Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt

Kent Watsen <kwatsen@juniper.net> Mon, 20 August 2018 17:28 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B40F130E43 for <netconf@ietfa.amsl.com>; Mon, 20 Aug 2018 10:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LO_9XrC8Xxxy for <netconf@ietfa.amsl.com>; Mon, 20 Aug 2018 10:28:26 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B2CB130DC1 for <netconf@ietf.org>; Mon, 20 Aug 2018 10:28:26 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7KHOBE3027874; Mon, 20 Aug 2018 10:28:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=H+rbA07NebPtEzwyO2q282Hi3HNFkhYnv6TL9RRTS1M=; b=Uqlqj5xRoURGgvnESeElLDI9XrvlZD05MwFfqOY0MFadZ8Fo8oUOqr5IJjtuVA8RsmtB Ni15V9QB7uQD6VQIwoNRLqI090ELx+ynDrGG3m6+ABL4/cwnaeusW4721FeiryOzbmjF f6Q8knQYtDU0a+D7jodj4ZpvCPxA8y1H6vd7WPLN31veCHvSu3/hG4QBA2e7IfhEQOLC SJ22f27peDI91+QyC+rON7wI6A67PH5TFRYsT2JJDIOlP7GyeUPZXqmSrOhanaETvs+j tVgd90ZFVeaXVe7l7vEhax4aBEpOXJuq5XIsEaV+GeobiWmQHuHQzmxKUEir4/hpEonM Wg==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp0181.outbound.protection.outlook.com [216.32.181.181]) by mx0a-00273201.pphosted.com with ESMTP id 2m01fp02tv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 20 Aug 2018 10:28:24 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4603.namprd05.prod.outlook.com (20.176.109.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.19; Mon, 20 Aug 2018 17:28:23 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::14ab:9da7:be4a:fbaf]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::14ab:9da7:be4a:fbaf%4]) with mapi id 15.20.1080.010; Mon, 20 Aug 2018 17:28:23 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
CC: Andy Bierman <andy@yumaworks.com>, Martin Thomson <martin.thomson@gmail.com>, David Mandelberg <david+work@mandelberg.org>
Thread-Topic: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
Thread-Index: AQHUOKo6B7yG1ZEWJ0K6wOs+4nCg0aTIogAA
Date: Mon, 20 Aug 2018 17:28:23 +0000
Message-ID: <0DA47346-64BE-4FD1-888F-F0E47688C14F@juniper.net>
References: <153478564565.23119.9766582310559048569@ietfa.amsl.com>
In-Reply-To: <153478564565.23119.9766582310559048569@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4603; 6:/1DuzRJ9JAVHO94qNKQZEo89joTZs1h7RuA1pImmLx5elos28pZZUag/x5t0s9KVIHZxziyqw5Cz7jUhufECzXM07PRwtGRSHT8zl0C+v5QK+ZlOew4KbJH4GJuE0+6DwDZ7v8n/i2XCsOcKMrTXOEY5Gqn01n5sfbTwmgRTHyw90MFQusbiB+UQbePUGmVnuVlCd0KIkrCfLtpNeirWWiyJt0FjD7Zk4tPJs4UKPayeDTjuar9OET3mHSIQS7XEXOV7sOC0MGETv/Y1N16e+x5sD2zuNGPJ9kk/l9m5Xr9w9S6LDgBI674V0a+sHBRH9/wCrsLTZZTBZFtIjOuXPJbo6dd7QZY2poWbTYTWyW5Gcyzfp3oeu6zkerwAt4hjUYzIzIsq7ySEAdf5GxUgzDwvsWwzBusWlw+K50Zv+hB7t/ZGK9cSdB1Ful3ZKyCQVQLDwuUhkcPWKNl+7kDgvg==; 5:s9PgYFZnX26TV4GEROQpw33+/i/fI1C6MPtL7VrEscOoM6qu+sOo8DstaC+29u5OmHSUqh84zvM9fVL7DS5c7ghiIskuuFVaiTj70vjPlZVXck7eGCqiO8jSIDgh01GLt3RcxfhHBLqYHlevNaGhkef0ZXrMHYsdWdcjjZZY+cY=; 7:RzmdFzlf+HtqjtUXFRDIRrs/Vr+X+e07H/DpEGq8cralNBlZKDJXJ7NHwSXi1grOWv37mJI0AH8MO3M9PyH2uTYJik8VNjhCAr5lmzg6iS/X/MLHthbZzXTjENhIPQs3v0a97aVj8mMtkeqCtAXFcvcj8MPtJelGbAyrvmEQ3VbOcSmnZc1EfDAoX0sPWb85zhjn1VHB6DGMFyhB2p7lE5f26afixgrHBOxQx/JZCpPGywusSyp5/w7ggWwmqX28
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7eb8c2fc-db75-46f3-77b7-08d606c2549b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(5600074)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4603;
x-ms-traffictypediagnostic: DM6PR05MB4603:
x-microsoft-antispam-prvs: <DM6PR05MB46033D600197FB0343A8B0D0A5320@DM6PR05MB4603.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231311)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(201708071742011)(7699016); SRVR:DM6PR05MB4603; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4603;
x-forefront-prvs: 0770F75EA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(136003)(39860400002)(366004)(189003)(199004)(8936002)(2900100001)(6506007)(26005)(5660300001)(76176011)(82746002)(106356001)(1730700003)(81166006)(81156014)(6916009)(68736007)(305945005)(36756003)(2501003)(25786009)(14454004)(186003)(102836004)(86362001)(575784001)(7736002)(8676002)(2906002)(58126008)(14444005)(3846002)(6116002)(54906003)(2351001)(256004)(316002)(83716003)(5250100002)(99286004)(2616005)(11346002)(478600001)(4326008)(6246003)(446003)(486006)(53936002)(33656002)(476003)(39060400002)(105586002)(5640700003)(6486002)(966005)(6512007)(6306002)(66066001)(97736004)(6436002)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4603; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: JHYdZcR0D+5H/NGjsNT/I1MFS+0DmRrgzg5k/OI+47MuIi/mUwOCyQWWJsE0PvRRxkU9geDd0LdKH/CuIrY4XZoOrUE5Onv+qfjzaYNuaFVP6zuLdV/eMnp+QRDBfexMHcrkAgtyVKaIaICSUAsEeqwr9b3pHpzRk9Vl0uk4udoSTn2pUE5qax3fNY4kMDxnHPRFEKJsIilS+zSdqgugo1lbFcPT7e/zFTkEkDX7Vvs9fpnEylnKztqKLi9BtGB1Tt/ROiKpKdjd+XizZiEUgGzCmMYuu4XHJq7e/n+Qz9C5Qr4HtteccvkP1H8QO1TRhENMATRdvx3GmNw8oV6zhMB3Nv+P2PiLEUnxKu0zlCw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <4B80E318C219434D8C7504B779A351A8@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7eb8c2fc-db75-46f3-77b7-08d606c2549b
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2018 17:28:23.2088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4603
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-20_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808200181
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/7QxjiK6lgv51ADlf6nRdLIqo-ko>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 17:28:29 -0000

