IETF Logo Mail Archive

Re: [Netconf] David Harrington's Discuss on draft-ietf-netconf-4741bis-09: (with DISCUSS and COMMENT)

"Bert (IETF) Wijnen" <bertietf@bwijnen.net> Fri, 04 March 2011 08:40 UTC

Return-Path: <bertietf@bwijnen.net>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A82A93A6908; Fri, 4 Mar 2011 00:40:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.515
X-Spam-Level:
X-Spam-Status: No, score=-102.515 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q67uyPx-ErS3; Fri, 4 Mar 2011 00:40:38 -0800 (PST)
Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1342]) by core3.amsl.com (Postfix) with ESMTP id E85D83A6842; Fri, 4 Mar 2011 00:40:35 -0800 (PST)
Received: from dodo.ripe.net ([193.0.23.4]) by postgirl.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <bertietf@bwijnen.net>) id 1PvQZw-0006cS-7X; Fri, 04 Mar 2011 09:41:42 +0100
Received: from dog.ripe.net ([193.0.1.217] helo=guest184.guestnet.ripe.net) by dodo.ripe.net with esmtp (Exim 4.72) (envelope-from <bertietf@bwijnen.net>) id 1PvQZw-0004aJ-2F; Fri, 04 Mar 2011 09:41:40 +0100
Message-ID: <4D70A5C4.2040005@bwijnen.net>
Date: Fri, 04 Mar 2011 09:41:40 +0100
From: "Bert (IETF) Wijnen" <bertietf@bwijnen.net>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: David Harrington <ietfdbh@comcast.net>
References: <20110301230555.15990.2719.idtracker@localhost>
In-Reply-To: <20110301230555.15990.2719.idtracker@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 86ab03e524994f79ca2c75a176445dd48e05e0adb345daecfe792149c30256ce
Cc: netconf <netconf@ietf.org>, The IESG <iesg@ietf.org>, netconf-chairs@tools.ietf.org, draft-ietf-netconf-4741bis@tools.ietf.org
Subject: Re: [Netconf] David Harrington's Discuss on draft-ietf-netconf-4741bis-09: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2011 08:40:39 -0000

More answers/comments from Juergen below.

Can I ask mister Harrington to participate in the discussion on the
NETCONF WG mailing list? That is the only way to get to convergence
in a reasonable amount of time. Dave, you ARE a particpant in the WG,
and I hope you can pay attention there till we reach agreement on this
DISCUSS. I hate to have to keep forarding yoru emails to the WG and
then forward any WG technical responses back to you.
That is not productive, and things may get lost in that path.

Thanks,
Bert Wijnen
Document shepherd

-------- Original Message --------
Subject: 	Re: [Netconf] FW: David Harrington's Discuss on draft-ietf-netconf-rfc4742bis-07: (withDISCUSS and COMMENT)
Date: 	Thu, 3 Mar 2011 18:07:23 +0100
From: 	Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Reply-To: 	Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: 	Ersue, Mehmet (NSN - DE/Munich) <mehmet.ersue@nsn.com>
CC: 	Netconf <netconf@ietf.org>



On Thu, Mar 03, 2011 at 05:08:01PM +0100, Ersue, Mehmet (NSN - DE/Munich) wrote:

>  Any comments? Pls also check the mail below from
>  David Harrington.

[... stuff removed I figured out is not helpful to send ...]

NETCONF is the wrong place to constraint user name. For SSH, this is
a no-brainer anyway.

/js

PS: We dealt with the uniquess questions explaining that this is an
     ACM issue and note that it is even mentioned in the Security
     Considerations section:

    [...] Second, it could be desirable to authorize based on
    mechanisms available in the secure transport layer (SSH, BEEP, etc).

PS: RFC 4252 says:

       byte      SSH_MSG_USERAUTH_REQUEST
       string    user name in ISO-10646 UTF-8 encoding [RFC3629]

     RFC 4251 says:

    string

       Arbitrary length binary string.  Strings are allowed to contain
       arbitrary binary data, including null characters and 8-bit
       characters.  They are stored as a uint32 containing its length
       (number of bytes that follow) and zero (= empty string) or more
       bytes that are the value of the string.  Terminating null
       characters are not used.

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103<http://www.jacobs-university.de/>
______________________





On 3/2/11 12:05 AM, David Harrington wrote:
> David Harrington has entered the following ballot position for
> draft-ietf-netconf-4741bis-09: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> 1) should there be constraints on the basic format of username? if it is expected to be specified by an operator in config files or databases, should it be human-readable? ascii? utf-8?
>
> 2) should the format be predictable, so the operator can determine what the NC username will be, given a knowledge of the corresponding identifier in the secure transport protocol?
>
> 3) commit MUST revert at 600 secs, but timeout is configurable., what if somebody sets it to 700 seconds? MUST it still revert at 600? Can a low timeout cause a denial of service?
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> 1) copyright in yang module needs updating.
>
> 2) appendix F doesn't mention dropping the local file requirement for URLs,
>
> 3) terminology should probably define username, not user. It is doubtful username is commonly referred, since it did not exist in 1.0.
>
> 4) I found the use of RFC2119 laniguage rather inconsistent. Some uses of "can" probbaly should have been MAY. Some uses of "are" probbaly should have been MUST, to ensure interoperability.
>
> 5) I support Lars' Discuss. There is no requirement to use a transport protocol that provides congestion control. If a transport is used that does not already provide congestion control, then the NC transport should provide congestion control. It is RECOMMENDED to use an existing transprt standard that provides congestion control.
>
>
>
>

v2.23.0 | Report a Bug | By Email