IETF Logo Mail Archive

[Netconf] draft-ietf-netconf-rfc6536bis Query

Rohit R Ranade <rohitrranade@huawei.com> Thu, 01 February 2018 11:35 UTC

Return-Path: <rohitrranade@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1552612EC85 for <netconf@ietfa.amsl.com>; Thu, 1 Feb 2018 03:35:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.23
X-Spam-Level:
X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tUBPCLEUEKjI for <netconf@ietfa.amsl.com>; Thu, 1 Feb 2018 03:35:29 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E29112D7E8 for <netconf@ietf.org>; Thu, 1 Feb 2018 03:35:26 -0800 (PST)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 2E23A93DB78D6 for <netconf@ietf.org>; Thu, 1 Feb 2018 11:35:23 +0000 (GMT)
Received: from DGGEMA423-HUB.china.huawei.com (10.1.198.156) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 1 Feb 2018 11:35:23 +0000
Received: from DGGEMA502-MBX.china.huawei.com ([169.254.2.25]) by dggema423-hub.china.huawei.com ([10.1.198.156]) with mapi id 14.03.0361.001; Thu, 1 Feb 2018 19:35:11 +0800
From: Rohit R Ranade <rohitrranade@huawei.com>
To: Netconf <netconf@ietf.org>
Thread-Topic: [Netconf] draft-ietf-netconf-rfc6536bis Query
Thread-Index: AdObT5T3Jff3sOmISyuNQj5mNpAqsw==
Date: Thu, 01 Feb 2018 11:35:11 +0000
Message-ID: <991B70D8B4112A4699D5C00DDBBF878A6B191EFD@DGGEMA502-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.18.150.121]
Content-Type: multipart/alternative; boundary="_000_991B70D8B4112A4699D5C00DDBBF878A6B191EFDDGGEMA502MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/T7xAabrQgWQctIW5P68K-2LbALE>
Subject: [Netconf] draft-ietf-netconf-rfc6536bis Query
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 11:35:46 -0000

Hi All,

Q1:
In the notification authorization Section 3.4.6 there is mention that REPLAY notifications should be allowed by default.
But there is no mention of how to handle <create-subscription> operation authorization which can trigger these Replay notifications ? Since there is no module defined for it, there is no way to add a rule for permitting or denying it.


1.       How do the current NACM implementations handle it ? Allow <create-subscription> if exec-default is PERMIT ? or always allow <create-subscription> ?

Q2: If there is an error of access-denied for edit-config operation, does the RFC restrict from outputting the <error-path> of the data-store node for such operations ?
Section 3.2.5 has "   The contents of specific restricted datastore nodes MUST NOT be

   exposed in any <rpc-error> elements within the reply." , what is the meaning of 'content' here ? the schema-name of the leaf / key-values of data-store-nodes ?

Since the user has inputted the keys for the data-store nodes is there any security risk in giving back the values to the user ?

With Regards,
Rohit R

v2.23.0 | Report a Bug | By Email