Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities

Mahesh Jethanandani <> Tue, 01 October 2019 23:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BCB06120168 for <>; Tue, 1 Oct 2019 16:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PDCeJJRwX_q7 for <>; Tue, 1 Oct 2019 16:00:04 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E9F4A12011E for <>; Tue, 1 Oct 2019 16:00:03 -0700 (PDT)
Received: by with SMTP id c17so10762902pgg.4 for <>; Tue, 01 Oct 2019 16:00:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YCIaEVrf2Iqt4lNHSWAc6/rqEXD0b8cOykvM10QF4rI=; b=XtEErsbtbKXnyhcTNqNJkbtbRKBeughUW1eqwyHmE976Cumv5M3I7XsbLjKl1TutLa 1EFaadC5szxMXO4A+F6Bhddtd+Y6nZAgrtOQ+UZR07GXL1MJEFVIxYkbq1i0mVbA/Vse CHmoUGlLdtTMpj7wuk946/YsMEfh5uKb2Txqm2EnbpgDUnQ2akUyjzCiA2Yo0/+Wg1Sq 2bDltwOmqDu5xQO5Q8c98kmmjzMAE9xSSKAByWaP2bmQFTHoEtl9K5l3e3/gwUU9po1h k7aajm9O751fgZlhzGLNADBU/urHKlN7JFKYCH0tJYG+CoKZdwbqQ6VWSihw1KLORkeW Uh2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YCIaEVrf2Iqt4lNHSWAc6/rqEXD0b8cOykvM10QF4rI=; b=pv3NH2/Y8zTodY4gXJXX1ZjNUoOYHnJ+zWb9n1P1L2hrnwxll5KkiacW1/Mi9KpzXA UP/xwXLXf3+wQbhBu0o5PHhYaNgHo7Oi2rOZfH/RmedY/GtbDnHEkANd0hI6u1JfwgBR i3RZ0msFZkBCqg4SyucKVBu7XYICpi89GkJlLZQFRW6+LzqulgKrKoUh3RBbXvX8MwiX wcZM/bi6jhFapiFR/GkgtsJT7py7/vpX9duVhwfdN+k68E/5JCyN5DT2lXFy732s/Vyx SJNWtNcco4KWRTIpH2TZXkfWZ4BnRLYlZBIbB+ZbQ26T3T91KBYMjDntjU3r5FjECv3t RuDQ==
X-Gm-Message-State: APjAAAVkMVaNgY2DwiBGhOdnKunLmFBN//XDf2Yx35hoWjrd2Gvcktoj pSgqU3OCiWYKVxz0ieZwdfU=
X-Google-Smtp-Source: APXvYqzmTH7XevP00HghFKIQeO27uFz1gtavn2aRoDpndDgWpiXfVGNOdvY9B4tiss9fpVaUWzF3Iw==
X-Received: by 2002:a63:e114:: with SMTP id z20mr306343pgh.278.1569970803198; Tue, 01 Oct 2019 16:00:03 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id q29sm10273015pgc.88.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Oct 2019 16:00:02 -0700 (PDT)
From: Mahesh Jethanandani <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C83F2D19-6638-4A25-9A34-9F1E502D9CF7"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Tue, 1 Oct 2019 16:00:01 -0700
In-Reply-To: <>
Cc: "Eric Voit (evoit)" <>, Alexander Clemm <>, Benoit Claise <>, Netconf <>
To: =?utf-8?Q?Bal=C3=A1zs_Lengyel?= <>
References: <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Oct 2019 23:00:08 -0000

Hi Balasz,

I have reviewed your preliminary next version of the document (-05), and have the following comments. Some of these comments might be duplicates or overlap with comments provided by others.

Minor issues:

- Please fix the sub-title of the draft as it refers to -04 version of the document.

- Can we get a consistent view in the draft using either publisher/subscriber or server/client in the document. I see Publisher/Receiver, client/management combinations also used in the document.

- Can we use 'on-change consistently' in the document. I see both "on-change" and "on change”

- I still see reference to Yang instead of YANG in the document.

- Remove Section 6.

Remaining comments:


s/identify for which objects/identify which objects


   During NMS implementation for any
   functionality that depends on the notifications the information about
   on change notification capability is needed.


   A NMS implementation that wants to support notifications, needs the information about
   on-change notification capability.

Can you explain the following statement. What does it mean for the “network node to be ready”? Exchange capability information? Also, if that capability is exchanged at run-time what would the subscriber do? Per your explanation, the “implementation time” capability requires an implementation, and therefore an implementation not knowing it would have to discard this capability??? 

  "If the information is
   not documented in a way available to the NMS designer, but only as
   instance data from the network node once it is deployed, the NMS
   implementation will be delayed, because it has to wait for the
   network node to be ready."

The rest of the explanation on that paragraph of not having a ”correctly configured network node available to retrieve data” could use an example. I am not clear in what way an incorrectly configured network node would create a problem specifically in this situation, other than the fact that any incorrectly configured node is a problem.


