IETF Logo Mail Archive

Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

Balázs Lengyel <balazs.lengyel@ericsson.com> Mon, 30 September 2019 09:21 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91FF5120046 for <netconf@ietfa.amsl.com>; Mon, 30 Sep 2019 02:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfhMnqDr0uTs for <netconf@ietfa.amsl.com>; Mon, 30 Sep 2019 02:21:03 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0631.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA69B12000F for <netconf@ietf.org>; Mon, 30 Sep 2019 02:21:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RKmm9xf+BgK3jNqpuAg1XKeYVUnXttssSUMv5tIAiem97y4IWxkOwUDUUcFXOXk5wKtGL5EPMSFxvXh/f9vRRI2ALCblGsKL5vWYicckef0N68EaONWSX9TtvamrXCyN+juYEWAJMLXpvQkYj/ZHYeo6sWssNoWswIj01cDj/ZNu34SJqAoMDXqLf7GFN35oGGBQXsOUA5TUJBs/03N9mPt7Rb/O+lwKhog9SMpwr8gnnz+UMfdQxP6h8oOOYR++ik861dswnRx/iX/3KXcH+sN3wz1/CPOgw1M34Kin0K5T3AMdaCAIIIOV4aXlgSOy9oJrQmbwC/lU5ChP8Q1I6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/LstRlnaUEPC0ZlRCdNr0Vn6ZgZ5G/AhT/xFpP+svnA=; b=T4j1sP+d5bRIUbLhm53Qgq8NENwF+CMnnVqVT/OOacPmX+yxbeI3s4Msapx+Y/H0xZUU3J8tbjHMkSlcgdUP/m8NPo2H/zKZs3LBgySVn+iWxFbdzpy/7zPLk+d4Ps99shaslRuPVJ6JlBtFuTMhVey+F1K9KPwNXICh1dXLtAbtHJu5p1S5zuZYRzE/XKCvPP45M3ktve/GQjEJFWMt5/sMzLD1lY0mlGIr1YDev/HDCscnG/bQMMlTfm5+EYY353SfBqJ2W9p0tOcjQBu3rZio85P8yYXaxNfZIMMAI9sI/R7rpW80IJBKaJgrPvwPsUKf0vKGhh6HURqyVzwMFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/LstRlnaUEPC0ZlRCdNr0Vn6ZgZ5G/AhT/xFpP+svnA=; b=KtoJ6KE7xLy9yh9pc9qSn8PHngyLs4IyQlOemtsLJaND/G+D4aAz0cmHhYthC/bkXXdJ6Xv0g6xqFuWP0uqvxLtAkTvwD2PYqw7p+9Pqeo/qguEmKXAeshQTi6bwJCLeftCYxePj3l1duhm9IPWKJcP+0nowZ0+97PXmxjhcg4Q=
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2591.eurprd07.prod.outlook.com (10.173.85.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Mon, 30 Sep 2019 09:21:00 +0000
Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f%7]) with mapi id 15.20.2305.017; Mon, 30 Sep 2019 09:20:59 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: "Eric Voit (evoit)" <evoit@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Alexander Clemm <ludwig@clemm.org>, "Benoit Claise (bclaise)" <bclaise@cisco.com>
CC: Netconf <netconf@ietf.org>
Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAA5KYCAA/LsEIAAqhsAgAP1+uA=
Date: Mon, 30 Sep 2019 09:20:59 +0000
Message-ID: <VI1PR0701MB228602575125FC02EF920CDFF0820@VI1PR0701MB2286.eurprd07.prod.outlook.com>
References: <D3B39347-DFB7-4BEE-8B22-0EE07AEB1F5A@gmail.com> <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <BN7PR11MB262749DCC86F32F725D1C67AA1840@BN7PR11MB2627.namprd11.prod.outlook.com> <VI1PR0701MB22864F116F517E960EC32A0AF0810@VI1PR0701MB2286.eurprd07.prod.outlook.com> <BN7PR11MB262715BE5A88B587E409D3CFA1810@BN7PR11MB2627.namprd11.prod.outlook.com>
In-Reply-To: <BN7PR11MB262715BE5A88B587E409D3CFA1810@BN7PR11MB2627.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3f0a8561-8886-4950-e6bf-08d7458781ec
x-ms-traffictypediagnostic: VI1PR0701MB2591:
x-microsoft-antispam-prvs: <VI1PR0701MB25910C7F5BBBFBD8D47E9C55F0820@VI1PR0701MB2591.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 01762B0D64
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(136003)(396003)(366004)(39860400002)(51914003)(189003)(199004)(6306002)(99286004)(25786009)(86362001)(99936001)(76176011)(26005)(186003)(102836004)(71200400001)(71190400001)(7696005)(6436002)(316002)(11346002)(85182001)(229853002)(4326008)(7110500001)(53546011)(110136005)(6506007)(476003)(66066001)(5660300002)(606006)(9326002)(81156014)(446003)(236005)(486006)(478600001)(6246003)(85202003)(76116006)(3846002)(15650500001)(2420400007)(256004)(64756008)(66616009)(14444005)(66574012)(790700001)(7736002)(8676002)(66446008)(52536014)(6116002)(66946007)(81166006)(8936002)(33656002)(54896002)(14454004)(66556008)(55016002)(66476007)(74316002)(2906002)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2591; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 33WQe4pTQsx0Fw5WQp9gd8LkR9b/J8F/aVmCxMT0Z3n3ATG8qt9cLG4ADOYRYa8dzMpoub/zomXI4iu2pI0Wv8VPB1dVyQfs+EcAUYzf+wu7gmkC2sHGD5r8hi0WcxFfc6U/aMrrvX+xfOKQy2xQDybOzP0tiKzL8qjObknuPfHK4vp8vye2GkSx48ZiHByFM8WZV0D9WJLgo91ivFk8mrhCX/k7HlpHQCDbDXSy/5GGX5Tz4Qu1PgZcZ0LZsK07pSjKgpiSDX4GuTzrtbXX1olopcDeLwFa7Hq1ytAm5Cqq4OUpvmFgSIopbykZB9WxxdVJE/JM6Pk5d7k+UTnjB3TCK0ANlmTvHSHIpsqOjRG32A33DHJRNsvZnvjwu154jAq4PU8PmcQrfmYnrVyNLWe/xV4eSQoZyboLuRfXGhg=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_052A_01D57781.167328B0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f0a8561-8886-4950-e6bf-08d7458781ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2019 09:20:59.6973 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PK6yDTpg6LJteAGir3kcs7J81sSULT8wkF0u1pZ+WmF4H1b7i9rJjJl8jUConT3lTHnWP7Gv8x+hH2rg9061FKp6C91AeeljvNMTw9ccSTQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2591
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/-UoYQNnvYJmWZ_YcBootNZAdNic>
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 09:21:09 -0000

Hello,

Here is a preliminary next version (not submitted yet). See also below.

Regards Balazs

 

From: Eric Voit (evoit) <evoit@cisco.com> 
Sent: 2019. szeptember 27., péntek 21:42
To: Balázs Lengyel <balazs.lengyel@ericsson.com>; Mahesh Jethanandani <mjethanandani@gmail.com>; Alexander Clemm <ludwig@clemm.org>; Benoit Claise (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

Hi Balazs,

 

Some more thoughts in-line.   I cut out those I think closed.

 

From: Balázs Lengyel <balazs.lengyel@ericsson.com <mailto:balazs.lengyel@ericsson.com> > 
Sent: Friday, September 27, 2019 8:48 AM
To: Eric Voit (evoit) <evoit@cisco.com <mailto:evoit@cisco.com> >; Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> >; Alexander Clemm <ludwig@clemm.org <mailto:ludwig@clemm.org> >; Benoit Claise (bclaise) <bclaise@cisco.com <mailto:bclaise@cisco.com> >
Cc: Netconf <netconf@ietf.org <mailto:netconf@ietf.org> >
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

Thanks for the comments. See answers below. 

I hope the group will be ok with using the term publisher instead of server. IMHO it is clearer as the client server relationship can be reversed e.g. for https notification transport.

Balazs

 

From: Eric Voit (evoit) <evoit@cisco.com <mailto:evoit@cisco.com> > 
Sent: 2019. szeptember 24., kedd 23:15
To: Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> >; Balázs Lengyel <balazs.lengyel@ericsson.com <mailto:balazs.lengyel@ericsson.com> >; Alexander Clemm <ludwig@clemm.org <mailto:ludwig@clemm.org> >; Benoit Claise (bclaise) <bclaise@cisco.com <mailto:bclaise@cisco.com> >
Cc: Netconf <netconf@ietf.org <mailto:netconf@ietf.org> >
Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

Here are some comments...

 

On-change Notification Capability: Is this different from support for RFC-8641 feature "on-change"?  If they are the same, it might be possible to remove the term.  Especially as this term is used inconsistently.

BALAZS: In RFC 8641 on-change is not defined as a capability. It is used for many more things (e.g. On-change subscription,  trigger condition, type of push updates, a feature.) In this draft the on change capability is just the servers capability to send on-change notification globally, for a specific datastore or a specific data node. Description will be reworded.

