Re: [netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)

"Reshad Rahman (rrahman)" <rrahman@cisco.com> Thu, 16 May 2019 16:47 UTC

Return-Path: <rrahman@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A59F1200DB; Thu, 16 May 2019 09:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VgepTYv7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Ifud9V0k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQmKzz_FE7vE; Thu, 16 May 2019 09:47:31 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD4DE1200B3; Thu, 16 May 2019 09:47:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22494; q=dns/txt; s=iport; t=1558025251; x=1559234851; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=12G+gFAtvPfENVGWVwdlZJFgh3atI41Nguv3dRVhTwM=; b=VgepTYv7RKwXx3sLIPn8uXDm41Xv7ve4e2SuHq2UsMuW/63ItKFQ52Ih 8oaZOzs26KWcm4dhqT/kLFR0goTTKRNY0cunygqKVa6LeFgN7a70KbRRl 0leKb0mDKY/iYrNv0kGtmTwWHWUzk6ASy9Xl5gdfrLqNPUVGKv1AYd6So g=;
IronPort-PHdr: =?us-ascii?q?9a23=3AN8LjZhZcOHqq3bvaGR2fD0L/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20gebRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavwdSU6Gc1EfFRk5Hq8d0NSHZW2ag=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DHAACfk91c/4ENJK1kDhABBgcGgVI?= =?us-ascii?q?ICwGBPSknA2lVIAQLKIQRg0cDjnWCV36WKIEuFIEQA1QJAQEBDAEBIwoCAQG?= =?us-ascii?q?EQAIXghcjNQgOAQMBAQQBAQIBBG0cDIVKAQEBAQIBEhERDAEBJQQHBwEPAgE?= =?us-ascii?q?IGAICCR0CAgIwFRACBA4FIoI1SwGBagMODwEOoGQCgTWIX3GBL4J5AQEFgTI?= =?us-ascii?q?BE0GCfRiCDwMGgQsoi1AXgUA/gREnH4FOSTU+gmECAQIBgUUCLSECglAygia?= =?us-ascii?q?LIwqCQIZvhgGNKwkCggmGKYQ9hDSDUxuCG4ZSjRyLfYYGgSeORgIEAgQFAg4?= =?us-ascii?q?BAQWBUQI0KYEVEQhwFTsqAYJBgg8MFxRtAQiCQoUUhQQ6AXIBgSiPJwEB?=
X-IronPort-AV: E=Sophos;i="5.60,477,1549929600"; d="scan'208";a="276806708"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 May 2019 16:47:22 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x4GGlMDO026000 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 16 May 2019 16:47:22 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 16 May 2019 11:47:21 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 16 May 2019 11:47:20 -0500
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 16 May 2019 12:47:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=12G+gFAtvPfENVGWVwdlZJFgh3atI41Nguv3dRVhTwM=; b=Ifud9V0komUKtQ8rA0pMxB99F2ytjNPI061h6zYxzjbz53ENT/Pls60vUyk2DAzKQT3RcwqJDBiPB/Wz2bHeOhmMhcgCb620D1XdBGuD9kV0O146iJYfNczYlsuKCkZVrmjXkqXPcN5z839fGY96+0f7/T56n8M1I7y56qHNI7w=
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com (10.174.104.151) by DM5PR1101MB2138.namprd11.prod.outlook.com (10.174.107.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Thu, 16 May 2019 16:47:19 +0000
Received: from DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::6ce2:350d:6bed:7dde]) by DM5PR1101MB2105.namprd11.prod.outlook.com ([fe80::6ce2:350d:6bed:7dde%2]) with mapi id 15.20.1900.010; Thu, 16 May 2019 16:47:19 +0000
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-netconf-restconf-notif@ietf.org" <draft-ietf-netconf-restconf-notif@ietf.org>, Kent Watsen <kent+ietf@watsen.net>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
Thread-Index: AQHVBRe+rV3duncRlUSQ6Gy9iRmrQ6ZkqNGAgAfPtACAAUg9AA==
Date: Thu, 16 May 2019 16:47:18 +0000
Message-ID: <3459B2F7-BACA-4E69-B952-1ED19B3F0BC4@cisco.com>
References: <155726272794.32635.6531627027808857417.idtracker@ietfa.amsl.com> <6F96C6CD-B0F1-44F2-A2BE-E2FD23B309CC@cisco.com> <20190515171219.GF14483@kduck.mit.edu>
In-Reply-To: <20190515171219.GF14483@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rrahman@cisco.com;
x-originating-ip: [2001:420:2840:1250:2421:2f0a:1dbc:638e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7e54071e-deae-4336-f84c-08d6da1e28fc
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM5PR1101MB2138;
x-ms-traffictypediagnostic: DM5PR1101MB2138:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DM5PR1101MB213836CDE804E3D3AB16C228AB0A0@DM5PR1101MB2138.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0039C6E5C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(366004)(39860400002)(346002)(396003)(51444003)(51914003)(189003)(199004)(446003)(36756003)(30864003)(53946003)(14444005)(11346002)(46003)(2616005)(229853002)(86362001)(53936002)(2906002)(6436002)(81156014)(81166006)(25786009)(8676002)(561944003)(256004)(33656002)(6916009)(83716004)(6306002)(6116002)(476003)(68736007)(486006)(5660300002)(71200400001)(82746002)(478600001)(71190400001)(66556008)(73956011)(99286004)(6486002)(966005)(66476007)(7736002)(102836004)(14454004)(4326008)(6246003)(186003)(2171002)(58126008)(316002)(6512007)(76116006)(53546011)(54906003)(305945005)(6506007)(66946007)(91956017)(8936002)(76176011)(64756008)(66446008); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1101MB2138; H:DM5PR1101MB2105.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: awXeIXPve/eLkcymanWOKOu73kc4R2HrO1LT9BpT0+S/2dAV5sTe12JpPw/nLfcXmTtPoFWnZ2UlOU8TGVh9AXAonqXjWmD0WyyE/O+sVx1/n9cYa3v1bDWgWRKFWKe1uSDvcxkv8FTF7CmBMQtgRoODIm2vLEeCcQIAIL54ZNJsiPEcczGz2U9YoNs+hIfdY0nEHLh3yle62tOy5Pb2y97GbsDpaLN9rBlb1Km2KysRGLC34WEAg+scXZyNvpCMiKvnWjHbgQc5f+ab12B78dSS+otkdx3+uuLZajauBHzt5nrPPP5Vv38qOEBjyxnocZH98lPRKFgAaL4uNQM40Y+XNRmKKMi1+Fd3t53nmOSCo6KGpTOoxn+ihxkdOFtZbpsaC3qTe7peisQl3wZ8VDFojzUQAwx0DmtXCjdAX4U=
Content-Type: text/plain; charset="utf-8"
Content-ID: <5F2A7CE27DE6A7419FB28C3DA97DC094@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e54071e-deae-4336-f84c-08d6da1e28fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2019 16:47:18.9504 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2138
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/7ui_nuBYSWxo1kHsbxCI_AxnZd8>
Subject: Re: [netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-restconf-notif-13: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 16:47:35 -0000

