Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-04.txt

Alexander Clemm <alex@futurewei.com> Tue, 28 July 2020 22:35 UTC

Return-Path: <alex@futurewei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 802713A087D for <netconf@ietfa.amsl.com>; Tue, 28 Jul 2020 15:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbxuT2USjeUM for <netconf@ietfa.amsl.com>; Tue, 28 Jul 2020 15:35:31 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2104.outbound.protection.outlook.com [40.107.236.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D77F3A09DA for <netconf@ietf.org>; Tue, 28 Jul 2020 15:35:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MVXGRqPxKeUyg+1X88U5/k1NLXCoUSomE0hXAY2g3edOB2el/s0Ug9L8aJwrqMdLu61xD6ZnLDKBR7E57PU1I8n3SLpYBQUq8fuxw2cpQuAGC8JMF18SVPNJ0trxmXE4OevSUOsfHRNYNDQ1gnXjk/+6dD4KsOxB3toDmSDKJsltE496cu473C9/Q3lHaVkJYLHvA2Kt+huk9ccsjz55jc8Sgwc/tN+eOvl4F7PAEyBOjldBpVOMhDTP3YQuxOWB1KkI8Q8MS3f12S6QkkSDMQOXHCumBstVYlYXF5zovk/gFi6aSIfz9/bAksDLFOaAR+lxFBUHRwovzv0MeUG0sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J1jZBjAbZVTCCGK6mkl1JKVfT0n5h7mHyqeeqepbKyk=; b=LzAaGPBCQnqpdhhEpaTqC1naHtxKiGIKheGGUcNFZy/Slx+nQlNxnQRetJyayXdHMyHIwsULcjf8pp7zmHiiAFXZy842ybufJROYTC3d93w/WqLFGiOxLyy7fRGh8sg96VJrcAPGWcZCH8SMVvp8BsgZy/RgX0vuHwLg3hiFuK1+4BcQlcYVHRykVWK58uevVnP+LRmhCcYKH+m8icFAOjyg1tiasnYYehhseuSL6UlXaxXusuSBmHOXBxe2M8x7R2FoOxpTXOpyePKXFtS7T1V8NbTRn11P81C2Z+HXlD0GA/T1YNt+A8OshE8wcf4j2gI0r1v8WIGJ65BJSoMEbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J1jZBjAbZVTCCGK6mkl1JKVfT0n5h7mHyqeeqepbKyk=; b=iMTrHaHQ+fb8r/HUQ7YO/UGbDeTneoWV5Roq7ovXKnPbNPES72ASgr+EU44vDj3SDxk64F/frYrkLAvm0FTgEcrkk6VtPpUHptC/92f2VWIyxTz2o6QRE01Hto9llbRLdWEaR2VMjDK79z/fvG5JLavf9eHbnTwMo+8aajvGjQ8=
Received: from BY5PR13MB3793.namprd13.prod.outlook.com (2603:10b6:a03:226::15) by BY5PR13MB3046.namprd13.prod.outlook.com (2603:10b6:a03:184::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.9; Tue, 28 Jul 2020 22:35:28 +0000
Received: from BY5PR13MB3793.namprd13.prod.outlook.com ([fe80::2447:df10:38ac:b1d7]) by BY5PR13MB3793.namprd13.prod.outlook.com ([fe80::2447:df10:38ac:b1d7%9]) with mapi id 15.20.3239.016; Tue, 28 Jul 2020 22:35:28 +0000
From: Alexander Clemm <alex@futurewei.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
CC: Kent Watsen <kent+ietf@watsen.net>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-https-notif-04.txt
Thread-Index: AQHWZCw/oCd5fHONJ0Cydfo2dr7zuakbkZmAgAASv4CAAUDLgIAAlIYAgAAEHHCAABgMAIAAAECQ
Date: Tue, 28 Jul 2020 22:35:27 +0000
Message-ID: <BY5PR13MB3793B3AFB82CCDA17A53F728DB730@BY5PR13MB3793.namprd13.prod.outlook.com>
References: <159586435098.29591.15728904593699090813@ietfa.amsl.com> <D6AD44FA-48E9-4534-8629-21E7513F43F2@gmail.com> <BL0PR11MB3122445CC5157131583366E1A1720@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR11MB31223C050B53484D6B01E5A4A1730@BL0PR11MB3122.namprd11.prod.outlook.com> <010001739732b207-d1f05f7d-170d-436e-8b94-2576a3bb5365-000000@us-east-1.amazonses.com> <BY5PR13MB3793085FF4C52CD4B228115CDB730@BY5PR13MB3793.namprd13.prod.outlook.com> <FF220A36-42A1-4FEC-9C75-AD5B3CD6295B@gmail.com>
