Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt
Andy Bierman <ietf@andybierman.com> Thu, 07 October 2010 15:10 UTC
Return-Path: <ietf@andybierman.com>
X-Original-To: netconf@core3.amsl.com
Delivered-To: netconf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F8673A6E6A for <netconf@core3.amsl.com>; Thu, 7 Oct 2010 08:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UWGxuQzaQEJ for <netconf@core3.amsl.com>; Thu, 7 Oct 2010 08:10:34 -0700 (PDT)
Received: from smtp104.sbc.mail.re3.yahoo.com (smtp104.sbc.mail.re3.yahoo.com [66.196.96.80]) by core3.amsl.com (Postfix) with SMTP id 804773A6F90 for <netconf@ietf.org>; Thu, 7 Oct 2010 08:10:33 -0700 (PDT)
Received: (qmail 39862 invoked from network); 7 Oct 2010 15:11:33 -0000
Received: from [192.168.0.14] (ietf@75.84.164.152 with plain) by smtp104.sbc.mail.re3.yahoo.com with SMTP; 07 Oct 2010 08:11:33 -0700 PDT
X-Yahoo-SMTP: Z6xhxCCswBAlhcxjVNwaQtp4EKpLdTUUf5Nx_pGy81o-
X-YMail-OSG: qRCirNMVM1kOp_JjgOE50WMbbW3pp3WeGC2coS8tR40HCZQ Q5g8SsNWDDOM_kzv6EiotK0dyfmiJArEV7mzOOMEGfpUA9EdMeKb_OH4CzBu P4J4aK0U4eNzjjTsVMvV5oU24CY4MjWUPvFEY2KPR_U_zuW4kUbBPxvcfKbi DuU1AvNC9NAGq67qVVUrUUr8M5qY73kO.Nnq6JL5X9ztJiqSrevaWgif5WGK n2nTp0p0oyR.JYpPuBzS0rpfogYojIcAxrF9xzWn0PL0IeSBfhP._OOncqEC oLBrVYKev_ShA61gJdI7hBXPQSrws1GGkF0N3zd36nWZTlXAxgItkpl0l3YA DKBNhmEbcWjV_wfPnusbC0nEUba88X3DuIAIe_EBPZwbYC9uo2nuygh4BPev WCDdgovo-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4CADE324.5090307@andybierman.com>
Date: Thu, 07 Oct 2010 08:11:32 -0700
From: Andy Bierman <ietf@andybierman.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8
MIME-Version: 1.0
To: "Ersue, Mehmet (NSN - DE/Munich)" <mehmet.ersue@nsn.com>
References: <CB69B162C87647AE97AB749466633F54@BertLaptop><4C9B3E60.5030000@bwijnen.net> <87r5g21d05.fsf@cesnet.cz> <80A0822C5E9A4440A5117C2F4CD36A64010D95FF@DEMUEXC006.nsn-intra.net>
In-Reply-To: <80A0822C5E9A4440A5117C2F4CD36A64010D95FF@DEMUEXC006.nsn-intra.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Netconf <netconf@ietf.org>
Subject: Re: [Netconf] We NEED RESPONSES: WG Last Call ended for:draft-ietf-netconf-4741bis-04.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 15:10:38 -0000
On 10/07/2010 04:43 AM, Ersue, Mehmet (NSN - DE/Munich) wrote: > Hi Lada, > >> I re-read again 4741bis-04 and I think it's fine with one exception: >> Either the EOM issue must be fixed in 4742bis or 4741bis should not >> require it as the mandatory transport protocol. > > We discussed this several times and came several times to the > same conclusion. > A comprehensive solution would be needed to address the issue > restlessly. However, this would cause a V2.0 and it'll be > incompatible with V1.0. > > By our charter 4741bis and 4742bis do not have the mandate for > V2.0(!). > Therefore we decided to keep the current solution and describe > the possible security thread unmistakably. > > Good or bad, IIRC this is the factual report of the situation. > thanks. Since ]]>]]> is not special in BEEP (for example), text about it does not belong in 4741bis. It is fine to say that a NETCONF client that sends ]]>]]> as content is broken. For any YANG content that may contain ]]>]]> unintentionally, the YANG 'binary' data type should be used, since XML element content does not allow ]]>]]>. We have NACM in the works to control what a session can do once it is authenticated, to address most data injection attacks. The only real exposure in the standard are the client-provided XML attributes that the server must return in the <rpc-reply>. Since the client controls this, the rule in 4742bis (MUST NOT send ]]>]]>) is sufficient to solve the problem. > Cheers, > Mehmet Andy > > >> -----Original Message----- >> From: netconf-bounces@ietf.org [mailto:netconf-bounces@ietf.org] On >> Behalf Of ext Ladislav Lhotka >> Sent: Thursday, October 07, 2010 1:03 PM >> To: Bert (IETF) Wijnen; Netconf >> Subject: Re: [Netconf] We NEED RESPONSES: WG Last Call ended > for:draft- >> ietf-netconf-4741bis-04.txt >> >> Hi, >> >> I hope it's not too late: >> >> I re-read again 4741bis-04 and I think it's fine with one exception: >> Either the EOM issue must be fixed in 4742bis or 4741bis should not >> require it as the mandatory transport protocol. >> >> Other comments: >> >> 1. Sec. 1.2: List item 2 refers to [8], which is the partial lock >> RFC. Instead, it should refer to RFC 5277 (notifications). >> >> 2. Sec. 1.3: The base NETCONF specification also corresponds to a >> capability, namely :base. >> >> OLD >> >> A NETCONF capability is a set of functionality that supplements the >> base NETCONF specification. >> >> NEW >> >> A NETCONF capability is an identified set of functionality. >> >> 3. Sec. 3: >> >> "All NETCONF messages MUST be well-formed XML, encoded in UTF-8." >> >> It should be clarified what this requirement means. My > understanding >> is that PDUs exchanged between the client and server MUST contain >> well-formed messages. >> >> 4. Sec. 4.1: >> >> "If additional attributes are present in an<rpc> element, a > NETCONF >> peer MUST return them unmodified in the<rpc-reply> element. This >> includes any "xmlns" attributes." >> >> I think the requirement on "xmlns" attributes is quite >> problematic. These attributes have a very specific function, so if >> the server uses another prefixes or another default namespace, why >> should it send the "xmlns" attributes received in the RPC request? >> >> The client could thus pre-empt a prefix the server normally uses, >> e.g. by sending xmlns:nc="http://example.com/foo". >> >> 5. Sec. 5.2, 7.2 and elsewhere: >> >> I think it would be better to indicate the namespace in the names > of >> XML elements or attributes, if there is any, e.g.<nc:config> > rather >> than<config>. This is especially important for attribute names >> because attributes with a non-null namespace URI are not common. >> >> 6. Sec. 6.2.5, fourth bullet on p. 26: >> >> "If any sibling nodes of the selection node are instance identifier >> components for a conceptual data structure (e.g., list key leaf), >> then they MAY also be included in the filter output." >> >> I don't understand what this means. Is it that the subtree pointed >> to >> by the instance indentifier may be included? >> >> 7. Sec. 7.2: Without the notion of (mandatory) list keys, the merge >> operation may be ambiguous. In the example on p. 43, if the >> "running" >> datastore contained two interfaces >> >> <interface> >> <name>Ethernet0/0</name> >> <mtu>9216</mtu> >> </interface> >> <interface> >> <name>Ethernet0/1</name> >> <mtu>1500</mtu> >> </interface> >> >> the edit-config operation could mean two things: either change > <mtu> >> of the first interface or change<name> of the other. >> >> 8. Sec. 7.5, p. 49: >> >> s/A lock MUST not/A lock MUST NOT/ >> >> 9. Sec. 8.1: >> >> "Each peer sends its<hello> element simultaneously ..." >> >> Why "simultaneously"? Should it be removed or changed to >> "asynchronously"? >> >> 10. Sec. 8.3.1: >> >> "A<commit> operation may be performed at any time that causes the >> device's running configuration to be set to the value of the >> candidate configuration." >> >> What is the "value" of the candidate configuration? The first >> sentence in the next paragraph explains the operation correctly so >> this sentence could be removed. >> >> 11. Now that Appendix B declares itself as normative, I am wondering >> what object is supposed to be validated against the XSD schema. For >> example, the schema doesn't take into account the two variants of >> <hello> with different content model: server's<hello> must have >> exactly one session-id attribute whereas client's<hello> must not >> have it at all. The XSD has a content model that is correct neither >> for the server nor for the client: >> >> <xs:element name="session-id" >> type="SessionId" minOccurs="0"/> >> >> Lada >> >> On Thu, 23 Sep 2010 13:47:44 +0200, "Bert (IETF) Wijnen" >> <bertietf@bwijnen.net> wrote: >>> It was pointed out to me that we did not get ANY comments to this >> WGLC. >>> Well, there was continued discussion on XML parse errors (which is >>> related partly to this document) on which we will come back > tomorrow. >>> >>> But no other comments, Also not any " I read it, go ahead to the > next >> step". >>> >>> Can the WG chairs assume that people have indeed read the latest >> version >>> of this document and are OK with it? >>> >>> Can you please ASAP tell us: I read the doc and I am fine with it!!! >>> >>> PLEASE >>> >>> Bert and Mehmet >>> >>> On 9/3/10 12:08 AM, Bert Wijnen (IETF) wrote: >>>> WG participants, this email starts a formal WG Last Call for >> revision 4 >>>> of the 4741bis document. The document is targeted as Proposed >> Standard >>>> to replace the current rfc4741. >>>> >>>> Please do review and tell us your position and comments. >>>> Please do so BEFORE 20 September 2010. >>>> >>>> Bert and Mehmet >>>> >>>> ----- Original Message ----- >>>> From:<Internet-Drafts@ietf.org> >>>> To:<i-d-announce@ietf.org> >>>> Cc:<netconf@ietf.org> >>>> Sent: Monday, August 23, 2010 7:00 PM >>>> Subject: [Netconf] I-D Action:draft-ietf-netconf-4741bis-04.txt >>>> >>>> >>>> A New Internet-Draft is available from the on-line Internet-Drafts >>>> directories. >>>> This draft is a work item of the Network Configuration Working >> Group of the >>>> IETF. >>>> >>>> >>>> Title : Network Configuration Protocol (NETCONF) >>>> Author(s) : R. Enns, et al. >>>> Filename : draft-ietf-netconf-4741bis-04.txt >>>> Pages : 121 >>>> Date : 2010-08-23 >>>> >>>> The Network Configuration Protocol (NETCONF) defined in this >> document >>>> provides mechanisms to install, manipulate, and delete the >>>> configuration of network devices. It uses an Extensible Markup >>>> Language (XML)-based data encoding for the configuration data as >> well >>>> as the protocol messages. The NETCONF protocol operations are >>>> realized as Remote Procedure Calls (RPC). >>>> >>>> A URL for this Internet-Draft is: >>>> http://www.ietf.org/internet-drafts/draft-ietf-netconf-4741bis- >> 04.txt >>>> >>>> Internet-Drafts are also available by anonymous FTP at: >>>> ftp://ftp.ietf.org/internet-drafts/ >>>> >>>> _______________________________________________ >>>> Netconf mailing list >>>> Netconf@ietf.org >>>> https://www.ietf.org/mailman/listinfo/netconf >>>> >>> >>> _______________________________________________ >>> Netconf mailing list >>> Netconf@ietf.org >>> https://www.ietf.org/mailman/listinfo/netconf >> >> -- >> Ladislav Lhotka, CESNET >> PGP Key ID: E74E8C0C >> _______________________________________________ >> Netconf mailing list >> Netconf@ietf.org >> https://www.ietf.org/mailman/listinfo/netconf > _______________________________________________ > Netconf mailing list > Netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf > >
- [Netconf] 2-week WG Last Call for: draft-ietf-net… Bert Wijnen (IETF)
- [Netconf] We NEED RESPONSES: WG Last Call ended f… Bert (IETF) Wijnen
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andy Bierman
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ladislav Lhotka
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Martin Bjorklund
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Phil Shafer
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ladislav Lhotka
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andy Bierman
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Juergen Schoenwaelder
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ladislav Lhotka
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ladislav Lhotka
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andy Bierman
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andrew Stone
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andy Bierman
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] We NEED RESPONSES: WG Last Call end… Andrew Stone