Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Kent Watsen <kwatsen@juniper.net> Mon, 20 August 2018 17:28 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B40F130E43 for <netconf@ietfa.amsl.com>; Mon, 20 Aug 2018 10:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LO_9XrC8Xxxy for <netconf@ietfa.amsl.com>; Mon, 20 Aug 2018 10:28:26 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B2CB130DC1 for <netconf@ietf.org>; Mon, 20 Aug 2018 10:28:26 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7KHOBE3027874; Mon, 20 Aug 2018 10:28:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=H+rbA07NebPtEzwyO2q282Hi3HNFkhYnv6TL9RRTS1M=; b=Uqlqj5xRoURGgvnESeElLDI9XrvlZD05MwFfqOY0MFadZ8Fo8oUOqr5IJjtuVA8RsmtB Ni15V9QB7uQD6VQIwoNRLqI090ELx+ynDrGG3m6+ABL4/cwnaeusW4721FeiryOzbmjF f6Q8knQYtDU0a+D7jodj4ZpvCPxA8y1H6vd7WPLN31veCHvSu3/hG4QBA2e7IfhEQOLC SJ22f27peDI91+QyC+rON7wI6A67PH5TFRYsT2JJDIOlP7GyeUPZXqmSrOhanaETvs+j tVgd90ZFVeaXVe7l7vEhax4aBEpOXJuq5XIsEaV+GeobiWmQHuHQzmxKUEir4/hpEonM Wg==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp0181.outbound.protection.outlook.com [216.32.181.181]) by mx0a-00273201.pphosted.com with ESMTP id 2m01fp02tv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 20 Aug 2018 10:28:24 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4603.namprd05.prod.outlook.com (20.176.109.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.19; Mon, 20 Aug 2018 17:28:23 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::14ab:9da7:be4a:fbaf]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::14ab:9da7:be4a:fbaf%4]) with mapi id 15.20.1080.010; Mon, 20 Aug 2018 17:28:23 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
CC: Andy Bierman <andy@yumaworks.com>, Martin Thomson <martin.thomson@gmail.com>, David Mandelberg <david+work@mandelberg.org>
Thread-Topic: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Thread-Index: AQHUOKo6B7yG1ZEWJ0K6wOs+4nCg0aTIogAA
Date: Mon, 20 Aug 2018 17:28:23 +0000
Message-ID: <0DA47346-64BE-4FD1-888F-F0E47688C14F@juniper.net>
References: <153478564565.23119.9766582310559048569@ietfa.amsl.com>
In-Reply-To: <153478564565.23119.9766582310559048569@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4603; 6:/1DuzRJ9JAVHO94qNKQZEo89joTZs1h7RuA1pImmLx5elos28pZZUag/x5t0s9KVIHZxziyqw5Cz7jUhufECzXM07PRwtGRSHT8zl0C+v5QK+ZlOew4KbJH4GJuE0+6DwDZ7v8n/i2XCsOcKMrTXOEY5Gqn01n5sfbTwmgRTHyw90MFQusbiB+UQbePUGmVnuVlCd0KIkrCfLtpNeirWWiyJt0FjD7Zk4tPJs4UKPayeDTjuar9OET3mHSIQS7XEXOV7sOC0MGETv/Y1N16e+x5sD2zuNGPJ9kk/l9m5Xr9w9S6LDgBI674V0a+sHBRH9/wCrsLTZZTBZFtIjOuXPJbo6dd7QZY2poWbTYTWyW5Gcyzfp3oeu6zkerwAt4hjUYzIzIsq7ySEAdf5GxUgzDwvsWwzBusWlw+K50Zv+hB7t/ZGK9cSdB1Ful3ZKyCQVQLDwuUhkcPWKNl+7kDgvg==; 5:s9PgYFZnX26TV4GEROQpw33+/i/fI1C6MPtL7VrEscOoM6qu+sOo8DstaC+29u5OmHSUqh84zvM9fVL7DS5c7ghiIskuuFVaiTj70vjPlZVXck7eGCqiO8jSIDgh01GLt3RcxfhHBLqYHlevNaGhkef0ZXrMHYsdWdcjjZZY+cY=; 7:RzmdFzlf+HtqjtUXFRDIRrs/Vr+X+e07H/DpEGq8cralNBlZKDJXJ7NHwSXi1grOWv37mJI0AH8MO3M9PyH2uTYJik8VNjhCAr5lmzg6iS/X/MLHthbZzXTjENhIPQs3v0a97aVj8mMtkeqCtAXFcvcj8MPtJelGbAyrvmEQ3VbOcSmnZc1EfDAoX0sPWb85zhjn1VHB6DGMFyhB2p7lE5f26afixgrHBOxQx/JZCpPGywusSyp5/w7ggWwmqX28
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7eb8c2fc-db75-46f3-77b7-08d606c2549b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(5600074)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4603;
x-ms-traffictypediagnostic: DM6PR05MB4603:
x-microsoft-antispam-prvs: <DM6PR05MB46033D600197FB0343A8B0D0A5320@DM6PR05MB4603.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231311)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699016); SRVR:DM6PR05MB4603; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4603;