In-Reply-To: <FF220A36-42A1-4FEC-9C75-AD5B3CD6295B@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [73.189.160.186]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dd789370-0608-4719-70f1-08d83346872d
x-ms-traffictypediagnostic: BY5PR13MB3046:
x-microsoft-antispam-prvs: <BY5PR13MB304661B9A0554D7CD69C27D8DB730@BY5PR13MB3046.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wwEK/MQkkcOeSic+giEzxMfFEMFw1+YgTYw4oG2zPdF+LNBQQGgLILpSC/UQ9dzRQEc9mXiO5pCjBQqVbOyiwWWP645VGizvzxBl20cy5+PZpzU2i+PXTppdkfdPvmK6bsIHRG4OuIi8ualg8ppiNWpfy4B73cBfJlYh37p9l9wUJxopBmeHsVfStSVptPL/R0xVduthT9o7yl/LQ9vn0G0xJbfHHbSWjjlTBH7OGc+3/eOLWI+UKBvS8VoVlDzvf9j3hoq2ksFMFxZdm3eyAde5jcXdLNBBXr6t5cPYIcI/xKmHaNhqO3ZANgeuhAda3MdpMKP0Hq+qRzFXelBfdP0wQI70V2M+eRUqldEKFl1pBiDJXjdobZnZb3E9eDCuCAFccGXnqAKdUaIYhGZu+w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3793.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39850400004)(346002)(136003)(396003)(366004)(4326008)(8676002)(71200400001)(52536014)(5660300002)(316002)(33656002)(8936002)(9326002)(7696005)(83380400001)(9686003)(55016002)(86362001)(6916009)(508600001)(66556008)(66476007)(66446008)(66946007)(54906003)(26005)(2906002)(186003)(64756008)(76116006)(6506007)(166002)(53546011)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: /vA2zCx8A/Nvb/m4N2VgnhtsrI/ag3bIAwlTmbJGNj0p27rs5oAVCsFOZlkYvvxHY91oNIajslVCKBHrJ83HBDsyFwzoGNmsR8BgB/qkjOjos9iu2AAMcWmVybTsH1VevczbumcGKmGp0nShZFFKOXJFihGtgw6S/pXzVzlmPhBZ4SNuCgR+a5skmqucM8V2AoRvjBu2bCWHMjfqp8QFer/fPSsM9WxKa6ADrJQc0fY1rRBoAprbksiIYFqAetbaclldVLE8wtaK5Yl63MUU5fW+IyQJolezi5hY0w7rK0kYTH/Sa8FB9caDRKjLwxuWXqhKD0Xf1K2NMjI/XPM+TRehxwsKqTP8pTKBA24C1NONr/gki2KIFd4oENqUtvgw170k1Jq15O3ERfH4xk2+sm9LxlQBjAGIkXLD1ZcranGSaMlH3NvLPl5ArPLNUJNucOs49cVFmfaKqIotwUBmOS3wS6xZzI8v+E8/uc9MDF60C2VHLxbfhrMje1V7uZ3eEkrUvn1SydbBVhMYfUMOY+FeDI4U+zuE8Qq9o64tw2z1qFAy4QYiaqPeWJw4S5KtWx5UXU4qUcN7xGWOU25RlSWPecMdtGESXd2F1dBBZJOZVZFx3utgXKs5o/e8s09D65TYrhEhr5xtvbvQgMN4fA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY5PR13MB3793B3AFB82CCDA17A53F728DB730BY5PR13MB3793namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3793.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dd789370-0608-4719-70f1-08d83346872d
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2020 22:35:27.8747 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rEbqzAPm8Z9gFYcfK4J2iF2GG01VSHGAbOy47xwIzAcnW+nCd7k1tWbAPvTK2VyAF+sMkgejwCYBHD0tyu+4qg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3046
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/evUPi8K6F0if-96vFBp-aDqlJAE>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 22:35:34 -0000

