[Gen-art] Gen-Art requested early review: draft-ietf-netconf-restconf-09

Robert Sparks <rjsparks@nostrum.com> Wed, 20 January 2016 19:41 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B2131ACDCC; Wed, 20 Jan 2016 11:41:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onW7ZgiOD-mA; Wed, 20 Jan 2016 11:41:06 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19CED1ACDC7; Wed, 20 Jan 2016 11:41:03 -0800 (PST)
Received: from unnumerable.local (pool-173-57-158-165.dllstx.fios.verizon.net [173.57.158.165]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u0KJf2xW097985 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Wed, 20 Jan 2016 13:41:02 -0600 (CST) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-173-57-158-165.dllstx.fios.verizon.net [173.57.158.165] claimed to be unnumerable.local
To: General Area Review Team <gen-art@ietf.org>, netconf@ietf.org, draft-ietf-netconf-restconf.all@ietf.org
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <569FE2CE.6080008@nostrum.com>
Date: Wed, 20 Jan 2016 13:41:02 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/lvAaDyle7L6Iju9WzyesQN-I_nM>
Subject: [Gen-art] Gen-Art requested early review: draft-ietf-netconf-restconf-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2016 19:41:08 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  This is a requested early review.
Please treat these comments just like any other comments.

For more information, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-netconf-restconf-09
Reviewer: Robert Sparks
Review Date: 20Jan2015
IETF LC End Date: (not yet in IETF last call)
IESG Telechat date: (not yet scheduled)

Summary: This document has a few issues that should be addressed before 
requesting publication.

Please make sure the semantics you're giving to POST vs PUT sit well 
with HTTP experts. Similarly, please make sure you have someone steeped 
in character sets and encoding look closely at section 5.3. I'll leave 
commenting on those things to people more qualified than me. Other 
reviewers have asked for more information about the interaction of this 
use of HTTP with things like pipelining.

Major issues:

The document should explicitly discuss how the restconf protocol will be 
extended. It mentions that other documents might do that in several 
places (specifically with "Additional functionality can be defined in 
external documents, outside the scope of this document").

Section 3.4 claims a datastore resource can only be written directly 
with the optional to implement PATCH method. That does not seem 
consistent with the rest of the document.

Section 2.2 says "RESTCONF requires that the transport-layer protocol 
provides both data integrity and confidentiality, such as are provided 
by the TLS protocol [RFC5246]." and "RESTCONF implementations MUST 
support the "https" URI scheme", but I don't see any text that prohibits 
the use of RESTCONF over HTTP without TLS. If the intent was to prohibit 
that, please make it more explicit. If the intent is to allow the use of 
RESTCONF without requiring the use of TLS, the security considerations 
section (at least) needs more discussion about when doing so is a bad idea.

Section 2.3 (Certificate Validation) seems to be restating things that 
it could simply point to instead. Why not replace this section with 
something like "the RESTCONF peer will follow the procedures and 
recommendations in RFC6125."? If it's because you want this section to 
talk only about validating the client certificate, that should be 
clarified (and there is still probably something that already exists 
that you can point to rather than restate things here). The current text 
claims RFC5246 requires the peer to terminate the connection if the 
certificate path validation fails  - where in RFC5246 are you seeing that?

Should section 3.1 talk about what a client should do if more than one 
restconf link relation is returned when querying host-meta?

Section 4.3 speaks to returning different content for the same resource 
depending on what authentication is provided. Specifically "the 
unauthorized content is omitted from the response message-body, and the 
authorized content is returned to the client.". Some discussion of how 
this interacts with caching (or even the ETag mechanisms) is warranted 
here. What happens if the authorization policies for a given user 
changes - will they be able to fetch the new things they have been given 
permission to see, or will the cache, etag, or if-changed-since 
mechanics interfere?

Minor issues:

There are some requirements stated with 2119 keywords buried in the 
Introduction sections. Consider moving them to the protocol definition 
sections.

Section 2.5 cuts off the possibility of using session-based 
authentication. If that's something you want to be able to add later, 
make sure you're leaving the right extension points. (I know the typical 
restconf client won't be a browser, but for those use cases where using 
a browser makes sense, remember that browsers make it very hard to 
change identities when you are using HTTP Authentication).

In sections 4.2 and 4.3 consider explicitly saying what to return if 
something issues a HEAD or GET request against an operation resource.

The first paragraph in section 5 (before 5.1.1) seems confused in its 
use of message vs method. Please review the use of the terms and make 
sure they align with the words used in the introduction to rfc7231, for 
example.

I suggest deleting section 5.2. You already say RESTCONF uses HTTP, and 
that this section is not comprehensive. As it is, it restates things 
said in the HTTP documentation without adding anything - at best, it's 
an opportunity to introduce errors while restating things. Just point to 
HTTP instead. Similarly, the first table in section 7 could be replaced 
with a pointer to the relevant place in the HTTP specs.

Nits/editorial comments:

The introduction says a user should not need any prior knowledge of 
NETCONF to use RESTCONF. It would be good to also call out here that the 
implementer _will_ need prior knowledge of NETCONF.

The first sentence of section 2.4 ("The RESTCONF client MUST carefully 
examine the certificate presented by the RESTCONF server to determine if 
it meets the client's expectations.") adds nothing. Please delete the 
sentence or replace it with specific things the client needs to do..

The introduction says "Edits are usually applied". Why is this qualified 
with "usually"?

In the examples at the end of 3.5.1 (before 3.5.1.1), consider saying 
list1=key1,key2,key3/ instead of list1=key1val,key2val,key3val to be 
consistent with the way you refer to the elements in other places.

It would be useful to explicitly discuss what to return if a resource 
already exists in Section 4.4.1. Right now, that's specified primarily 
by an example in section 7.1.

The "MUST use this exact path" after the last bullet in 5.1 is not a 
good use of 2119. The sentence is observing a truth about the defined 
system, not placing an interoperability requirement on the client. The 
client uses the returned identifier to access the resource. If it uses 
anything else, it is not accessing the resource. I suggest replacing the 
prase with "uses this exact path".

In section 5.6, I suggest replacing "Instead of using HTTP caching" with 
"Instead of relying on HTTP caching".

Consider adding an example that shows a 500 response corresponding to a 
"partial-operation" error in NETCONF, demonstrating what information the 
client gets to distinguish this 500 from an "operation-failed" error.

There is a phrase missing in the first sentence of section 7.1. Perhaps 
"will be returned" just before the left-parenthesis?