x-forefront-prvs: 0770F75EA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(136003)(39860400002)(366004)(189003)(199004)(8936002)(2900100001)(6506007)(26005)(5660300001)(76176011)(82746002)(106356001)(1730700003)(81166006)(81156014)(6916009)(68736007)(305945005)(36756003)(2501003)(25786009)(14454004)(186003)(102836004)(86362001)(575784001)(7736002)(8676002)(2906002)(58126008)(14444005)(3846002)(6116002)(54906003)(2351001)(256004)(316002)(83716003)(5250100002)(99286004)(2616005)(11346002)(478600001)(4326008)(6246003)(446003)(486006)(53936002)(33656002)(476003)(39060400002)(105586002)(5640700003)(6486002)(966005)(6512007)(6306002)(66066001)(97736004)(6436002)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4603; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: JHYdZcR0D+5H/NGjsNT/I1MFS+0DmRrgzg5k/OI+47MuIi/mUwOCyQWWJsE0PvRRxkU9geDd0LdKH/CuIrY4XZoOrUE5Onv+qfjzaYNuaFVP6zuLdV/eMnp+QRDBfexMHcrkAgtyVKaIaICSUAsEeqwr9b3pHpzRk9Vl0uk4udoSTn2pUE5qax3fNY4kMDxnHPRFEKJsIilS+zSdqgugo1lbFcPT7e/zFTkEkDX7Vvs9fpnEylnKztqKLi9BtGB1Tt/ROiKpKdjd+XizZiEUgGzCmMYuu4XHJq7e/n+Qz9C5Qr4HtteccvkP1H8QO1TRhENMATRdvx3GmNw8oV6zhMB3Nv+P2PiLEUnxKu0zlCw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <4B80E318C219434D8C7504B779A351A8@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7eb8c2fc-db75-46f3-77b7-08d606c2549b
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2018 17:28:23.2088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4603
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-20_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808200181
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/7QxjiK6lgv51ADlf6nRdLIqo-ko>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 17:28:29 -0000
All, This update addresses the issues I raised over the course of the last couple weeks. Please review and provide comments. - Andy, it's not specific in some ways, and yet specific in others. - Martin, I created an "Implementation Notes" section. - David (SecDir), please review the final diffs, especially Section 5.6 and the Security Considerations sections. - Mahesh (Shepherd), let's give the WG at least a week to review before pressing the button to publish it to the IESG. Thanks, Kent ===== original message ===== A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : Zero Touch Provisioning for Networking Devices Authors : Kent Watsen Mikael Abrahamsson Ian Farrer Filename : draft-ietf-netconf-zerotouch-23.txt Pages : 87 Date : 2018-08-20 Abstract: This draft presents a technique to securely provision a networking device when it is booting in a factory-default state. Variations in the solution enables it to be used on both public and private networks. The provisioning steps are able to update the boot image, commit an initial configuration, and execute arbitrary scripts to address auxiliary needs. The updated device is subsequently able to establish secure connections with other systems. For instance, a device may establish NETCONF (RFC 6241) and/or RESTCONF (RFC 8040) connections with deployment-specific network management systems. The IETF datatracker status page for this draft is: https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dnetconf-2Dzerotouch_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=ZN34jylWdiYshyDY0U03sNAez1BLE6do097NTHbOq_Y&e= There are also htmlized versions available at: https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=qpRyKDmimUFa8CwHS3gpr0s4mI2VIpjiMBUL7PaqY8s&e= https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=x0FGfhTf4hmbqRIXAgEqG1XJadCGXa4TFJh4UipvOKg&e= A diff from the previous version is available at: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=p9_0mbhtuas_-0rXnxG3ahyEmbqIqGm-sb0x-QMpFD4&e= Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=vvu4mqjqq_gVoZTzUp17Ho_G9R0gyITDBL1ePW6Y5U8&e= _______________________________________________ Netconf mailing list Netconf@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netconf&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=WVxGo03FpNU0wfJwGh5jzY6uQETL8buqPNMPL68zj3o&e=
- [Netconf] I-D Action: draft-ietf-netconf-zerotouc… internet-drafts
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… Kent Watsen
- Re: [Netconf] I-D Action: draft-ietf-netconf-zero… David Mandelberg