Hi,

Please see inline.

´╗┐On 2019-05-15, 1:15 PM, "Benjamin Kaduk" <kaduk@mit.edu>; wrote:

    On Fri, May 10, 2019 at 09:55:08PM +0000, Reshad Rahman (rrahman) wrote:
    > Hi,
    > 
    > Thanks for the review, please see inline.
    > 
    > On 2019-05-07, 4:59 PM, "Benjamin Kaduk via Datatracker" <noreply@ietf.org>; wrote:
    > 
    >     Benjamin Kaduk has entered the following ballot position for
    >     draft-ietf-netconf-restconf-notif-13: Discuss
    >         
    >     Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    >     for more information about IESG DISCUSS and COMMENT positions.
    >     
    >     
    >     The document, along with other ballot positions, can be found here:
    >     https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-notif/
    >     
    >     
    >     
    >     ----------------------------------------------------------------------
    >     DISCUSS:
    >     ----------------------------------------------------------------------
    >     
    >     Thanks for the well-written document!  I  just have some boring housecleaning
    >     points that should be easy to resolve.
    >     
    >     Section 3.2 states:
    >     
    >        Subscribers can learn what event streams a RESTCONF server supports
    >        by querying the "streams" container of ietf-subscribed-
    >        notification.yang in
    >        [I-D.draft-ietf-netconf-subscribed-notifications].  Support for the
    >        "streams" container of ietf-restconf-monitoring.yang in [RFC8040] is
    >        not required.  If it is supported, the event streams which are in the
    >        "streams" container of ietf-subscribed-notifications.yang SHOULD also
    >        be in the "streams" container of ietf-restconf-monitoring.yang.
    >     
    >     This "SHOULD" seems to be attempting to impose a normative requirement
    >     on specifications that implement
    >     draft-ietf-netconf-subscribed-notifications and RFC 8040 streams,
    >     without regard to whether they implement this specification.  It seems
    >     better-placed in draft-ietf-netconf-subscribed-notifications.
    > <RR> RFC8040 is the RESTCONF RFC and subscribed-notifications is not
    >   transport specific. Since this document is for RESTCONF, this is why we
    
