IETF Logo Mail Archive

Re: [Dots] AD review of draft-ietf-dots-data-channel-25

Benjamin Kaduk <kaduk@mit.edu> Wed, 27 February 2019 14:45 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC24C130FD9; Wed, 27 Feb 2019 06:45:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvdFElpjkSmx; Wed, 27 Feb 2019 06:45:04 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770132.outbound.protection.outlook.com [40.107.77.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35603130FCF; Wed, 27 Feb 2019 06:45:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UtpA/Tc3sOqTyh1ilUnU2ON1OHaewKFiK8pJ+NhKN2E=; b=TljE2fxY4AOtV0HmxFdW6AElEYiBcFy4BHbu/YCXL5epp1kVUa7HOH4DWmoXRjCi0HVOtyfwZuDOzV81lVQsU9DMLlwYfpoXfVUyCn3v2PonU/s8ANan9jZwI7o/o08yyaVlkqcPebUiWv5O8zAy7bGTTegtFCfeVxUm+5stx14=
Received: from MN2PR01CA0011.prod.exchangelabs.com (2603:10b6:208:10c::24) by DM6PR01MB4857.prod.exchangelabs.com (2603:10b6:5:6d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Wed, 27 Feb 2019 14:45:02 +0000
Received: from CO1NAM03FT003.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::200) by MN2PR01CA0011.outlook.office365.com (2603:10b6:208:10c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1665.15 via Frontend Transport; Wed, 27 Feb 2019 14:45:01 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT003.mail.protection.outlook.com (10.152.80.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Wed, 27 Feb 2019 14:45:01 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1REivD2031210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Feb 2019 09:44:59 -0500
Date: Wed, 27 Feb 2019 08:44:57 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: mohamed.boucadair@orange.com
CC: "draft-ietf-dots-data-channel@ietf.org" <draft-ietf-dots-data-channel@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Message-ID: <20190227144456.GJ53396@kduck.mit.edu>
References: <20190213164622.GX56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1F03D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190214191707.GM56447@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA1FCF6@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <20190227041011.GG53396@kduck.mit.edu> <787AE7BB302AE849A7480A190F8B93302EA25FC4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA25FC4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(136003)(39860400002)(396003)(346002)(376002)(2980300002)(52314003)(189003)(199004)(52284002)(54906003)(106002)(8676002)(246002)(2351001)(23756003)(956004)(6916009)(86362001)(478600001)(26826003)(36906005)(8936002)(5660300002)(7696005)(76176011)(229853002)(356004)(106466001)(305945005)(53416004)(55016002)(66574012)(1076003)(58126008)(30864003)(786003)(316002)(93886005)(2906002)(4326008)(6246003)(47776003)(486006)(476003)(14444005)(126002)(33656002)(11346002)(446003)(336012)(426003)(26005)(186003)(75432002)(104016004)(2870700001)(88552002)(50466002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB4857; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c1357eb5-8c37-4d2f-7976-08d69cc2274b
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:DM6PR01MB4857;
X-MS-TrafficTypeDiagnostic: DM6PR01MB4857:
