Re: [DNSOP] Mapping IANA deprecated to YANG status deprecated [was RE: Robert Wilton's Discuss on draft-ietf-dnsop-iana-class-type-yang-03: (with DISCUSS and COMMENT)]
Warren Kumari <warren@kumari.net> Wed, 16 June 2021 23:27 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1643A0BDB for <dnsop@ietfa.amsl.com>; Wed, 16 Jun 2021 16:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZen787D3vUb for <dnsop@ietfa.amsl.com>; Wed, 16 Jun 2021 16:26:54 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A373A0BCE for <dnsop@ietf.org>; Wed, 16 Jun 2021 16:26:53 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id r16so6132519ljk.9 for <dnsop@ietf.org>; Wed, 16 Jun 2021 16:26:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gyqndlJtIjOBZc4/P937g7Fu+sDr7be2Rp89lYegzk0=; b=r28P6nEP6sI5Wu9jsSbky6cGvb4kecT8lYRNHduJqUtVBt/fkA40bPrTlegSC0022e 66AOCTeoWXChU9u9DPkNWmmkaKgXojYxf5hDoaaasFc4ODo61xGmtYuLTJYus418TA3e vwg4qNRd4fdhQe9MZwsuzo7X/dvxPoJgoitKbLZN3GJ9Q8fqawDykVQGoSXMhOzIN1ym ynRJfpcd8dvjqWAEV13yrw698XYxCOqJ24bx6ojllFJgNZrj6UBLy87lcJn51LeujgLE z6iM90x/WnZCwHE2cYubZDKdkVMp0NyeElbcvp0krdgq7aHoFopDeQQD2a75i9w4W8fV Ge5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gyqndlJtIjOBZc4/P937g7Fu+sDr7be2Rp89lYegzk0=; b=HjJBUktTP7wTlhafj1ilNdnGqo5K6blOC8HDiFtRw43NnCT8/CLR4UN+YaENMtiT0K 1DUp0rFSfgP4QBPgAAlOQEgiRdjxsBM4Hc67LLNCEiwqFz5I4jMg4lvgu6fUOW4RIIth 4spEYY7LvQc4ceMup4upddrNhuAqogtv6oFVaN3FEvS657QkeJG3tKS0jkbnMqpkHuqZ C65P47RktvnCRvhW0ttn578d3FJ1SIyUtn/cKZ8M/EcVP+I5Ismc4GFNAPRqKTX8yKW2 bN88N/p9otfPhBFtXIpk+vJu0ZpWmwplKCKp2YK90JJOU6L26afpg8rwongsC1VElVGW ad5w==
X-Gm-Message-State: AOAM5312VxrtCTf275PA6iSsdDUMm8sJFQlagVsCFus246Bo3zwZRV54 5Pmx+g3UeIT7lHmck7KOvGQNvKJo8Xy/PJnl6F4ZQw==
X-Google-Smtp-Source: ABdhPJxkDRAadGZOXARL5RAQpC2/5QRJ/gkT4Vj17oVNCs47nSpV4r2xF6yAvwpnApwNKjpI5YdF0G+2fCVq1wV7gIE=
X-Received: by 2002:a2e:a787:: with SMTP id c7mr1964760ljf.309.1623886010536; Wed, 16 Jun 2021 16:26:50 -0700 (PDT)
MIME-Version: 1.0
References: <DM4PR11MB5438640E293969D040407683B5359@DM4PR11MB5438.namprd11.prod.outlook.com> <b0426518-2b91-3eb0-1b2e-ddd0ac606b7c@NLnetLabs.nl>
In-Reply-To: <b0426518-2b91-3eb0-1b2e-ddd0ac606b7c@NLnetLabs.nl>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 16 Jun 2021 19:26:14 -0400
Message-ID: <CAHw9_i+dHjyhhwX+o=VueW5Ax9zjYvH0E3P5gpShT29LCj_bwQ@mail.gmail.com>
To: Benno Overeinder <benno@nlnetlabs.nl>
Cc: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "draft-ietf-dnsop-iana-class-type-yang@ietf.org" <draft-ietf-dnsop-iana-class-type-yang@ietf.org>, Ladislav Lhotka <ladislav.lhotka@nic.cz>, The IESG <iesg@ietf.org>, Paul Wouters <paul@nohats.ca>, "michelle.cotton@iana.org" <michelle.cotton@iana.org>
Content-Type: multipart/alternative; boundary="000000000000d0669005c4ea6c97"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RMNdPu33MdjUTwTH6K_XjQLy9Ls>
Subject: Re: [DNSOP] Mapping IANA deprecated to YANG status deprecated [was RE: Robert Wilton's Discuss on draft-ietf-dnsop-iana-class-type-yang-03: (with DISCUSS and COMMENT)]
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 23:27:00 -0000
Thank you all. Having heard no objections, we will go with Rob's proposed text. Lada / Petr, please fold in this change, and then poke me LOUDLY and I'll hit the "Go!" button... Thanks all, W On Wed, Jun 16, 2021 at 7:00 AM Benno Overeinder <benno@nlnetlabs.nl> wrote: > Thank you Rob. > > I am the document shepherd, but reply with no hats. > > I understand the concern, and I am fine with the proposed change. > Best, > > -- Benno > > > On 10/06/2021 18:05, Rob Wilton (rwilton) wrote: > > Hi DNS Ops, > > > > Warren, Lada and I discussed this further today. Warren and I think > that mapping IANA deprecated to YANG deprecated is the right behaviour > here, and Lada is fine with either outcome. > > > > The main concern of mapping from IANA 'deprecated' to YANG 'status > obsolete' is that it would force a hard transition if any DNS classes or > RR's ever needed to be deprecated. I.e., when a server picks up a new > version of the generated YANG types file it would be obliged to immediately > remove support for the 'status obsolete' definition with no grace period > and no option to continue using it (RFC 7950 describes this is a SHOULD > NOT, but this constraint is effectively stronger in the versioning related > drafts currently progressing in the NETMOD WG). > > > > So, the following change is proposed: > > > > OLD: > > "status": Include only if a class or type registration has been > > deprecated or obsoleted. In both cases, use the value "obsolete" > > as the argument of the "status" statement. > > > > NEW: > > "status": Include only if a class or type registration > has been > > deprecated or obsoleted. IANA "deprecated" maps to YANG > > status "deprecated", and IANA "obsolete" maps to YANG status > > "obsolete". > > > > Does anyone in the WG strongly object to this change? If so, please let > us know by Wed's 16th. > > > > Regards, > > Rob > > > > > >> -----Original Message----- > >> From: Ladislav Lhotka <ladislav.lhotka@nic.cz> > >> Sent: 10 June 2021 12:37 > >> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>; > >> Warren Kumari <warren@kumari.net>; michelle.cotton@iana.org > >> Cc: draft-ietf-dnsop-iana-class-type-yang@ietf.org; > dnsop-chairs@ietf.org; > >> dnsop@ietf.org; benno@NLnetLabs.nl > >> Subject: RE: Robert Wilton's Discuss on > draft-ietf-dnsop-iana-class-type-yang- > >> 03: (with DISCUSS and COMMENT) > >> > >> "Rob Wilton (rwilton)" <rwilton@cisco.com> writes: > >> > >>> Hi Lada, > >>> > >>> I've also copied Michelle on - since I think that it would be helpful > for IANA > >> to at least be aware of this discussion. > >>> > >>> Sorry for being slow to get back to you. I've expanded on my discuss > >> comment below, but it may be helpful for you, Warren, I, possibly > Michelle, > >> to have a quick chat to see if we can resolve it. > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: Ladislav Lhotka <ladislav.lhotka@nic.cz> > >>>> Sent: 03 June 2021 14:17 > >>>> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org > > > >>>> Cc: draft-ietf-dnsop-iana-class-type-yang@ietf.org; > dnsop-chairs@ietf.org; > >>>> dnsop@ietf.org; benno@NLnetLabs.nl > >>>> Subject: Re: Robert Wilton's Discuss on > draft-ietf-dnsop-iana-class-type- > >> yang- > >>>> 03: (with DISCUSS and COMMENT) > >>>> > >>>> Hi Rob, > >>>> > >>>> On 03. 06. 21 13:16, Robert Wilton via Datatracker wrote: > >>>> > >>>> ... > >>>> > >>>>> > ---------------------------------------------------------------------- > >>>>> DISCUSS: > >>>>> > ---------------------------------------------------------------------- > >>>>> > >>>>> Hi, > >>>>> > >>>>> One issue that I think we should should discuss and resolve (sorry > for > >> the > >>>> late > >>>>> discuss ballot): > >>>>> > >>>>> In section 4, it states: > >>>>> > >>>>> "status": Include only if a class or type registration has been > >>>>> deprecated or obsoleted. In both cases, use the value > "obsolete" > >>>>> as the argument of the "status" statement. > >>>>> > >>>>> I know that we have had some previous discussion on this on Netmod, > >> but, > >>>> if > >>>>> draft-ietf-netmod-yang-module-versioning-02 gets standardized then it > >> will > >>>>> effectively evolve YANG's "status deprecated" into "must implement or > >>>>> explicitly deviate" and YANG's "status obsolete" into "must not > >> implement". > >>>> It > >>>>> wasn't clear to me that marking one of these fields as being > deprecated > >> in > >>>> an > >>>>> IANA registry would mean that existing implementations must stop > >> using it > >>>> if > >>>>> they migrate to a new version of the generated YANG module. Hence, I > >>>> think > >>>>> that at this stage, it may be safer to map IANA "deprecated" into > YANG's > >>>>> "status deprecated"? > >>>>> > >>>> > >>>> Yes, this was discussed repeatedly in NETMOD and DNSOP WGs. I think > >> we > >>>> currently have to use RFC 7950 for the status definitions, and so in > YANG > >>>> > >>>> o "deprecated" indicates an obsolete definition, but it permits > >>>> new/continued implementation in order to foster > interoperability > >>>> with older/existing implementations. > >>>> > >>>> This is incompatible with the meaning of "deprecated" in IANA > >>>> registries, which is per RFC 8126: "use is not recommended". > >>> > >>> I don't think that there is a perfect answer here, and I think that > for the > >>> moment we are looking for the least bad option. > >>> > >>> The YANG and IANA definitions of deprecated are obviously different, > >>> but it isn't clear to me how different they actual are from those > definitions. > >>> > >>> E.g., in neither case do they indicate why they are going away (e.g., > >>> because they are no longer used, or there is a better way, or there is > a > >>> security issue). > >>> > >>> I would also argue that "use is not recommended" applies to the YANG > >>> "deprecated" as well, and generally matches what I understand what > >> deprecated means. > >> > >> One strong case that was mentioned in DNSOP discussions was a > >> compromised crypto algorithm. It will be marked as deprecated in IANA > >> registries, and it is highly undesirable to "foster interoperability" > by using it. > >> > >> In fact, this I-D started with mapping IANA deprecated/obsolete to the > same > >> term in YANG (which is what RFC 7224 does), but we were forced to > change it > >> due to the above objection. > >> > >>> > >>> But ultimately there are two choices here: > >>> > >>> (1) Map both IANA deprecated and obsolete to YANG obsolete as your > >> draft > >>> proposes. If the text in draft-ietf-netmod-yang-module-versioning-02 > gets > >>> standardized then this means that there will be no way to indicate a > DNS > >>> class type that shouldn't be used anymore and is going away. Either > it is > >>> "current" and can/should be implemented, or it is "obsolete" and it > cannot > >> be > >>> used once the server pulls in the new revision of the types YANG > file. I.e., > >>> there isn't even a mechanism to deviate it to indicate that it is still > >> supported, > >>> there is no possible transition window. > >> > >> Maybe the RFC can then be updated to reflect this evolution? In our > view, > >> mapping both terms to "obsolete" in YANG is currently the safest