    Ah, of course; I failed to internalize that RFC 8040 is RESTCONF-specific
    in my quick check of the reference.
    
    >   have added this statement in this document.
    
    So I agree that this document is the only reasonable place to convey this
    information, but the current presentation still feels rather odd to me.
    Just to check my understanding, the situation could be summarized as
    "[subscribed-notifications] defines a "streams" container, and 8040
    describes a different "streams" container, but if both containers are
    present/supported, then anything in the one from [subscribed-notifications]
    should also be visible in the one from 8040"?
    
    To me, this has a large component of "document A specifying the interaction
    of documents B and C", which normally would require an "Updates"
    relationship to either B or C (or, if B or C are not RFCs yet, just moving
    the text).  I understand that in this case things are somewhat different,
    as document A (i.e., this document) is specifying the transport scheme for
    document B (subscribed-notifications) using the protocol from document C.
    As such, anything that describes interactions about document B that are
    specific to when it is carried over document C must be in this document,
    but this specific matter feels less like something about how the protocol
    is encoded (i.e., the main focus of this document) and rather an
    interaction between protcol features.
    
    I don't have a great proposal for anything specific to change that would
    alleviate my concern, though (and as such I will stop holding this as a
    Discuss point), though I hope my colleagues on the IESG may have some
    additional thoughts.  The best thing I can come up with right now would be
    to say:
    
      In the case when the RESTCONF binding specified by this document is used
      to convey the "streams" container from ietf-restconf-monitoring.yang
      (i.e., that feature is supported), any event streams contained therein
      are also expected to be present in the "streams" container of
      ietf-restconf-monitoring.yang.
  <RR2> I'm ok with this text, will check with co-authors. 
  
    Feedback is welcome!
    
    >     Similarly, when Section 4 writes:
    >     
    >        To meet subscription quality of service promises, the publisher MUST
    >        take any existing subscription "dscp" and apply it to the DSCP
    >        marking in the IP header.
    >     
    >     that seems to be duplicating a normative requirement from the core
    >     subscribed-notifications document.  (And I'm sure Magnus will have
    >     further follow-up about how DSCP markings are per-connection for the
    >     stream transports we have available, as well.)
    > <RR> You are correct, this text can be removed.   I can replace it with a reference to the section in subscribed-notifications, would that work for you?
    
    That works for me; thanks.
    
    >     
    >     ----------------------------------------------------------------------
    >     COMMENT:
    >     ----------------------------------------------------------------------
    >     
    >     The core subscribed-notifications document notes that dynamic
    >     subscriptions only last as long as the underlying transport.  In this
    >     document, we have two connections in Figure 1, which could potentially
    >     be separate TCP/TLS connections (or HTTP/2 streams).  In the "two TCP
    >     connections" case, does terminating either one cause the cessation of
    >     the subscription, or just (b)?
    > <RR> There are no "long-lived RESTCONF sessions". Terminating (a) does not terminate the subscription.
    
    Okay.  This was not clear to me, a non-expert in the field, but if you
    think it's clear to the target audience I won't ask for any text changes
    to clarify.
<RR2> I'll mull it over, right now I'm leaning towards no additional text since understanding RESTCONF is needed.
    
