Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Kent Watsen <kwatsen@juniper.net> Mon, 27 August 2018 17:22 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6CB6130DE8 for <netconf@ietfa.amsl.com>; Mon, 27 Aug 2018 10:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvzkGyZW_Yki for <netconf@ietfa.amsl.com>; Mon, 27 Aug 2018 10:22:12 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F898129C6A for <netconf@ietf.org>; Mon, 27 Aug 2018 10:22:12 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7RHKe6I007847; Mon, 27 Aug 2018 10:22:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=gEH8IaHbyRUiTbzKRMahsOLwT+O5WQxcjmztPfK5LzU=; b=Rf7hSb9fI71kvyK27UDf3zaZjVCiV9qSFlTR9bWe4A7OFRjLI8K3hrNH6Dg+bXz2Hf8W 1PBm0j41Enj8m1QCgvUInXSTU1ZrI9UJMH203iSUTlU+A9+bfHyRjMWfWG0Bg0Bbu9KK Wijezv1GzEWGiVXanIIkO1p/jFnjiESXV4j/DXdrYgaIGCHPVw1/NC0rFMqTh61lJ3Qu ptp96tR9XjfZxG4fq6Pp8TprWXmQfL15pyfz5UyySaqGyAnmh7vnMg0QqfJkzl87HLal /SLbWSIVE+wPJFPMgNYnd+W0E00NUgH2NzQ59Gth3GNF+xDsJZeJITR8cE3+q54vY+hN HA==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0022.outbound.protection.outlook.com [216.32.180.22]) by mx0b-00273201.pphosted.com with ESMTP id 2m4e1brwwq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 27 Aug 2018 10:22:11 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB3964.namprd05.prod.outlook.com (20.176.66.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.9; Mon, 27 Aug 2018 17:22:09 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d%3]) with mapi id 15.20.1101.007; Mon, 27 Aug 2018 17:22:09 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: David Mandelberg <david+work@mandelberg.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Thread-Index: AQHUOKo6B7yG1ZEWJ0K6wOs+4nCg0aTIogAAgAiPHoCAAm96AA==
Date: Mon, 27 Aug 2018 17:22:09 +0000
Message-ID: <6FF89601-E95F-4296-B6E5-80438DF03543@juniper.net>
References: <153478564565.23119.9766582310559048569@ietfa.amsl.com> <0DA47346-64BE-4FD1-888F-F0E47688C14F@juniper.net> <4be03677-70b8-98a2-49b3-1be4abd5da7e@mandelberg.org>
In-Reply-To: <4be03677-70b8-98a2-49b3-1be4abd5da7e@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [96.231.191.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB3964; 6:M9ER38JvXZLTY4y/TlfHfQzJl5HjMJXLPCALuLHjhPVk5yMp4lfBvPMS6nOsUjpNTP4FHEFu9QKqaImg4mlCjkYHGJ8yiCdbR5edPdwjrzZt77lGyETQFNiY42bw/LwRqWG96leOpMv41pY18+XpCPqy67DUgt10QQyGQ8GlAPyrEkipy3VnTGodZwmpgb/OiqzbLiToYW5rcyDLOQBfit8R/PTJ1sgoxh5Qu/V1HOFCXyI4FMW24uITUA6F0z3U3bBA48gNWSClB5Y/MfSogYjQVLkf+SRBetFTT9FuG2QyVF13VJgJar0XIia7+QU/6JuSrP36uz33C8vmOWuE/+RNsz1p8YDS5r+n1q8bL5Cs67kCcp7hLhIJlwOAFOMZZxKnTarcm6ZBguIAM3569uHN3rTD5+A+lyF2C8XWsA5FXmqDcbz4iB6R49+ZbGgUmNBFsNhBE/9PlY5Y5RZWIQ==; 5:BBacIOqd02c3Xgfu0oQLCv21akiPeL1DcEB5NWG3okqvtcEOkVGevx2TRUPUdpRxq8NVIq9YUZJuAbwOnn/focsJ4lLRegWz08VpCyIUSDQ5wMd0jwJFV6Mj86cFZx4whrqTT/W1izuzVZf2/fbP8+aazXiCrmBUtl/tYZVBdNY=; 7:TclkZX1ot63R+jzrwvW2IuYkflKjkbhSpFSeDG/HinPNqKWcF6U8C08nJ9aYIROiAteYD7HWL+2one7/zzpp2Mg1dvy9gMihUbb5jATsZSRuLDaNOqP7ICzRMbx204XkXIbbx6YAWBMlqSXC9MIrhkwreEEjeS5rWeNzfNy/F/ZjmveV+aypERODE6iRRsQMnI9alZ1sIv/NyHGnvrHF+a78NeubSBMUZZaDkTtd8KQ0Lr95znNbqXBI3ahQJDMX
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e73bb74c-0c39-4c7c-20da-08d60c419ebe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB3964;
x-ms-traffictypediagnostic: DM6PR05MB3964:
x-microsoft-antispam-prvs: <DM6PR05MB3964229FC073D2C9688E0355A50B0@DM6PR05MB3964.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(201708071742011)(7699016); SRVR:DM6PR05MB3964; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB3964;
x-forefront-prvs: 07778E4001