Hi Mahesh,
thank you for your explanation.  Let’s put that separation and clarification in the draft.
--- Alex

From: Mahesh Jethanandani <mjethanandani@gmail.com>
Sent: Tuesday, July 28, 2020 3:33 PM
To: Alexander Clemm <alex@futurewei.com>
Cc: Kent Watsen <kent+ietf@watsen.net>et>; Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org>rg>; netconf@ietf.org
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-04.txt

Hi Alex,

If the implementation calls for a method by which a receiver wants to subscribe to particular notifications, by all means you need to implement SN. However, if all you need to implement is a channel by which notifications can be send from the publisher to the receiver, however that channel is set up, why would you need to implement SN?

Subscription State Change Notification is central to the concept of being able to subscribe to events. It is not central to how notifications are sent.

M


On Jul 28, 2020, at 3:19 PM, Alexander Clemm <alex@futurewei.com<mailto:alex@futurewei.com>> wrote:

Hi Kent,
I am getting a bit confused here.  Are you saying that you would only need to implement the augmentations, not the subscriptions model being augmented?  Subscription State Change Notifications are an integral part of the whole subscription concept.
Anyway, I agree this point needs clarification.
--- Alex

From: netconf <netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org>> On Behalf Of Kent Watsen
Sent: Tuesday, July 28, 2020 1:52 PM
To: Eric Voit (evoit) <evoit=40cisco.com@dmarc.ietf.org<mailto:evoit=40cisco.com@dmarc.ietf.org>>
Cc: netconf@ietf.org<mailto:netconf@ietf.org>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-04.txt

Hi Eric,

There are many downsides to *not* including the Subscription State Change Notifications, including the DOS attacks listed below.   As several people mentioned during the session, the draft isn't clear on which elements of https-notif require SN, and which do not.

Disagree, as it’s obvious that *implementing* the modules requires SN, while not implementing them doesn’t.  But, per your comment below, it would be good to float this point towards the beginning.




Additionally, the intro section of https-notif isn't clear here:
     This document defines two YANG 1.1 [RFC7950] data
    modules, one for augmenting the Subscription to YANG Notifications
     [RFC8639] to add a transport type, and another for configuring and
    managing HTTPS based receivers for the notifications.
The first time I understand all of SN isn't mandatory is Section 8.2.

Ack, see above.




If there are mandatory SN elements which are sometimes optional, could you explicitly list these in the draft?

This draft does not “update” RFC 8639.  No change to RFC8639 normative text exists in the draft.




Also could you list what the potential downsides of excluding mandatory might be, and when these potential downsides can be safely discounted?

An enumerated list would be overkill.  A passing comment is sufficient.  The following seems about right:

  “Using the 'https-notif’ transport outside of RFC 8639 MAY be desirable in cases where a simple notification-delivery mechanism is sufficient for the intended use.  When advanced delivery features are needed (e.g., replay, QoS), RFC 8639 is SHOULD be used.”






K.





_______________________________________________
netconf mailing list
netconf@ietf.org<mailto:netconf@ietf.org>
https://www.ietf.org/mailman/listinfo/netconf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fnetconf&data=02%7C01%7Calex%40futurewei.com%7C944e59ccecff415bfaf608d8334639a6%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637315724011722182&sdata=0lkOxGpZVfMNO6ae3JXpzHD26Im5Pni2UGspP%2BEmtfs%3D&reserved=0>