> On Sep 30, 2019, at 2:20 AM, Balázs Lengyel <> wrote:
> Hello,
> Here is a preliminary next version (not submitted yet). See also below.
> Regards Balazs
> From: Eric Voit (evoit) < <>> 
> Sent: 2019. szeptember 27., péntek 21:42
> To: Balázs Lengyel < <>>; Mahesh Jethanandani < <>>; Alexander Clemm < <>>; Benoit Claise (bclaise) < <>>
> Cc: Netconf < <>>
> Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
> Hi Balazs,
> Some more thoughts in-line.   I cut out those I think closed.
> From: Balázs Lengyel < <>> 
> Sent: Friday, September 27, 2019 8:48 AM
> To: Eric Voit (evoit) < <>>; Mahesh Jethanandani < <>>; Alexander Clemm < <>>; Benoit Claise (bclaise) < <>>
> Cc: Netconf < <>>
> Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
> Thanks for the comments. See answers below. 
> I hope the group will be ok with using the term publisher instead of server. IMHO it is clearer as the client server relationship can be reversed e.g. for https notification transport.
> Balazs
> From: Eric Voit (evoit) < <>> 
> Sent: 2019. szeptember 24., kedd 23:15
> To: Mahesh Jethanandani < <>>; Balázs Lengyel < <>>; Alexander Clemm < <>>; Benoit Claise (bclaise) < <>>
> Cc: Netconf < <>>
> Subject: RE: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
> Here are some comments...
> On-change Notification Capability: Is this different from support for RFC-8641 feature "on-change"?  If they are the same, it might be possible to remove the term.  Especially as this term is used inconsistently.
> BALAZS: In RFC 8641 on-change is not defined as a capability. It is used for many more things (e.g. On-change subscription,  trigger condition, type of push updates, a feature.) In this draft the on change capability is just the servers capability to send on-change notification globally, for a specific datastore or a specific data node. Description will be reworded.
> <Eric> It will be good to see the reword.   I still am not clear how this different from the RFC-8641 feature "on-change", along with this feature being associated with specific nodes.  
> On-change Notification Capability: The capability of the server to
>    send on-change notifications for a specific datastore or a specific
>    data node.
> Section 3
> Paragraph 2, bullet 2: Instead of  "amount of notifications the server can send out", do you mean "the minimum periodicity of updates which a server can send out for an object"
> BALAZS: That too, but also the max-objects-per-update. I was told not to repeat information in the main text and in the YANG module, so I tried to find a wording that covers both. Also  its not always the minimum times. Some servers support  a specific set of times, not a anything over a minimum.
> <Eric> Ok, so this bullet is a bucket of various types of information.  Which is fine with me.
> Paragraph 2, bullets 3 & 4: I don't think these should be indented as bullets are they are more about proper behavior of a correctly populated model.
> BALAZS: I don’t really understand this comment.  Please explain.
> <Eric> Looking at the text, bullets 3 is written to say how capabilities value can be set (i.e., how) rather than that they can be set for different levels (i.e., what).  Getting consistency so that the bullets are all 'how' or all 'what' items would help readability.  
> BALAZS2: OK, I get it. You are right, to be corrected.
> Paragraph 3, bullets 2: why isn't SHALL instead MUST?   Also, shouldn't this point out that both NETCONF and RESTCONF MUST be supported if on-change is advertised, and this draft is supported?
> BALAZS: As I understand RFC 2119 MUST and SHALL both mean the same, but I will change to MUST. No I do not want to mandate implementing both Netconf AND Restconf. IMO a server with just Netconf would work just fine; or maybe I misunderstand your comment?
> <Eric> The second part of my comment was about ensuring that IF this model was available, and the publisher supports both RFC-8640 & draft-ietf-netconf-restconf-notif, then this specification MUST be able to push changes over both NETCONF and RESTCONF.    Thinking more, this is actually a generic question which is likely already answered: how do you know which models are supported for which transports.   As advertisement is by transport, I withdraw this question.  
> BALAZS2: Some implementations have a yang extension statement to specify whether  a model is visible on specific interfaces
> Section 4
> I suspect that you will need to do a security analysis per YANG object.   This has been done the other YANG push family.
> BALAZS: The full module is readOnly and not sensitive or private in any manner.  The security text for the readOnly parts of YangPush is the exact same text: not very informative, but gives you the illusion of security awareness.
> <Eric> You can ignore my comment.  In doing RFC-8639, I needed to put in read/write analysis for each object.  And this did sometime include the risks of internally setting values which were read-only from the model.  Perhaps this will not be required during later draft reviews in the publication process.
> I suspect that manipulating the reporting intervals could have some security implications.   E.g., a hacker could push up the damping period or periodic interval to a level where the information they are changing then becomes invisible to a monitoring system.
> BALAZS: The full YAM is read-only so manipulating the data is not a concern.
> <Eric> Per my previous point, if the IETF process says you don't need to highlight such possibilities, then I am good.
> In rfc8639 the text says for readOnly data nodes something like: 
> If access control is not properly configured, can expose
>       system internals to those who should not have access to this
>       information.
> That is true for any bit of data, so I do not understand what information does it add. It does not hurt, so I will add the same sentence to my draft.
> If you have something else in mind please describe the attack method that I should mention.
> </Eric>
> Thanks, 
> Eric 
> From: netconf < <>> On Behalf Of Mahesh Jethanandani
> Sent: Tuesday, September 24, 2019 1:50 PM
> To: Netconf < <>>
> Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities
> We were supposed to have closed on the WGLC today. However, between the document becoming a WG item and it going into LC, we have not received too many comments on the draft. As such, we are extending the LC by another week. Please review the draft and provide any comments you might have.
> Mahesh & Kent (as co-chairs)
> On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani < <>> wrote:
> Authors have published -04 <> version of the draft, which addresses comments they received in IETF 105. If you provided comments please check to make sure your comments have been addressed. At this point, the authors believe that the document is ready for WGLC.
> This therefore starts a two week LC, ending on September 24th. Please provide any technical comments you might have on the document. If you believe the document is not ready for LC, please state your reasons.
> We will issue a IPR poll separately. 
> Mahesh & Kent (as co-chairs)
> <draft-ietf-netconf-notification-capabilities-05b.txt>

Mahesh Jethanandani