Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
"Susan Hares" <shares@ndzh.com> Thu, 26 May 2016 17:50 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A70412D562 for <i2rs@ietfa.amsl.com>; Thu, 26 May 2016 10:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.738
X-Spam-Level: *
X-Spam-Status: No, score=1.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, RDNS_NONE=0.793] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQgxZHCw8MOs for <i2rs@ietfa.amsl.com>; Thu, 26 May 2016 10:50:45 -0700 (PDT)
Received: from hickoryhill-consulting.com (unknown [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30EE912D7E1 for <i2rs@ietf.org>; Thu, 26 May 2016 10:50:44 -0700 (PDT)
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=174.124.182.128;
From: Susan Hares <shares@ndzh.com>
To: 'Andy Bierman' <andy@yumaworks.com>, 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>, 'Jeffrey Haas' <jhaas@pfrc.org>, i2rs@ietf.org
References: <010101d1b6d0$c51fbf60$4f5f3e20$@ndzh.com> <20160525223345.GA12545@elstar.local> <CABCOCHSGa5q9mqiSk8urS3MQu40KEyqD57Ki6V+AMzkeS-WGTg@mail.gmail.com>
In-Reply-To: <CABCOCHSGa5q9mqiSk8urS3MQu40KEyqD57Ki6V+AMzkeS-WGTg@mail.gmail.com>
Date: Thu, 26 May 2016 13:50:30 -0400
Message-ID: <041e01d1b777$185ca110$4915e330$@ndzh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/JAKNkO8ofPtuVY7KY8y82XrZmwGE7LbjAWBPWuye2XMqMA==
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2rs/05IYFSSAjnUCPDcpDKcUXP3vIsE>
Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 17:50:46 -0000
Andy:
On Ephemeral-REQ-05/06: You are correct, the ephemeral indication in Yang could be an extension. Do you have a suggestion to revise the text for Ephemeral-REQ-05?
Ephemeral-REQ-05: The ability to augment an object with appropriate
YANG structures that have the property of being ephemeral. An object
defined as Yang module, schema tree, a schema node, submodule or
components of a submodule (derived types, groupings, data node, RPCs,
actions, and notifications".
Ephemeral-REQ-06: Yang MUST have a way to indicate in a data model
that nodes have the following properties: ephemeral, writable/not-
writable, status/configuration, and secure/non-secure transport. (If
you desire examples, please see [I-D.hares-i2rs-protocol-strawman]
for potential yang syntax).
Sue
From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Andy Bierman
Sent: Wednesday, May 25, 2016 10:13 PM
To: Juergen Schoenwaelder; Susan Hares; Jeffrey Haas; i2rs@ietf.org
Subject: Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-state-06.txt --
On Wed, May 25, 2016 at 3:33 PM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
On Wed, May 25, 2016 at 05:59:54PM -0400, Susan Hares wrote:
>> Juergen:
>> Thank you for your comments on the ephemeral state\
>> On Ephemeral-REQ-05, does this clarify the requirement:
>> Ephemeral-REQ-05: The ability to add on an object (or a hierarchy of
>> objects) that have the property of being ephemeral. An object defined as
> Yang module, schema tree, a schema node, submodule or components of a submodule (derived types, groupings, data node, RPCs, actions, and notifications).
> [Juergen]: I have no clue what the above sentence is trying to say. Please try to
use YANG terminology.
>> Any ephemeral object must be able to be identified by a yang key word.
>[Andy]: Why does there have to be a YANG keyword?
>This could be an extension and not a keyword, depending on how it is done. The
> extension vs. keyword debate will not be rehashed here, but there is an issue wrt/ >how the data definition is interpreted by tools/protocols that do not understand the >extension and just ignore it.
>Shared:
>
> list foo {
> i2rs:ephemeral true;
> ....
> }
I2RS-only:
> i2rs:ephemeral {
> list foo { ... }
> }
Sue: This works for me.
>> On Ephemeral-REQ-06, does this text restrict the definition to just
>> requirements:
>> "Ephemeral-REQ-06: Yang MUST have a way to
>> indicate in a data model that nodes have the following
>> properties: ephemeral, writable/not-writable, status/configuration,
>> and secure/non-secure transport.
>> (If you desire examples, please see draft-hares-i2rs-protocol-strawman for
>> potential yang syntax).
> [Andy]: We do have config true/false this implies writable/not-writable. I
> find the idea strange that a data model defines secure/non-secure
> transport as a property of an data model definition since it usually
> depends on the deployment context whether it is acceptable to carry
> data over a non-secure transport.
Sue: You are correct that config true/false implies that writable/non-writeable.
Sue: On Secure/non-secure: The data model defines information that must be passed over secure or non-secure transport. The type of transport is left to the protocol.
>This is a very expensive feature wrt/ standards resources.
> First the WG has to agree that all the subtree data is OK to send in the clear under all circumstances. (Including augmenting nodes?)
> Then this needs to be carefully reviewed by the SECDIR and IESG.
> Both steps will require lots of IETF time.
Sue: Agreed. However, the WG set this in its architecture and its initial requirements.
> I agree that operators need to have the final say.
Sue: Ok, then we should design it and see if the operators use it.
>This extension is the opposite of the nacm:default-deny-all extension.
>But it is designed to allow operators to configure access through NACM.
>How does an operator override the extension?
>And if the operator can override, why is an extension even needed?
>If not, then what criteria is used to decide the data is universally non-secure?
Sue: I do not see how this extension is the opposite of "nacm:default-deny-all" extension or relates to the operators access through NACM. The purpose is not to change who can connect, only what type of transport the messages go over.
>>Andy
Thanks for commenting.
Sue
=
[snip]
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Juergen Schoenwaelder
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Andy Bierman
- Re: [i2rs] I-D Action: draft-ietf-i2rs-ephemeral-… Susan Hares