    >     Section 2
    >     
    >     Please use the boilerplate from RFC 8174.
    > <RR> Ack, will do in next rev.
    >     
    >     Section 3
    >     
    >                                           YANG datastore subscription is
    >        accomplished via augmentations to
    >        [I-D.draft-ietf-netconf-subscribed-notifications] as described within
    >        [I-D.ietf-netconf-yang-push] Section 4.4.
    >     
    >     I see some reviewers commented that things were a bit terse/arcane; I
    >     might suggest that "via augmentations to [subscribed notifications]" is
    >     not really adding much here, and the yang-push RPCs are the important
    >     part.
    > <RR> The augmentation to subscribed-notifications is mentioned because it is needed for RESTCONF. Are you suggesting we change this to "...accomplished as described in  [I-D.ietf-netconf-yang-push] Section 4.4."?
    
    That's my suggestion, yes (but feel free to ignore it).
<RR2> I see value in keeping the augmentation to subscribed-notifications in the text, I'll discuss with co-authors.
    
    >     Section 3.1
    >     
    >                                                              Where quick
    >        recognition of the loss of a publisher is required, a subscriber
    >        SHOULD use a TLS heartbeat [RFC6520], just from receiver to
    >        publisher, to track HTTP session continuity.
    >     
    >     TLS heartbeats require initiation by the TLS client, by virtue of
    >     including the HeartbeatExtension in the ClientHello.  Who is going to be
    >     making the determination that quick recognition is required, and if
    >     that's the publisher, how does the subscriber know to use TLS
    >     heartbeats?
    > <RR> The subscriber is the one making that determination since this is to recognize the loss of the publisher.
    
    Okay.  I think that means all the technical pieces work together as needed,
    but there could perhaps be more precision in the text about the expected
    behavior.  (Note that this is a non-blocking comment, of course.)
<RR> I will (try to) clarify the text.
    
    >     nit: It's interesting that we seem to be using both "subscriber" and
    >     "receiver" to talk about the TLS client, in the same sentence.
    > <RR> Will change to subscriber.
    >     
    >     side note: per https://github.com/openssl/openssl/pull/1928, OpenSSL
    >     will not support TLS or DTLS heartbeats of any form in its next major
    >     release (3.0.0).
    >     
    >        Loss of the heartbeat MUST result in any subscription related TCP
    >        sessions between those endpoints being torn down.  A subscriber can
    >        then attempt to re-establish the dynamic subscription by using the
    >        procedure described in Section 3.
    >     
    >     RFC 6520 does not specify retransmit numbers or intervals to be used to
    >     determine that a peer is nonresponsive (i.e., "lost"), so this text
    >     seems under-specified.  Is the intent to leave these decisions to be
    >     implementation-specific?
    > <RR> Yes this is the intent since it all depends on what the subscriber needs/wishes.
    
    It may be worth mentioning explicitly that this is to be
    implementation-specific, but it's your call.
<RR2> I will mention it explicitly.
    
    >     Section 3.3
    >     
    >     I see that draft-ietf-netconf-subscribed-notifications (section 2.4.6)
    >     admonishes us to check for transport-layer errors (and ACLs!) before
    >     RPC-level errors; is the text here about "fails to serve the RPC
    >     request" and our description of error handling consistent with the
    >     separate transport-layer error handling?  (I think it can be, with a
    >     careful reading of "one of the reasons indicated in [] Section 2.4.6",
    >     but perhaps other readings are possible.)
    > <RR> Yes this section is for RPC-level errors, it references 2.4.6 of subscribed-notifications which provided a list of possible errors.
    
    Thanks for checking.
    
    >           The yang-data included within "error-info" SHOULD NOT include the
    >           optional leaf "error-reason", as such a leaf would be redundant
    >           with information that is already placed within the
    >           "error-app-tag".
    >     
    >     I'm not sure where this "error-reason" leaf is defined -- I don't see it
    >     in any of subscribed-notifications, yang-push, or RFC 8040.
    > <RR>Good catch,  I think this should be "reason" from yang-push, will check.    
    
