IETF Logo Mail Archive

Re: [netconf] [Last-Call] Yangdoctors last call review of draft-ietf-netconf-ssh-client-server-24

Andy Bierman <andy@yumaworks.com> Fri, 28 May 2021 23:59 UTC

Return-Path: <andy@yumaworks.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ACE63A3AC2 for <netconf@ietfa.amsl.com>; Fri, 28 May 2021 16:59:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jiYlOE143RhP for <netconf@ietfa.amsl.com>; Fri, 28 May 2021 16:59:27 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE9693A3AC0 for <netconf@ietf.org>; Fri, 28 May 2021 16:59:26 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id r5so7687219lfr.5 for <netconf@ietf.org>; Fri, 28 May 2021 16:59:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S22UA2kIKMBtW2jxIfACVfUJOjI/Nk6AvuHaHusTozQ=; b=l3IU0ZEK+p+UfyCCnxUnJ5D2TwF8fPmmKXPcQ7Vd1L+MpyFAinbgjC4S10hsB6maZh k/92+mPsIJMZ7owUUUQ2JDuBhh1FbPms25+y+FehTea8RTJCW1bQpXo3TdQvO9guvTCe j/WnbVK3Mr3YiIE6Cmvv+Zw8PA+zb1P8SQUsblC5jp02EIiKwsME0q1U1aPaIMqO/Mpn LhiBI3zZhha/Y5yYdH57F7BDT6p131H+6KpxYhdfB/L+VOjKzcJtEP6HSQnrDXwpmlOv 2RuM2i0hNjL60mJTDlZu/fqJRy4twyropv4ofFC7FWafAiNxUvjUFDKiYcoF2/yfrSb4 tryQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S22UA2kIKMBtW2jxIfACVfUJOjI/Nk6AvuHaHusTozQ=; b=szPQXnFoCMt3cRaztx+XgMrT44y8QPU3MOvSx9YPabdn1SwcBBbhc5q24WbYH8g51t /sxjPabAnTAn7imZ5wchGFf/xg+GfuiqVrD+NR2T0PO3fEB8Z3h82QYbaWS1kH7nJjG5 TnxMuOXel0tPqDfkf8bMIRm05PX/b4NFQ1J0Vh+ZX6m+J5e8tuPwn7nG/GcIgxEHDTQc dXAbiTJxV8lnKg1ohpWkYTI8MMdaIwhP9qTn0OVr/5TxrO4d9EbPl8KgsS6Ckms/fGDq tlu4+CGZeV9gSJqBD8BICTVqnvZ7q4oP9IhwIvOvWR1U1o3obFMYkClbmHpnZGfU+Z5C BjQw==
X-Gm-Message-State: AOAM530xWX6xMg2kqFiyTAxZqtagH/J2mriSdZ/6p2ULsTCuCZfgvP17 cZEmyu/S7aNS0tuAcRgAnhzB6bmd0HgUYrn+ALoTYFdJR7KYcQ==
X-Google-Smtp-Source: ABdhPJwofVod0PP3JO4ebQQgFt/NRXU4fUwQnDpU7aZ82wAr/vUWBYEkhTSIExhXiNCPOX6y+mHJjIcq/s/xiQFFHYc=
X-Received: by 2002:a05:6512:20c6:: with SMTP id u6mr7541566lfr.38.1622246362938; Fri, 28 May 2021 16:59:22 -0700 (PDT)
MIME-Version: 1.0
References: <162197047222.6755.5719177112947542346@ietfa.amsl.com> <01000179af378320-73241cbb-c5a4-45dd-8c87-03ff603cc2f0-000000@email.amazonses.com>
In-Reply-To: <01000179af378320-73241cbb-c5a4-45dd-8c87-03ff603cc2f0-000000@email.amazonses.com>
From: Andy Bierman <andy@yumaworks.com>
Date: Fri, 28 May 2021 16:59:11 -0700
Message-ID: <CABCOCHTjKHE1pbP05tcBGvx1Ms5LJsvmtBe1te4kOr-1jwTJPw@mail.gmail.com>
To: Kent Watsen <kent@watsen.net>
Cc: "netconf@ietf.org" <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000033914205c36caa89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/KoShxcCoRqZUGNHdwrL7HFJHtDY>
Subject: Re: [netconf] [Last-Call] Yangdoctors last call review of draft-ietf-netconf-ssh-client-server-24
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 23:59:32 -0000

On Thu, May 27, 2021 at 12:05 PM Kent Watsen <kent@watsen.net> wrote:

