IETF Logo Mail Archive

Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-20.txt

Xufeng Liu <Xufeng_Liu@jabil.com> Tue, 06 March 2018 19:55 UTC

Return-Path: <Xufeng_Liu@jabil.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932EC12D882 for <netconf@ietfa.amsl.com>; Tue, 6 Mar 2018 11:55:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jabil.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfFpFJQ1q4Zr for <netconf@ietfa.amsl.com>; Tue, 6 Mar 2018 11:55:54 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on072b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273A5126BF3 for <netconf@ietf.org>; Tue, 6 Mar 2018 11:55:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jabil.onmicrosoft.com; s=selector1-jabil-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZRE4rZM4yIfRmzmZgyWtLuOpggp0IdnFcctz3y6W+0c=; b=WMY2uroDjsXsDaLTLoL1+yBn7evweH3eKPAaOb4Uow6ImvlMfOqVwZS3A91RbBYb5yp+OAnufVCcyrAFR0jfAPBbL8Y/tjAB7DH31QLqAeJEbyQ6cFafuZyBxeiL9BiAcMTImcJ/w3PeUAytLemOfsyyy1c+dCSitX+iX4dZChU=
Received: from BN3PR0201MB0867.namprd02.prod.outlook.com (10.160.154.13) by BN3PR0201MB1059.namprd02.prod.outlook.com (10.161.209.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Tue, 6 Mar 2018 19:55:50 +0000
Received: from BN3PR0201MB0867.namprd02.prod.outlook.com ([fe80::99f9:82ca:f5f2:2f8b]) by BN3PR0201MB0867.namprd02.prod.outlook.com ([fe80::99f9:82ca:f5f2:2f8b%13]) with mapi id 15.20.0548.016; Tue, 6 Mar 2018 19:55:50 +0000
From: Xufeng Liu <Xufeng_Liu@jabil.com>
To: Kent Watsen <kwatsen@juniper.net>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-20.txt
Thread-Index: AQFqYzHb5WJ4KNYtHVToijxRnlhvFgGrARMGpIjrR9A=
Date: Tue, 06 Mar 2018 19:55:50 +0000
Message-ID: <BN3PR0201MB0867B083D8B7181D56201235F1D90@BN3PR0201MB0867.namprd02.prod.outlook.com>
References: <151979802020.5151.7317601888119593836@ietfa.amsl.com> <365BF574-16ED-4D35-9322-8BC0AEDD8228@juniper.net>
In-Reply-To: <365BF574-16ED-4D35-9322-8BC0AEDD8228@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNceGxpdVxhcHBkYXRhXHJvYW1pbmdcMDlkODQ5YjYtMzJkMy00YTQwLTg1ZWUtNmI4NGJhMjllMzViXG1zZ3NcbXNnLTJhMDA1N2Q3LTIxNzgtMTFlOC05YzRhLTE4NWUwZmUzYzQ1Y1xhbWUtdGVzdFwyYTAwNTdkOS0yMTc4LTExZTgtOWM0YS0xODVlMGZlM2M0NWNib2R5LnR4dCIgc3o9IjU4ODciIHQ9IjEzMTY0ODM5NjYyOTU3MDI3NiIgaD0iWlkrWGVKWDlBdzFCUkpyUS9mSFh0bXhaYXJvPSIgaWQ9IiIgYmw9IjAiIGJvPSIxIi8+PC9tZXRhPg==
x-originating-ip: [98.191.72.170]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0201MB1059; 7:1uNSckoVM3LbipmNZMdne12pf/hxCvrOqPiF94Seg6X0nHHoCJVBiqQNkrSAhZhYERey1eOKAk4dRnWG/20h9oLLbSHd2meBf67CX9A2QlgqiIzmhZIOpI7U8Nq9rBXlhgg5uTLMGOGXREUx8xGEJ7usRYZdbvof6Fty19Y3MY1kvpFankyk4ePVrx0CZPxaNnOvUs1Utl4GE9HoW5AbxcNuTUBj8hqURB/4CAGY5Mophp8lO3OpEa5LAJSBtH9d; 20:ugY79NfcXMYH13pPyDiEtYd7+Ds0TKKAFkI0SEnpq/zXv3pjLqJrCa4Hiqrvm4XB8SapM2KoO7qVIXJeXI4U0M/X19/0C/E8kZIcbMl0tsdDPtwKwu0iye/Bic8jCYJ1s4LIyH3fP6uT0ahRoqPJgYJw2K6iUAmsyELPrP69Jqs=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a18ad8d8-92b4-425f-d4e9-08d5839c42f4
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN3PR0201MB1059;
x-ms-traffictypediagnostic: BN3PR0201MB1059:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Xufeng_Liu@jabil.com;
x-microsoft-antispam-prvs: <BN3PR0201MB1059562981FA9EAD2A164840F1D90@BN3PR0201MB1059.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(3002001)(6055026)(6041288)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:BN3PR0201MB1059; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0201MB1059;
x-forefront-prvs: 06036BD506
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39380400002)(39860400002)(366004)(346002)(396003)(51444003)(54534003)(13464003)(189003)(199004)(377424004)(478694002)(6246003)(9686003)(8666007)(6306002)(5660300001)(25786009)(3280700002)(2501003)(5250100002)(14454004)(99286004)(2906002)(53936002)(97736004)(68736007)(229853002)(316002)(6116002)(72206003)(3846002)(7696005)(80792005)(8936002)(478600001)(8676002)(81156014)(55016002)(110136005)(966005)(2900100001)(26005)(106356001)(74316002)(81166006)(7736002)(1941001)(6436002)(305945005)(76176011)(105586002)(3660700001)(59450400001)(66066001)(575784001)(102836004)(53546011)(6506007)(186003)(86362001)(33656002)(2950100002)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0201MB1059; H:BN3PR0201MB0867.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: jabil.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 6tIDEoxTtwjZwunGWLCEN1UEQU0wDfMCOzd2WqxA7uobOjVepDRRPCUlrf4vTGhevoYCUknWSRIgDu2EfhgqMS5VfAoJmeVt4oQ412Xp5aKwVcqsmF5CzTEktCZkgcIdDTa+63wVO93BwRi+WnW5U4ws2eNymgAPfa3mqyQ/XMh3lPSFnSZEc2QG3ew1Id2rhQIz77YalaKXZOlE0BB2ms2goOYw/umIwz3oM3JBCYqGQd75W4vtsex8Xgq0elpdx7E6PGnD3KGOS4wswCRQ+wPD2JmnXpGRYFiyk/yesyvPEKZe0JxM+SPqHZrkEuU5QXqL+ETH9GN+v2QaUB+TJA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jabil.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a18ad8d8-92b4-425f-d4e9-08d5839c42f4
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2018 19:55:50.2240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bc876b21-f134-4c12-a265-8ed26b7f0f3b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0201MB1059
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/SBIeGpio6m7E4c0W1rBu9Y8ftyM>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-20.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 19:56:04 -0000