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4857; 20:lrmEl5xEZTf4SX0Sp3oHZibI/6WE8eqp6l3xs+uiiNZic6EesUC5PDBpaj1xQv6LOGjDfzKGCUcHLBcpWjWS2o6HiRemHd7hQOVPrLKVxTbuvf2NC6UyKqa2zDgAWdDAcfLtNOoFWleprasXiFr+JlE81ZW7UwvriX0ewtV8pDjuLNU7dg5tf93jtpL1FPZJj3cbPNBJPzoJ2dnSpvJRcMRNnE7QFwVW5uKn5rClaHsbtVbNFaSq6Isye90IOgTB/spgD/JTY9Vxawc648Psrf/0zzeX2uMcNnQMjSK3U5Mk6rJ2XEjurj5DCIhI3njT8dAAm8RNDt6g8yhgF0kbKal1US18T+cJycvNsSEdHreXw55Y3QgU2Es/1dpR+Iq/hylieskJR0JhBDhtgynNcZqa6dwZry3Pm+pgy7uUXm7AyF2S7S1ehsm/1yymqSZHBSY8wfjfdVzuD80mmAywSNicONysJZId1ka6bNH09izJd6/zE2dTmx/p50n7pNxK2poc92XAyZmx3BmL653AdyUOwBGgSc1gkJKYYVAr5wMxf2HfVSmccne7Viy1Qk5Lnzjpnn37KLVQcmabhqdvL/4k9GRnPsR6SuLFnYnk5d0=
X-Microsoft-Antispam-PRVS: <DM6PR01MB4857759FBA951C261EE3A51EA0740@DM6PR01MB4857.prod.exchangelabs.com>
X-Forefront-PRVS: 0961DF5286
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4857; 23:35eDv6hd/DN6XGbExhQWTHz7INKGOLb/Zfp0TFfBm9qaq1eTLcBVMKfbvMqUiJw9wVAQxVXCfKELYlCfuTnvMJPFAEYfjZkANFmYTTjgKZ/2IxCB2aOv+7A71P8dHj6KPg0hYqrU62cvqsTvF4q/+VoL3xlzJrtnQvG/MFfauqP4PAD+2yKRbRi0STToWUYBzOmPZmNDa/abRxIPF49hhQvrT3LPNvV01OuVXoY3pyY+iESyU1faOkNLPrguw0ReWntHMRx+suyeA2MtOnLkARmLB2XZ+9PtPgHWumtsUiTQ4lvD0WCYFQ/FB1JYUO8pthg4xUddKvh2sJDTih+qThn05njvx0Iia+Rbyt4U0ZrFZ48hJeBHKjBXJuY8kHwKxXPmhYLLVW1RWfrG7JK7X5VF40PBnZV5MtMrZ8QY4ZhySmFrJsRYVndkOUbWxZVEVpKiyKciTfpB/E+9T3nDc35v9XPBf8M8fXs3cS36zFSkasB2CvHvfVvO+i6lc1n7aFFkYu5WRMDZ0pb5HEST6g4Bf1AwC3M0Xxjeqxyqd+By8WVngroiiBBNo5u+SZ7iRmMBEG6NSVQwl5a3fWrwj1vNnH6ikUU2JwA6NsIvqvYPnUjwCGyDhn62rMtAuWu3E3EeZsPVeiTMU402SzHY6OT16oaD0Qx158Oc/Cv+mTFmjXoqJtkRJlTEM4w7L9H1aeeR+N8lJPPXZzzNbJTrrVRQAz+5pnS6QZccUtFFfYDy4FCv6m9tyiq1H+c12k7JDhBc4AhJuBWiVequgLDpWxvTLou1sidqTWmZDO0X3A/3QKU+kR1NtgnZUhpAjlpRvA0V7mwYkmLWN3HoJzYWd7RgvM/JXEtqQiyXuz45fxUm77K1d65gn8P8wsPdqr97GrP2gHBmTFXpsR7YW78z3qMSTJfGPs3RjKNPzTTFWT9x/97ijJTYbYXxAyLEPvZ+T90A8fegxCOonfDt0nwHi2/EsoSPbCwnRwbL0Ur0QPODOMIhu4h5OKXfH6FG5uB1EwJb5e+JMcNa0xLVmt37ej3zHVH0+OU7ssJ4DWEMUADVOro6zbKZBtHRgE0/wFGDGH8iSMssShaepWfZlYrVvA7bTAQbjmk8ekvpqbb7tjvAGQuRT5KzAb0w8RfrcDh+mr2zpTTW0x2EwrUFLA7wd5dM28srWc2ymm5X0oB8Cd2FFPyTLl+PN2aGPBkLz4SHGm7IaLSa09D40Apt0Ap815dfdBIIPnBU2dcG7Ga8mbrekgIUF4ZNVTip91ATuNdhBy8a6bOAgAoYBO5BWCoxIwTcDM1NrYKNY7ymBihOvwQ=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 9+zfpVEnxUepm7kv2NEOx9uvHhw28bVfAZKrks61+6NGzE+jLZNqI2Licje5vhSR2ktm9weeCGsybQzc8kiN9QaiKc66vywPQwd3MNpqE3rsx3tpGnUyLh2Y7Vf+vv5nWJ7NSxvmtHYSMQrrnS6GXfEatL98GkPZwLHSvidoqLms4KIwuKcrB2E3GviG+aPQV4+5DtrMxM82IOtmkiQWA5UTgJN75Q+wScmmRrutdxH1AzUGa0cIK0vQJU+c31Fci4as+NVes0V5xUw/823F8g8qr6cNVHwPAP2KSWEnJrmMH0/cYUhdYb17RATeZXkvbpI1DGUYFu7oogPS6j5MJrltqsbKznvTUzvC7/W8JZHWjLdHkSK68891Zyu0wE7AQmltvH2OiD5jQfygiSeotE83ZBE4n4JRio4NnJRxZp0=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2019 14:45:01.3117 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c1357eb5-8c37-4d2f-7976-08d69cc2274b
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB4857
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/97WW9If-aui4sw1aagOnqN-YS8g>
Subject: Re: [Dots] AD review of draft-ietf-dots-data-channel-25
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 14:45:07 -0000