    Thanks; it's good to know there's probably a reason why I was confused :)
    
    >     Section 3.4
    >     
    >     I'm not sure that I've previously encountered using the section heading
    >     to introduce an acronym (as is done here for SSE).  I bet the RFC Editor
    >     will do the right thing, though.
    > <RR> I'll move the acronym to the section text
    >     
    >        o  In addition to an RPC response for a "modify-subscription" RPC
    >           traveling over (a), a "subscription-modified" state change
    >           notification MUST be sent within (b).  This allows the receiver to
    >           know exactly when the new terms of the subscription have been
    >           applied to the notification messages.  See arrow (c).
    >     
    >     nit: I might suggest some language about "order within the notifications
    >     stream" for this state change, but that's purely editorial.
    > <RR> So you would like this text changed to clarify the order of events?
    
    If I was writing it, I'd say "allows the receiver to know exactly when,
    within the stream of events, the new terms of the subscription have been
    applied [...]".  But you're writing it, not me, so my opinion doesn't count
    for much.
<RR2> This text does seem clearer.
    
    >        o  In addition to any required access permissions (e.g., NACM), RPCs
    >           modify-subscription, resync-subscription and delete-subscription
    >           SHOULD only be allowed by the same RESTCONF username [RFC8040]
    >           which invoked establish-subscription.
    >     
    >     I'm confused about this "SHOULD" (the secdir reviewer noted it as well)
    >     -- in my understanding, the core subscribed-notifications requires that
    >     such RPCs must be done on the same transport connection as the one used
    >     to create a dynamic subscription (i.e., line (a) in Figure 1), and since
    >     RFC 8040 authenticated client identities are at the connection level,
    >     there could never be any change of username across the calls.
    > <RR> What you describe above is true for netconf (all done on same session. 
    > However restconf doesn't work the same way (no long-lived sessions), so subsequent RPCs could actually be on a different transport connection.
    > I do recall the secdir comments and your comments to my response, I will include the text you had suggested to justify the SHOULD.
    
    Thanks.
    
    >        o  Loss of TLS heartbeat
    >     
    >     (As noted above, this is under-specified at present.)
    >     
    >     Section 9
    >     
    >     I would suggest also recommending that the 'uri' values not have a
    >     predictable structure or be guessable.  While we do have solid access
    >     control in place via NACM/etc., there is still a risk of side-channel
    >     leakage if there's a distinction between "resource does not exist" and
    >     "not authorized".  (FYI we had a long discussion about unguessable URIs
    >     in the context of draft-ietf-acme-acme, which had a much weaker
    >     access-control story and could in some sense be said to use "capability
    >     URIs", if anyone wants to do some background reading.)
    >     (One might see also draft-gont-numeric-ids-sec-considerations.)
    > <RR> Section 9 says "The subscription URI is implementation specific ...". I can add text, as you suggested, to recommend that the uri values not be predictable.
    
    Please do -- I think this is easy to do and improves the robustness of the
    system, so we should recommend implementations to do it even if there's not
    a strict functional requirement to do so.
<RR2> Will do.

Regards,
Reshad.
    
    >     I see that the subscription-id type is only of type uint32 in
    >     draft-ietf-netconf-subscribed-notifications, which to some extent limits
    >     the unguessability property to the URIs and not as much for the IDs
    >     themselves (though randomization within a 32-bit space is not without
    >     value).
    >     
    >     Appendix A
    >     
    >     Consistent with my suggestion in the Security Considerations, I'd change
    >     the returned URI here or at least note that the "22", "23", etc. are
    >     placeholders and not indicative of expected usage.
    > <RR> I will add a note.
    
    Thanks!
    
    -Ben
    
    >     (This snippet from A.1.1)
    >     
    >        {
    >           "ietf-subscribed-notifications:input": {
    >              "stream-xpath-filter": "/example-module:foo/",
    >              "stream": "NETCONF",
    >              "dscp": "10"
    >           }
    >        }
    >     
    >     The ambiguity of "10" has been noted elsewhere, but since it's a uint8
    >     (range "0..63") wouldn't it be a JSON number, not a JSON string?
    > <RR> You are correct, will change to 10
    >     
    >     Similarly, subscription IDs are uint32, which IIUC gets encoded as a
    >     number.
    > <RR> Correct again.    
    >     
    > Regards,
    > Reshad.
    >