Support for publication. The authors have resolve the comments raised recently..

Thanks,
- Xufeng

> -----Original Message-----
> From: Netconf [mailto:netconf-bounces@ietf.org] On Behalf Of Kent Watsen
> Sent: Wednesday, February 28, 2018 4:21 PM
> To: netconf@ietf.org
> Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-20.txt
> 
> 
> This update addresses all the LC comments, as well as items discussed after the
> Last Call.  The diff looks large and, in some places, difficult to read (mostly due
> to rendering issues).  Please see the change log for a complete list of changes.
> 
> I believe that the draft is now ready to published.
> 
> That said, I wanted to throw out one thing to the WG, to see if anyone thinks it's
> worth pursuing. The issue is as follows:
> 
> 1) The draft defines three CMS-based artifacts that each resist tampering
> through the use of a signatures, but none of which protect privacy through the
> use of encryption.
> 
> 2) The information contained within these artifacts may be considered sensitive
> in some environments, especially when placing signed onboarding-information
> on a removable storage device.
> 
> 3) It would be relatively easy for us to extend the draft to also support
> encryption as (a) CMS already supports encryption (i.e., the result is still a CMS
> structure) and (b) the draft can easily explain that the encryption uses the public
> key from the client certificate's certificate (e.g., the IDevID cert).
> 
> If we don't do it now, how hard would it be to add later?  I think that the text at
> the very end of Section 3.1 would make it a tricky add.  This text is currently very
> specific about the top-most content-type being the OID id-signedData, whereas
> in this case we'd want it to be the OID id-encryptedData.
> 
> Any thoughts on this?  If nothing else, add a Security Consideration noting the
> possibility for unwanted disclosure of information?
> 
> Thanks,
> Kent // author
> 
> 
> =====
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Configuration WG of the IETF.
> 
>         Title           : Zero Touch Provisioning for Networking Devices
>         Authors         : Kent Watsen
>                           Mikael Abrahamsson
>                           Ian Farrer
> 	Filename        : draft-ietf-netconf-zerotouch-20.txt
> 	Pages           : 80
> 	Date            : 2018-02-27
> 
> Abstract:
>    This draft presents a technique to securely provision a networking
>    device when it is booting in a factory-default state.  Variations in
>    the solution enables it to be used on both public and private
>    networks.  The provisioning steps are able to update the boot image,
>    commit an initial configuration, and execute arbitrary scripts to
>    address auxiliary needs.  The updated device is subsequently able to
>    establish secure connections with other systems.  For instance, a
>    device may establish NETCONF [RFC6241] and/or RESTCONF [RFC8040]
>    connections with deployment-specific network management systems.
> 
> 
> The IETF datatracker status page for this draft is:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__datatracker.ietf.org_doc_draft-2Dietf-2Dnetconf-
> 2Dzerotouch_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=YtaCDlahlDcdzpcJMJWW
> wCq4U1C86VTnBPuAng3iiAQ&e=
> 
> There are also htmlized versions available at:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__tools.ietf.org_html_draft-2Dietf-2Dnetconf-2Dzerotouch-
> 2D20&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=w2t3Leq_NTZ-gqhq-
> 73T5UIOtVPDlGp3uIjSvDJ6GFw&e=
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dnetconf-2Dzerotouch-
> 2D20&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=LLo_vD0rJGdGqk1TczIHt
> WLc4HcaTrL4cSMzd2bDxsM&e=
> 
> A diff from the previous version is available at:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-
> 3Furl2-3Ddraft-2Dietf-2Dnetconf-2Dzerotouch-
> 2D20&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=ut59EsQnGVgPg4P5693ly
> k76burJw9gYK678Emllg1c&e=
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-
> 2Ddrafts_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=lvqR8pmK1dsncN89PZymi
> yiQ5fiGZ3VU-DLM46y-tz4&e=
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__www.ietf.org_mailman_listinfo_netconf&d=DwICAg&c=HAkYuh63rsuhr6Sc
> bfh0UjBXeMK-
> ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=wl
> 9ec4YJanRPyQNR2VOtG8P2uc3lCco8GMEZjCwV1fI&s=J-
> whUo3CptmTuqi4KtpPbfEWzqpHu2jAzQqJRc41vBg&e=
> 
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email