaviour
> here, and Lada is fine with either outcome.
> >
> > The main concern of mapping from IANA 'deprecated' to YANG 'status
> obsolete' is that it would force a hard transition if any DNS classes or
> RR's ever needed to be deprecated.  I.e., when a server picks up a new
> version of the generated YANG types file it would be obliged to immediately
> remove support for the 'status obsolete' definition with no grace period
> and no option to continue using it (RFC 7950 describes this is a SHOULD
> NOT, but this constraint is effectively stronger in the versioning related
> drafts currently progressing in the NETMOD WG).
> >
> > So, the following change is proposed:
> >
> > OLD:
> >       "status":  Include only if a class or type registration has been
> >       deprecated or obsoleted.  In both cases, use the value "obsolete"
> >       as the argument of the "status" statement.
> >
> > NEW:
> >                "status":  Include only if a class or type registration
> has been
> >       deprecated or obsoleted.   IANA "deprecated" maps to YANG
> >       status "deprecated", and IANA "obsolete" maps to YANG status
> >       "obsolete".
> >
> > Does anyone in the WG strongly object to this change?  If so, please let
> us know by Wed's 16th.
> >
> > Regards,
> > Rob
> >
> >
> >> -----Original Message-----
> >> From: Ladislav Lhotka <ladislav.lhotka@nic.cz>
> >> Sent: 10 June 2021 12:37
> >> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>;
> >> Warren Kumari <warren@kumari.net>; michelle.cotton@iana.org
> >> Cc: draft-ietf-dnsop-iana-class-type-yang@ietf.org;
> dnsop-chairs@ietf.org;
> >> dnsop@ietf.org; benno@NLnetLabs.nl
> >> Subject: RE: Robert Wilton's Discuss on
> draft-ietf-dnsop-iana-class-type-yang-
> >> 03: (with DISCUSS and COMMENT)
> >>
> >> "Rob Wilton (rwilton)" <rwilton@cisco.com> writes:
> >>
> >>> Hi Lada,
> >>>
> >>> I've also copied Michelle on - since I think that it would be helpful
> for IANA
> >> to at least be aware of this discussion.
> >>>
> >>> Sorry for being slow to get back to you.  I've expanded on my discuss
> >> comment below, but it may be helpful for you, Warren, I, possibly
> Michelle,
> >> to have a quick chat to see if we can resolve it.
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Ladislav Lhotka <ladislav.lhotka@nic.cz>
> >>>> Sent: 03 June 2021 14:17
> >>>> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org
> >
> >>>> Cc: draft-ietf-dnsop-iana-class-type-yang@ietf.org;
> dnsop-chairs@ietf.org;
> >>>> dnsop@ietf.org; benno@NLnetLabs.nl
> >>>> Subject: Re: Robert Wilton's Discuss on
> draft-ietf-dnsop-iana-class-type-
> >> yang-
> >>>> 03: (with DISCUSS and COMMENT)
> >>>>
> >>>> Hi Rob,
> >>>>
> >>>> On 03. 06. 21 13:16, Robert Wilton via Datatracker wrote:
> >>>>
> >>>> ...
> >>>>
> >>>>>
> ----------------------------------------------------------------------
> >>>>> DISCUSS:
> >>>>>
> ----------------------------------------------------------------------
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> One issue that I think we should should discuss and resolve (sorry
> for
> >> the
> >>>> late
> >>>>> discuss ballot):
> >>>>>
> >>>>> In section 4, it states:
> >>>>>
> >>>>>     "status":  Include only if a class or type registration has been
> >>>>>        deprecated or obsoleted.  In both cases, use the value
> "obsolete"
> >>>>>        as the argument of the "status" statement.
> >>>>>
> >>>>> I know that we have had some previous discussion on this on Netmod,
> >> but,
> >>>> if
> >>>>> draft-ietf-netmod-yang-module-versioning-02 gets standardized then it
> >> will
> >>>>> effectively evolve YANG's "status deprecated" into "must implement or
> >>>>> explicitly deviate" and YANG's "status obsolete" into "must not
> >> implement".
> >>>> It
> >>>>> wasn't clear to me that marking one of these fields as being
> deprecated
> >> in
> >>>> an
> >>>>> IANA registry would mean that existing implementations must stop
> >> using it
> >>>> if
> >>>>> they migrate to a new version of the generated YANG module.  Hence, I
> >>>> think
> >>>>> that at this stage, it may be safer to map IANA "deprecated" into
> YANG's
> >>>>> "status deprecated"?
> >>>>>
> >>>>
> >>>> Yes, this was discussed repeatedly in NETMOD and DNSOP WGs. I think
> >> we
> >>>> currently have to use RFC 7950 for the status definitions, and so in
> YANG
> >>>>
> >>>>     o  "deprecated" indicates an obsolete definition, but it permits
> >>>>        new/continued implementation in order to foster
> interoperability
> >>>>        with older/existing implementations.
> >>>>
> >>>> This is incompatible with the meaning of "deprecated" in IANA
> >>>> registries, which is per RFC 8126: "use is not recommended".