All,

This update addresses the issues I raised over the course of the 
last couple weeks.  Please review and provide comments.

 - Andy, it's not specific in some ways, and yet specific in others.

 - Martin, I created an "Implementation Notes" section.

 - David (SecDir), please review the final diffs, especially 
   Section 5.6 and the Security Considerations sections.

 - Mahesh (Shepherd), let's give the WG at least a week to 
   review before pressing the button to publish it to the IESG.

Thanks,
Kent

===== original message =====

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Network Configuration WG of the IETF.

        Title           : Zero Touch Provisioning for Networking Devices
        Authors         : Kent Watsen
                          Mikael Abrahamsson
                          Ian Farrer
	Filename        : draft-ietf-netconf-zerotouch-23.txt
	Pages           : 87
	Date            : 2018-08-20

Abstract:
   This draft presents a technique to securely provision a networking
   device when it is booting in a factory-default state.  Variations in
   the solution enables it to be used on both public and private
   networks.  The provisioning steps are able to update the boot image,
   commit an initial configuration, and execute arbitrary scripts to
   address auxiliary needs.  The updated device is subsequently able to
   establish secure connections with other systems.  For instance, a
   device may establish NETCONF (RFC 6241) and/or RESTCONF (RFC 8040)
   connections with deployment-specific network management systems.


The IETF datatracker status page for this draft is:
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dnetconf-2Dzerotouch_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=ZN34jylWdiYshyDY0U03sNAez1BLE6do097NTHbOq_Y&e=

There are also htmlized versions available at:
https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=qpRyKDmimUFa8CwHS3gpr0s4mI2VIpjiMBUL7PaqY8s&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=x0FGfhTf4hmbqRIXAgEqG1XJadCGXa4TFJh4UipvOKg&e=

A diff from the previous version is available at:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Dnetconf-2Dzerotouch-2D23&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=p9_0mbhtuas_-0rXnxG3ahyEmbqIqGm-sb0x-QMpFD4&e=


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=vvu4mqjqq_gVoZTzUp17Ho_G9R0gyITDBL1ePW6Y5U8&e=

_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netconf&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=2UxXuTOrRIwqY5KeQFa-UsLNNhjY8ucSI09-gqmCkoI&s=WVxGo03FpNU0wfJwGh5jzY6uQETL8buqPNMPL68zj3o&e=