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(136003)(376002)(366004)(346002)(189003)(199004)(25786009)(6512007)(14454004)(186003)(486006)(8676002)(7736002)(3846002)(6246003)(6116002)(256004)(316002)(106356001)(14444005)(446003)(102836004)(26005)(11346002)(476003)(2616005)(33656002)(86362001)(6506007)(105586002)(5250100002)(478600001)(2900100001)(68736007)(305945005)(5660300001)(2906002)(110136005)(58126008)(97736004)(2501003)(81156014)(81166006)(8936002)(53936002)(6486002)(6436002)(66066001)(82746002)(83716003)(229853002)(36756003)(76176011)(99286004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB3964; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Yf4080qQXxiYZmNuVybyON6uCaM6WgjML/peE2Jbb8AMq9j09wAGKyJZuSkQiyubZaUB6xGfAQCyuWBz8yUasjEpG+MXa+wXH9lKYG6pI/N6SGkREPqVMGUgTiI0IvBtdwWCk47HkCdIDAI2wjZBkTtYhP9XMG6RSh/r6uNj/3WqRAbUs5zcLww/7yGoHxEUh0PgJmWZZPh/r7F/srhdICY707Y5T2YMRwxb+/fSVN5PxfV/aYbv9sNCT3v/eUyeHeTnbIvtVfuq6VR9+HXePbgk71wyO5xMGT+HaLNG9S7kG2Qhsh1NL3fSEDqR8OndP/xH6wtZWx6AtCIhcrgc62YrZrSlCzzaRS19OqHhbmw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <13899733F1BC484889C5930244B98176@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: e73bb74c-0c39-4c7c-20da-08d60c419ebe
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Aug 2018 17:22:09.4076 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB3964
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-27_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808270182
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/3uyZr4dxao_ezfn2LCPcLteux1E>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2018 17:22:15 -0000
Hi David, > Thanks again for addressing all my -22 review comments. No problem. The document is better for it! > Section 5.6: "Hinder[ing] the ability for the device to continue the > bootstrapping sequence" was only part of why I asked about the error > cases. The other part is that I think there's a security risk in leaving > bootstrapping enabled after the device is partially/mostly configured, > since bootstrapping opens the possibility for various parties to change > the configuration. Is there a reason not to require devices to fully > rollback the configuration if there's an error after it's applied? Why do you think the document allows this? The beginning of s5.6 says: Some state MAY be retained from the bootstrapping process (e.g., updated boot image, logs, remnants from a script, etc.), however, the retained state MUST NOT hinder the ability for the device to continue the bootstrapping sequence (i.e., process onboarding information from another bootstrap server). Are you thinking that the MAY needs to be a MUST NOT? This text (s5.6) used to be much more explicit but need to undo the configuration (I think I sent you that version), but others felt that it was too proscriptive and, as the Implementation Notes section (at the very end of 5.6) says, the device may have other ways to reset itself (e.g., relaunch a VM). Thoughts? > (nit) Section 9.8: "For best security, it is RECOMMENDED that owners > only provide signed data, for use with any source of bootstrapping > data". Using signed data all the time is fine, but I don't think > unencrypted signed data provides any additional security when using a > trusted bootstrap server, since that server can always remove the > signature and serve the same data unsigned. Changed to: For best security, it is RECOMMENDED that owners only provide bootstrapping data that has been signed, using a private key that is not accessible to a network of questionable integrity, and encrypted, using the device's public key from its secure device identity certificate. (nit) Section 9.11: "potential cause problems" should be "potential to cause problems". Fixed. Kent // author
- [Netconf] I-D Action: draft-ietf-netconf-zerotouc… internet-drafts
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg