IETF Logo Mail Archive

Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt

Kent Watsen <kwatsen@juniper.net> Mon, 27 August 2018 17:22 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6CB6130DE8 for <netconf@ietfa.amsl.com>; Mon, 27 Aug 2018 10:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvzkGyZW_Yki for <netconf@ietfa.amsl.com>; Mon, 27 Aug 2018 10:22:12 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F898129C6A for <netconf@ietf.org>; Mon, 27 Aug 2018 10:22:12 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7RHKe6I007847; Mon, 27 Aug 2018 10:22:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=gEH8IaHbyRUiTbzKRMahsOLwT+O5WQxcjmztPfK5LzU=; b=Rf7hSb9fI71kvyK27UDf3zaZjVCiV9qSFlTR9bWe4A7OFRjLI8K3hrNH6Dg+bXz2Hf8W 1PBm0j41Enj8m1QCgvUInXSTU1ZrI9UJMH203iSUTlU+A9+bfHyRjMWfWG0Bg0Bbu9KK Wijezv1GzEWGiVXanIIkO1p/jFnjiESXV4j/DXdrYgaIGCHPVw1/NC0rFMqTh61lJ3Qu ptp96tR9XjfZxG4fq6Pp8TprWXmQfL15pyfz5UyySaqGyAnmh7vnMg0QqfJkzl87HLal /SLbWSIVE+wPJFPMgNYnd+W0E00NUgH2NzQ59Gth3GNF+xDsJZeJITR8cE3+q54vY+hN HA==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0022.outbound.protection.outlook.com [216.32.180.22]) by mx0b-00273201.pphosted.com with ESMTP id 2m4e1brwwq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 27 Aug 2018 10:22:11 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB3964.namprd05.prod.outlook.com (20.176.66.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.9; Mon, 27 Aug 2018 17:22:09 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d%3]) with mapi id 15.20.1101.007; Mon, 27 Aug 2018 17:22:09 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: David Mandelberg <david+work@mandelberg.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Thread-Index: AQHUOKo6B7yG1ZEWJ0K6wOs+4nCg0aTIogAAgAiPHoCAAm96AA==
Date: Mon, 27 Aug 2018 17:22:09 +0000
Message-ID: <6FF89601-E95F-4296-B6E5-80438DF03543@juniper.net>
References: <153478564565.23119.9766582310559048569@ietfa.amsl.com> <0DA47346-64BE-4FD1-888F-F0E47688C14F@juniper.net> <4be03677-70b8-98a2-49b3-1be4abd5da7e@mandelberg.org>
In-Reply-To: <4be03677-70b8-98a2-49b3-1be4abd5da7e@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [96.231.191.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB3964; 6:M9ER38JvXZLTY4y/TlfHfQzJl5HjMJXLPCALuLHjhPVk5yMp4lfBvPMS6nOsUjpNTP4FHEFu9QKqaImg4mlCjkYHGJ8yiCdbR5edPdwjrzZt77lGyETQFNiY42bw/LwRqWG96leOpMv41pY18+XpCPqy67DUgt10QQyGQ8GlAPyrEkipy3VnTGodZwmpgb/OiqzbLiToYW5rcyDLOQBfit8R/PTJ1sgoxh5Qu/V1HOFCXyI4FMW24uITUA6F0z3U3bBA48gNWSClB5Y/MfSogYjQVLkf+SRBetFTT9FuG2QyVF13VJgJar0XIia7+QU/6JuSrP36uz33C8vmOWuE/+RNsz1p8YDS5r+n1q8bL5Cs67kCcp7hLhIJlwOAFOMZZxKnTarcm6ZBguIAM3569uHN3rTD5+A+lyF2C8XWsA5FXmqDcbz4iB6R49+ZbGgUmNBFsNhBE/9PlY5Y5RZWIQ==; 5:BBacIOqd02c3Xgfu0oQLCv21akiPeL1DcEB5NWG3okqvtcEOkVGevx2TRUPUdpRxq8NVIq9YUZJuAbwOnn/focsJ4lLRegWz08VpCyIUSDQ5wMd0jwJFV6Mj86cFZx4whrqTT/W1izuzVZf2/fbP8+aazXiCrmBUtl/tYZVBdNY=; 7:TclkZX1ot63R+jzrwvW2IuYkflKjkbhSpFSeDG/HinPNqKWcF6U8C08nJ9aYIROiAteYD7HWL+2one7/zzpp2Mg1dvy9gMihUbb5jATsZSRuLDaNOqP7ICzRMbx204XkXIbbx6YAWBMlqSXC9MIrhkwreEEjeS5rWeNzfNy/F/ZjmveV+aypERODE6iRRsQMnI9alZ1sIv/NyHGnvrHF+a78NeubSBMUZZaDkTtd8KQ0Lr95znNbqXBI3ahQJDMX
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e73bb74c-0c39-4c7c-20da-08d60c419ebe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB3964;
x-ms-traffictypediagnostic: DM6PR05MB3964:
x-microsoft-antispam-prvs: <DM6PR05MB3964229FC073D2C9688E0355A50B0@DM6PR05MB3964.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(201708071742011)(7699016); SRVR:DM6PR05MB3964; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB3964;
x-forefront-prvs: 07778E4001
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(136003)(376002)(366004)(346002)(189003)(199004)(25786009)(6512007)(14454004)(186003)(486006)(8676002)(7736002)(3846002)(6246003)(6116002)(256004)(316002)(106356001)(14444005)(446003)(102836004)(26005)(11346002)(476003)(2616005)(33656002)(86362001)(6506007)(105586002)(5250100002)(478600001)(2900100001)(68736007)(305945005)(5660300001)(2906002)(110136005)(58126008)(97736004)(2501003)(81156014)(81166006)(8936002)(53936002)(6486002)(6436002)(66066001)(82746002)(83716003)(229853002)(36756003)(76176011)(99286004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB3964; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Yf4080qQXxiYZmNuVybyON6uCaM6WgjML/peE2Jbb8AMq9j09wAGKyJZuSkQiyubZaUB6xGfAQCyuWBz8yUasjEpG+MXa+wXH9lKYG6pI/N6SGkREPqVMGUgTiI0IvBtdwWCk47HkCdIDAI2wjZBkTtYhP9XMG6RSh/r6uNj/3WqRAbUs5zcLww/7yGoHxEUh0PgJmWZZPh/r7F/srhdICY707Y5T2YMRwxb+/fSVN5PxfV/aYbv9sNCT3v/eUyeHeTnbIvtVfuq6VR9+HXePbgk71wyO5xMGT+HaLNG9S7kG2Qhsh1NL3fSEDqR8OndP/xH6wtZWx6AtCIhcrgc62YrZrSlCzzaRS19OqHhbmw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <13899733F1BC484889C5930244B98176@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: e73bb74c-0c39-4c7c-20da-08d60c419ebe
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Aug 2018 17:22:09.4076 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB3964
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-27_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808270182
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/3uyZr4dxao_ezfn2LCPcLteux1E>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2018 17:22:15 -0000