> >>>
> >>> I don't think that there is a perfect answer here, and I think that
> for the
> >>> moment we are looking for the least bad option.
> >>>
> >>> The YANG and IANA definitions of deprecated are obviously different,
> >>> but it isn't clear to me how different they actual are from those
> definitions.
> >>>
> >>> E.g., in neither case do they indicate why they are going away (e.g.,
> >>> because they are no longer used, or there is a better way, or there is
> a
> >>> security issue).
> >>>
> >>> I would also argue that "use is not recommended" applies to the YANG
> >>> "deprecated" as well, and generally matches what I understand what
> >> deprecated means.
> >>
> >> One strong case that was mentioned in DNSOP discussions was a
> >> compromised crypto algorithm. It will be marked as deprecated in IANA
> >> registries, and it is highly undesirable to "foster interoperability"
> by using it.
> >>
> >> In fact, this I-D started with mapping IANA deprecated/obsolete to the
> same
> >> term in YANG (which is what RFC 7224 does), but we were forced to
> change it
> >> due to the above objection.
> >>
> >>>
> >>> But ultimately there are two choices here:
> >>>
> >>> (1) Map both IANA deprecated and obsolete to YANG obsolete as your
> >> draft
> >>> proposes.  If the text in draft-ietf-netmod-yang-module-versioning-02
> gets
> >>> standardized then this means that there will be no way to indicate a
> DNS
> >>> class type that shouldn't be used anymore and is going away.  Either
> it is
> >>> "current" and can/should be implemented, or it is "obsolete" and it
> cannot
> >> be
> >>> used once the server pulls in the new revision of the types YANG
> file.  I.e.,
> >>> there isn't even a mechanism to deviate it to indicate that it is still
> >> supported,
> >>> there is no possible transition window.
> >>
> >> Maybe the RFC can then be updated to reflect this evolution? In our
> view,
> >> mapping both terms to "obsolete" in YANG is currently the safest option.
> >>
> >>>
> >>> (2) Map IANA deprecated -> YANG deprecated.  IANA obsolete -> YANG
> >>> obsolete.  With vanilla RFC 7950, the server may or may not
> >>> implement the deprecated value, and it can use a deviation to be
> >>> explicit.  If draft-ietf-netmod-yang-module-versioning-02 gets
> >>> standardized: The server is expected to implement it or use a
> >>
> >> You probably mean "The server is expected NOT to implement it or ...",
> >> right?
> >>
> >>> deviation.  I.e., there is still a mechanism to allow a server to
> >>> implement if they need to, but equally they can also choose not to
> >>> implement it.
> >>>
> >>> I'm still of the opinion that (2) is the least bad option out of the
> two above.
> >>
> >> Our YANG module probably doesn't have anything as critical as crypto
> >> algorithms, so it might work. I am a bit worried about the reaction of
> DNSOP
> >> WG though: it will open another round of discussion, and some people
> might
> >> fiercely oppose this change. This seemingly simple I-D was started
> already
> >> almost 3 years ago. :-/
> >>
> >>>
> >>> A third possibility, a variant of (2), would be to map IANA deprecated
> to
> >> YANG
> >>> deprecated, but also update the type description to indicate that "Per
> the
> >>> IANA [XXX] definition of 'deprecated', use is not recommended.  New
> >>> implementation should not use it; existing implementations should phase
> >>> out support for it."
> >>
> >> This would be possible, too, but my concern about further delays still
> >> applies, so I would prefer to avoid any changes.
> >>
> >> Pragmatically, I don't think that a DNS CLASS or RR TYPE will ever
> become
> >> deprecated (obsolete is OK), so it might be a non-issue anyway.
> >>
> >> Cheers, Lada
> >>
> >>>
> >>>
> >>>
> >>>>
> >>>> I agree that this discrepancy should be solved in a new version of
> YANG,
> >>>> possibly along the lines of
> draft-ietf-netmod-yang-module-versioning-02,
> >>>> but we can't wait for that with this draft.
> >>>
> >>> Agreed.  I'm not suggesting that we wait.
> >>>
> >>> Regards,
> >>> Rob
> >>>
> >>>
> >>>>
> >>>>>
> >>>>>
> ----------------------------------------------------------------------
> >>>>> COMMENT:
> >>>>>
> ----------------------------------------------------------------------
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> Thanks for this document.  I think that documenting this fields in
> YANG
> >> is a
> >>>> good thing.
> >>>>>
> >>>>> One minor nit:
> >>>>>
> >>>>> In an couple of places you have used 'analogically' but perhaps meant
> >>>> 'analogously' instead?
> >>>>
> >>>> Yes, I will change all occurrences.
> >>>>
> >>>> Thanks, Lada
> >>>>
> >>>>>
> >>>>> Thanks,
> >>>>> Rob
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> Ladislav Lhotka
> >>>> Head, CZ.NIC Labs
> >>>> PGP Key ID: 0xB8F92B08A9F76C67
> >>
> >> --
> >> Ladislav Lhotka
> >> Head, CZ.NIC Labs
> >> PGP Key ID: 0xB8F92B08A9F76C67
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
> >
>
>

-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra

v2.23.0 | Report a Bug | By Email