option. > >> > >>> > >>> (2) Map IANA deprecated -> YANG deprecated. IANA obsolete -> YANG > >>> obsolete. With vanilla RFC 7950, the server may or may not > >>> implement the deprecated value, and it can use a deviation to be > >>> explicit. If draft-ietf-netmod-yang-module-versioning-02 gets > >>> standardized: The server is expected to implement it or use a > >> > >> You probably mean "The server is expected NOT to implement it or ...", > >> right? > >> > >>> deviation. I.e., there is still a mechanism to allow a server to > >>> implement if they need to, but equally they can also choose not to > >>> implement it. > >>> > >>> I'm still of the opinion that (2) is the least bad option out of the > two above. > >> > >> Our YANG module probably doesn't have anything as critical as crypto > >> algorithms, so it might work. I am a bit worried about the reaction of > DNSOP > >> WG though: it will open another round of discussion, and some people > might > >> fiercely oppose this change. This seemingly simple I-D was started > already > >> almost 3 years ago. :-/ > >> > >>> > >>> A third possibility, a variant of (2), would be to map IANA deprecated > to > >> YANG > >>> deprecated, but also update the type description to indicate that "Per > the > >>> IANA [XXX] definition of 'deprecated', use is not recommended. New > >>> implementation should not use it; existing implementations should phase > >>> out support for it." > >> > >> This would be possible, too, but my concern about further delays still > >> applies, so I would prefer to avoid any changes. > >> > >> Pragmatically, I don't think that a DNS CLASS or RR TYPE will ever > become > >> deprecated (obsolete is OK), so it might be a non-issue anyway. > >> > >> Cheers, Lada > >> > >>> > >>> > >>> > >>>> > >>>> I agree that this discrepancy should be solved in a new version of > YANG, > >>>> possibly along the lines of > draft-ietf-netmod-yang-module-versioning-02, > >>>> but we can't wait for that with this draft. > >>> > >>> Agreed. I'm not suggesting that we wait. > >>> > >>> Regards, > >>> Rob > >>> > >>> > >>>> > >>>>> > >>>>> > ---------------------------------------------------------------------- > >>>>> COMMENT: > >>>>> > ---------------------------------------------------------------------- > >>>>> > >>>>> Hi, > >>>>> > >>>>> Thanks for this document. I think that documenting this fields in > YANG > >> is a > >>>> good thing. > >>>>> > >>>>> One minor nit: > >>>>> > >>>>> In an couple of places you have used 'analogically' but perhaps meant > >>>> 'analogously' instead? > >>>> > >>>> Yes, I will change all occurrences. > >>>> > >>>> Thanks, Lada > >>>> > >>>>> > >>>>> Thanks, > >>>>> Rob > >>>>> > >>>>> > >>>>> > >>>> > >>>> -- > >>>> Ladislav Lhotka > >>>> Head, CZ.NIC Labs > >>>> PGP Key ID: 0xB8F92B08A9F76C67 > >> > >> -- > >> Ladislav Lhotka > >> Head, CZ.NIC Labs > >> PGP Key ID: 0xB8F92B08A9F76C67 > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > > > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
- [DNSOP] Mapping IANA deprecated to YANG status de… Rob Wilton (rwilton)
- Re: [DNSOP] Mapping IANA deprecated to YANG statu… Benno Overeinder
- Re: [DNSOP] Mapping IANA deprecated to YANG statu… Warren Kumari
- Re: [DNSOP] Mapping IANA deprecated to YANG statu… Ladislav Lhotka
- Re: [DNSOP] Mapping IANA deprecated to YANG statu… Rob Wilton (rwilton)
- Re: [DNSOP] Mapping IANA deprecated to YANG statu… Warren Kumari