Hi David,


> Thanks again for addressing all my -22 review comments. 

No problem.  The document is better for it!


> Section 5.6: "Hinder[ing] the ability for the device to continue the 
> bootstrapping sequence" was only part of why I asked about the error 
> cases. The other part is that I think there's a security risk in leaving 
> bootstrapping enabled after the device is partially/mostly configured, 
> since bootstrapping opens the possibility for various parties to change 
> the configuration. Is there a reason not to require devices to fully 
> rollback the configuration if there's an error after it's applied?

Why do you think the document allows this?  The beginning of s5.6 says:

   Some state MAY be retained from the bootstrapping process (e.g., updated boot
   image, logs, remnants from a script, etc.), however, the retained state MUST 
   NOT hinder the ability for the device to continue the bootstrapping sequence
   (i.e., process onboarding information from another bootstrap server).

Are you thinking that the MAY needs to be a MUST NOT?  This text (s5.6) used to
be much more explicit but need to undo the  configuration (I think I sent you 
that version), but others felt that it  was too proscriptive and, as the 
Implementation Notes section (at the very end of 5.6) says, the device may have
other ways to reset itself (e.g., relaunch a VM).  Thoughts?


> (nit) Section 9.8: "For best security, it is RECOMMENDED that owners 
> only provide signed data, for use with any source of bootstrapping 
> data". Using signed data all the time is fine, but I don't think 
> unencrypted signed data provides any additional security when using a 
> trusted bootstrap server, since that server can always remove the 
> signature and serve the same data unsigned.


Changed to:

     For best security, it is RECOMMENDED that owners only provide
     bootstrapping data that has been signed, using a private key that
     is not accessible to a network of questionable integrity, and
     encrypted, using the device's public key from its secure device
     identity certificate.



(nit) Section 9.11: "potential cause problems" should be "potential to 
cause problems".


Fixed.


Kent // author

v2.23.0 | Report a Bug | By Email