<Eric> It will be good to see the reword.   I still am not clear how this different from the RFC-8641 feature "on-change", along with this feature being associated with specific nodes.  

BALAZS2: 

On-change Notification Capability: The capability of the server to

   send on-change notifications for a specific datastore or a specific

   data node.

 

 

Section 3

 

Paragraph 2, bullet 2: Instead of  "amount of notifications the server can send out", do you mean "the minimum periodicity of updates which a server can send out for an object"

BALAZS: That too, but also the max-objects-per-update. I was told not to repeat information in the main text and in the YANG module, so I tried to find a wording that covers both. Also  its not always the minimum times. Some servers support  a specific set of times, not a anything over a minimum.

<Eric> Ok, so this bullet is a bucket of various types of information.  Which is fine with me.

 

 

Paragraph 2, bullets 3 & 4: I don't think these should be indented as bullets are they are more about proper behavior of a correctly populated model.

BALAZS: I don’t really understand this comment.  Please explain.

<Eric> Looking at the text, bullets 3 is written to say how capabilities value can be set (i.e., how) rather than that they can be set for different levels (i.e., what).  Getting consistency so that the bullets are all 'how' or all 'what' items would help readability.  

BALAZS2: OK, I get it. You are right, to be corrected.

 

 

Paragraph 3, bullets 2: why isn't SHALL instead MUST?   Also, shouldn't this point out that both NETCONF and RESTCONF MUST be supported if on-change is advertised, and this draft is supported?

BALAZS: As I understand RFC 2119 MUST and SHALL both mean the same, but I will change to MUST. No I do not want to mandate implementing both Netconf AND Restconf. IMO a server with just Netconf would work just fine; or maybe I misunderstand your comment?

<Eric> The second part of my comment was about ensuring that IF this model was available, and the publisher supports both RFC-8640 & draft-ietf-netconf-restconf-notif, then this specification MUST be able to push changes over both NETCONF and RESTCONF.    Thinking more, this is actually a generic question which is likely already answered: how do you know which models are supported for which transports.   As advertisement is by transport, I withdraw this question.  

BALAZS2: Some implementations have a yang extension statement to specify whether  a model is visible on specific interfaces

 

Section 4

 

I suspect that you will need to do a security analysis per YANG object.   This has been done the other YANG push family.

BALAZS: The full module is readOnly and not sensitive or private in any manner.  The security text for the readOnly parts of YangPush is the exact same text: not very informative, but gives you the illusion of security awareness.

<Eric> You can ignore my comment.  In doing RFC-8639, I needed to put in read/write analysis for each object.  And this did sometime include the risks of internally setting values which were read-only from the model.  Perhaps this will not be required during later draft reviews in the publication process.

 

I suspect that manipulating the reporting intervals could have some security implications.   E.g., a hacker could push up the damping period or periodic interval to a level where the information they are changing then becomes invisible to a monitoring system.

BALAZS: The full YAM is read-only so manipulating the data is not a concern.

<Eric> Per my previous point, if the IETF process says you don't need to highlight such possibilities, then I am good.

BALAZS2:

In rfc8639 the text says for readOnly data nodes something like: 

If access control is not properly configured, can expose

      system internals to those who should not have access to this

      information.

That is true for any bit of data, so I do not understand what information does it add. It does not hurt, so I will add the same sentence to my draft.

 

If you have something else in mind please describe the attack method that I should mention.

</Eric>

 

Thanks, 

Eric 

 

 

From: netconf <netconf-bounces@ietf.org <mailto:netconf-bounces@ietf.org> > On Behalf Of Mahesh Jethanandani
Sent: Tuesday, September 24, 2019 1:50 PM
To: Netconf <netconf@ietf.org <mailto:netconf@ietf.org> >
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

 

We were supposed to have closed on the WGLC today. However, between the document becoming a WG item and it going into LC, we have not received too many comments on the draft. As such, we are extending the LC by another week. Please review the draft and provide any comments you might have.

 

Mahesh & Kent (as co-chairs)

 

 

On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com> > wrote:

 

Authors have published -04 <https://tools.ietf.org/html/draft-ietf-netconf-notification-capabilities-04>  version of the draft, which addresses comments they received in IETF 105. If you provided comments please check to make sure your comments have been addressed. At this point, the authors believe that the document is ready for WGLC.

 

This therefore starts a two week LC, ending on September 24th. Please provide any technical comments you might have on the document. If you believe the document is not ready for LC, please state your reasons.

 

We will issue a IPR poll separately. 

 

Mahesh & Kent (as co-chairs)

v2.23.0 | Report a Bug | By Email