On Wed, Feb 27, 2019 at 10:25:36AM +0000, mohamed.boucadair@orange.com wrote:
> Hi Ben, 
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> > Envoyé : mercredi 27 février 2019 05:10
> > À : BOUCADAIR Mohamed TGI/OLN
> > Cc : draft-ietf-dots-data-channel@ietf.org; dots@ietf.org
> > Objet : Re: AD review of draft-ietf-dots-data-channel-25
> > 
> > On Fri, Feb 15, 2019 at 09:36:26AM +0000, mohamed.boucadair@orange.com wrote:
> > > Hi Ben,
> > >
> > > Please see inline.
> > >
> > 
> > Thanks.  The -27 is in good enough shape that I've requested the IETF last
> > call; we can finish discussing the last few topics here in parallel.
> > 
> 
> [Med] Sure. 
> 
> > >
> > > > -----Message d'origine-----
> > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> > > > Envoyé : jeudi 14 février 2019 20:17
> > > > À : BOUCADAIR Mohamed TGI/OLN
> > > > Cc : draft-ietf-dots-data-channel@ietf.org; dots@ietf.org
> > > > Objet : Re: AD review of draft-ietf-dots-data-channel-25
> > > >
> > > > Hi Med,
> > > >
> > > > On Thu, Feb 14, 2019 at 02:31:26PM +0000, mohamed.boucadair@orange.com
> > wrote:
> > > > > Hi Ben,
> > > > >
> > > > > Thank you for the review.
> > > > >
> > > > > Please see inline.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu]
> > > > > > Envoyé : mercredi 13 février 2019 17:46
> > > > > > À : draft-ietf-dots-data-channel@ietf.org
> > > > > > Cc : dots@ietf.org
> > > > > > Objet : AD review of draft-ietf-dots-data-channel-25
> > > > > >
> > > > > > This is my AD review of the -25
> > > > > >
> > > > > > I see that Med made a commit on github that preemptively addressed at
> > > > least
> > > > > > one of these comments, but will trust the authors to do to the right
> > > > thing
> > > > > > with anything in here that's stale.
> > > > > >
> > > > > > A handful of generic and/or high-level comments before the
> > > > > > section-by-section nitty-gritty stuff.
> > > > > >
> > > > > > The author count is large (7); RFC 7322 notes that the stream
> > approver
> > > > > > (i.e., the IESG) will ask questions if the count is more than five.
> > What
> > > > > > should I tell people when they ask?  (The authors are listed also in
> > the
> > > > > > YANG module itself, if changes are made.)
> > > > >
> > > > > [Med] Actually, the set of co-authors of the YANG module is not exactly
> > the
> > > > same.
> > > >
> > > > Whoops, my bad for not checking.
> > > >
> > > > > Anyway, in order to comply with the rules and avoid spending extra
> > cycles
> > > > on this, we added a new section called "Contributing Authors".
> > Nevertheless,
> > > > the set of authors is not modified in the YANG module.
> > > >
> > > > Thanks.  (To be clear, I'm happy to go to bat for everyone with the IESG
> > > > for this sort of thing, I just need an argument to present that's not me
> > > > making things up.)
> > > >
> > > > I don't know of a specific policy for YANG module authorship, so that
> > part
> > > > should be okay as far as I know.
> > > >
> > > > > >
> > > > > > Can someone (the shepherd?) confirm that an automated syntax checker
> > has
> > > > > > run over the JSON in examples?
> > > > > >
> > > > > > The concept of "DOTS client domain" is being used for actual protocol
> > > > > > purposes here (most notably as a bound on the prefix(es) that a
> > client
> > > > can
> > > > > > request mitigation for, but I don't remember seeing a formal
> > definition
> > > > for
> > > > > > how any DOTS actor would know the specific bounds of such a client
> > > > domain.
> > > > > > Is there text somewhere that I missed that we can point to, or will
> > we
> > > > need
> > > > > > to add some?
> > > > >
> > > > > [Med] Both "DOTS client domain" and "DOTS server domain" are used in
> > the
> > > > architecture draft. "DOTS client's domain" and "DOTS server's domain" are
> > > > also used in the architecture and requirements I-D.
> > > > >
> > > > > If a formal definition is needed, I prefer this to be done in the
> > > > architecture or the requirements I-D.
> > > >
> > > > I think it would be a somewhat better fit in the architecture document,
> > > > just to note that the "domain" is something that can concretely be
> > > > demarcated by IP addresses/prefixes (as opposed to a more nebulous
> > concept
> > > > to aid conceptual understanding).
> > > >
> > >
> > > [Med] Let's add that text into the architecture I-D.
> > 
> > Okay.  Tiru had a follow-up about how servers can identify DOTS client's
> > domains, which is okay but not quite what I was aiming for.  In the text
> > Tiru quoted, we note that
> > 
> >    The DOTS server enforces authorization of DOTS clients' signals for
> >    mitigation.  The mechanism of enforcement is not in scope for this
> >    document, but is expected to restrict requested mitigation scope to
> >    addresses, prefixes, and/or services owned by the DOTS client's
> >    administrative domain, such that a DOTS client from one domain is not
> >    able to influence the network path to another domain.
> > 
> > I was hoping to see something like "For a given client (administrative)
> > domain, the DOTS server needs to be able to determine whether a given
> > resource is in that domain.  This could take the form of associating a set
> > of IP Prefixes per domain, for example."  But I'm open to being persuaded
> > that the existing text conveys the same meaning.
> > 
> 
> [Med] Your proposed wording can be added to the architecture I-D, IMHO.
> 
> FWIW, we do have this text in the protocol spec: 
> 
>    DOTS servers MUST verify that requesting DOTS clients are entitled to
>    enforce filtering rules on a given IP prefix.  That is, only
>    filtering rules on IP resources that belong to the DOTS client's
>    domain can be authorized by a DOTS server.  The exact mechanism for
>    the DOTS servers to validate that the target prefixes are within the
>    scope of the DOTS client's domain is deployment-specific.