> [moving all alias except “netconf” to the BCC list]
>
>
> Hi Andy,
>
> Thank you for your review!
>
> > On May 25, 2021, at 3:21 PM, Andy Bierman via Datatracker <
> noreply@ietf.org> wrote:
> >
> > Reviewer: Andy Bierman
> > Review result: Ready
> >
> > Comments:
> >
> > 1) Measuring Interoperability for groupings and identities
> >
> > [same comment for SSH and TLS drafts]
> >
> > These modules are intentionally abstract.
> > There are no protocol-accessible objects defined at all.
> > Interoperability is usually measured in the context of a
> > specific protocol (e.g., NETCONF).
> >
> > There is an assumption that interoperability will be achieved
> > by some other RFCs that will have "uses" statements to create
> > protocol-accessible or otherwise implementable objects.
>
> True, and we have, e.g., the "netconf-client-server" and
> "restconf-client-server" drafts, and the PCE WG has the "pcep-yang” draft.
>  There’s a leap of faith, but also some running code, so hopefully within
> the intentions of an “RFC”.
>
>
> > There is also an assumption that the groupings will be used the
> > same everywhere, and the only difference will be the
> > path from root to the objects in these groupings.
> > In fact, the "refine" statement allows each usage to be
> > different.
>
> What assumption?  Do you mean the description statements in the various
> "[ssh/tls]-[client/server]-grouping” groupings.  For instance, see the 2nd
> paragraph below:
>
>      grouping ssh-client-grouping {
>        description
>          "A reusable grouping for configuring a SSH client without
>           any consideration for how an underlying TCP session is
>           established.
>
>           Note that this grouping uses fairly typical descendent
>           node names such that a stack of 'uses' statements will
>           have name conflicts.  It is intended that the consuming
>           data model will resolve the issue (e.g., by wrapping
>           the 'uses' statement in a container called
>           'ssh-client-parameters').  This model purposely does
>           not do this itself so as to provide maximum flexibility
>           to consuming models.";
>
> While it is true that “stacks” (or sibling “uses” statements) are expected
> (from a "best practice” POV), I’m unaware of any Xpath expressions
> enforcing this.
>
>

I was re-reading RFC 7950 and there is nothing to add in these drafts about
it.
Groupings do not define any nodes in the schema tree.

In the old days the IETF used to be concerned with Interoperability Reports
in order to advance an RFC from Proposed Standard to Draft Standard.
Now that that is no longer done, it is not that important to point out that
interoperability can only be evaluated for the module with the "uses"
statement,
since that is how schema tree nodes are defined from a grouping template.



> > Perhaps the drafts should mention these interoperability issues.
>
> Could you be more specific in what text you’d like to see in which
> sections?
>
>
see bove -- no changes requested


>
>
> > 2) same feature names in 2 modules
> >
> >  - feature userauth-hostbased
> >  - feature userauth-none
> >  - feature userauth-password
> >  - feature userauth-publickey
> >
> > The ietf-ssh-client and ietf-ssh-server modules both use these
> > feature names. IMO users will not expect this, and this will cause
> > confusion.
> >
> > Why can't these features be defined once in ietf-ssh-common.yang?
> > Seems like client and server will advertise the feature for
> > implementing their relevant values.
>
> Well, these were named differently in just the previous version of the ssh
> draft…from the change log:
>
>  *  Renamed "client-auth-*" to "userauth-*"
>  *  Renamed "client-identity-*" to "userauth-*”
>
> Juergen felt that these were more natural names for SSH.   I agreed,
> mostly just to get the “monkey off my back”, but it breaks with the
> convention used by the collection if client-server drafts (where all the
> variations of "[client/server]-[auth/identity]” are typically used).
>
> Yes, “userauth” is the term used in the SSH drafts, and I didn’t think is
> was a big deal or, really, any deal at all, for the same feature names to
> be used in both drafts, such that I'm surprised by your "users will not
> expect this, and this will cause confusion” comment...
>
> Moving the definitions to the “common” module is possible, of course, but
> tricky since the description statements say different things, to address
> the different contexts in which they’re used.  The description statement
> could be expanded to address each context, but this will get wordy…I wonder
> if it wouldn’t be better to just go back to the previous
> “client-[auth/identity]-*” prefixes - thoughts?
>
>
OK -- not a big deal except possibly when the feature name is used outside
of YANG,
without any prefix to tell which one is meant.  I agree the different
description-stmts
make it difficult to write a common feature definition, so this is not
important to change either.




>
>
>
> K.
>
>
Andy

v2.23.0 | Report a Bug | By Email