To me that text is just reading that it mandates authorization checks,
whereas the text in the data-channel document that prompted this comment
has me thinking that the DOTS server needs an explicit mapping between
"DOTS client domain" and "this set of IP addresses and/or other
identifiers", which is a slightly different thing.

> > > > > >
> > > > > > We don't say much about what validation the server does on input
> > data,
> > > > and
> > > > > > we probably should.  For example, does the server need to validate
> > 'cuid'
> > > > >
> > > > > [Med] We avoided to be redundant here. This is covered by this text:
> > > > >
> > > > > "This attribute has the same
> > > > >       meaning, syntax, and processing rules as the 'cuid' attribute
> > > > >       defined in [I-D.ietf-dots-signal-channel]."
> > > > >
> > > > > > and/or 'cdid' in dots-client-creation requests?
> > > > >
> > > > > [Med] This is covered by this text:
> > > > >
> > > > > "This attribute has the same meaning, syntax, and processing
> > > > >       rules as the 'cdid' attribute defined in
> > > > >       [I-D.ietf-dots-signal-channel]"
> > > >
> > > > I guess I'm mostly just concerned about if there's anything that doesn't
> > > > translate directly, since the CoAP and HTTP constructs would have to
> > > > describe the formal validation in somewhat different terms (i.e., for
> > > > consistency between URL paths and message bodies).  But in general I'm
> > > > happy to avoid redundancy as you desire.
> > > >
> > > > > And other parts in the text such as:
> > > > >
> > > > >    If the request is received via a server-domain DOTS gateway, but the
> > > > >    DOTS server does not maintain a 'cdid' for this 'cuid' while a
> > 'cdid'
> > > > >    is expected to be supplied, the DOTS server MUST reply with "403
> > > > >    Forbidden" status-line and the error-tag "access-denied".  Upon
> > > > >    receipt of this message, the DOTS client MUST register (Section 5).
> > > > >
> > > > >
> > > > >   What about validating that
> > > > > > the (e.g.) ACL name in the PUT URL matching the name in the body of
> > the
> > > > > > request?
> > > > >
> > > > > [Med] Those are supposed to be covered following RESTCONF base spec.
> > > >
> > > > Is this supposed to be RFC 8040 Section 3.5.3?  I am not sure that I'm
> > > > reading that as covering the property I want (and will double-check if
> > you
> > > > confirm that's what you have in mind).
> > > >
> > >
> > > [Med] In addition to 3.5.3, Section 4.5 specifies the rules for PUT.
> > >
> > > The main point is that the validation you mentioned is not specific to DOTS
> > but are governed by RESTCONF procedures.
> > 
> > I only see 3.5.3 as talking about how to construct a request URI for a
> > given data node in the YANG tree.
> > 
> > What I'm wondering about for the data-channel document is if there are
> > cases where a given path component of the YANG module appears both in the
> > request URI and in the data in the request body.  If so, it seems that the
> > server will need to verify that the redundant data agree, and I still don't
> > see where this is mandated by RFC 8040.  (Sorry if I am being dense.)
> > 
> 
> [Med] I hear you. As mentioned in my previous answer, this is covered in Section 4.5 of RFC8040:
> 
>    If the target resource represents a YANG leaf-list, then the PUT
>    method MUST NOT change the value of the leaf-list instance.
> 
>    If the target resource represents a YANG list instance, then the key
>    leaf values, in message-body representation, MUST be the same as the
>                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    key leaf values in the request URI.  The PUT method MUST NOT be used
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    to change the key leaf values for a data resource instance.

This quoted statement is predicated on the target resource being a list
instance.  Thinking about this a little bit, I suppose that could be the
only case in which the redundant encoding arises.  So, I will drop this
topic, and thank you for your patience explaining the situation to me.

-Ben

v2.23.0 | Report a Bug | By Email