Re: [netconf] Opsdir last call review of draft-ietf-netconf-ssh-client-server-36
Qin Wu <bill.wu@huawei.com> Tue, 06 February 2024 00:59 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A73A2C1519B0; Mon, 5 Feb 2024 16:59:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bU1lLccpoalY; Mon, 5 Feb 2024 16:58:56 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B830FC1519AE; Mon, 5 Feb 2024 16:58:55 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.31]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4TTPtg49Sbz67JVD; Tue, 6 Feb 2024 08:55:39 +0800 (CST)
Received: from lhrpeml500001.china.huawei.com (unknown [7.191.163.213]) by mail.maildlp.com (Postfix) with ESMTPS id ECA341400D9; Tue, 6 Feb 2024 08:58:53 +0800 (CST)
Received: from canpemm500006.china.huawei.com (7.192.105.130) by lhrpeml500001.china.huawei.com (7.191.163.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 6 Feb 2024 00:58:53 +0000
Received: from canpemm500005.china.huawei.com (7.192.104.229) by canpemm500006.china.huawei.com (7.192.105.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 6 Feb 2024 08:58:51 +0800
Received: from canpemm500005.china.huawei.com ([7.192.104.229]) by canpemm500005.china.huawei.com ([7.192.104.229]) with mapi id 15.01.2507.035; Tue, 6 Feb 2024 08:58:51 +0800
From: Qin Wu <bill.wu@huawei.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-netconf-ssh-client-server.all@ietf.org" <draft-ietf-netconf-ssh-client-server.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Opsdir last call review of draft-ietf-netconf-ssh-client-server-36
Thread-Index: AdpYl0koz5ejIrw4sESMMSwMaGk/9g==
Date: Tue, 06 Feb 2024 00:58:51 +0000
Message-ID: <cc870059e2e74c52950933a3d77d6cd4@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.118.68]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/YIB-cT9mDJj_zHArXdQeCwEcqE4>
Subject: Re: [netconf] Opsdir last call review of draft-ietf-netconf-ssh-client-server-36
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 00:59:00 -0000
Kent: Thank for addressing all my comments, thank for clarification for the python code. I just feel your python code in the appendix make IANA manager's life easier,:-) -Qin -----邮件原件----- 发件人: Kent Watsen [mailto:kent+ietf@watsen.net] 发送时间: 2024年2月6日 7:15 收件人: Qin Wu <bill.wu@huawei.com> 抄送: ops-dir@ietf.org; draft-ietf-netconf-ssh-client-server.all@ietf.org; last-call@ietf.org; netconf@ietf.org 主题: Re: [netconf] Opsdir last call review of draft-ietf-netconf-ssh-client-server-36 Hi Qin, Thank you for the OpsDir review. Please find responses below. FWIW, many of your comments (and my responses) apply to the tls-client-server draft as well. Kent > On Feb 5, 2024, at 7:51 AM, Qin Wu via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Qin Wu > Review result: Ready > > I have reviewed this document as part of the Operational directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written with the intent of improving the > operational aspects of the IETF drafts. Comments that are not > addressed in last call may be included in AD reviews during the IESG > review. Document editors and WG chairs should treat these comments just like any other last call comments. > > This document defines 7 YANG modules for Communication between SSH > Client and SSH Server. In these 7 YANG modules, there are three "IETF" > modules and four "IANA" modules. This document is well written and I > believe it is ready for publication. However I have a few comments on > the latest version v-36: Major > issues: None > > Minor issues > 1. The abstract is not consistent with Introduction section, in the > abstract, only 3 YANG modules are described but in section 1 or > introduction section, 7 YANG modules are explored. Suggest to change abstract to align with section 1. Quite right. Below is the updated abstract. I made a similar update to the TLS draft. This document defines seven YANG 1.1 modules. Three "IETF" modules, and four supporting "IANA" modules. The three IETF modules are: ietf-ssh-common, ietf-ssh-client, and ietf-ssh-server. The "ietf-ssh-client" and "ietf-ssh-server" modules are the primary productions of this work, enabling the configuration and monitoring of SSH clients and servers. The four IANA modules are: iana-ssh-encryption-algs, iana-ssh-key- exchange-algs, iana-ssh-mac-algs, and iana-ssh-public-key-algs. These modules each define YANG identities for an IANA-maintained algorithm registry. > 2. The title of each subsection of section 5.1 doesn’t reflect what is > documented within it, I think each subsection focuses on security > consideration, suggest the following change to each subsection of > section 5.1 s/ Template for the ……/ Consideration for the …… I was just thinking exactly the same. The “Template for” prefix was suggested in one of the IESG-reviews but, in context, “Considerations for" makes more sense. Fixed in all nine drafts. > 3. Appendix A.1 said: “ This > section provides an overview of the "iana-ssh-encryption-algs" module > in terms of its identities and protocol-accessible nodes. > > ” > It is clear that iana-ssh-encryption-algs" module doesn’t define Any > protocol-accessible nodes such as container node, list node, leaf > node, etc. It only defines identities and typedefs.Suggest the > following change as > follows: NEW TEXT: “This section provides an overview of the > "iana-ssh-encryption-algs" module in terms of its identities and typedefs. ” Fixed in both the SSH and TLS drafts. > 4. > Appendix A.2 said: “ This section provides an overview of the > "iana-ssh-mac-algs" module > in terms of its identities and protocol-accessible nodes. > “ > It is clear that "iana-ssh-mac-algs " module doesn’t define Any > protocol-accessible nodes such as container node, list node, leaf > node, etc. It only defines identities and typedefs. Suggest the > following change as > follows: NEW TEXT: “This section provides an overview of the " > iana-ssh-mac-algs" module in terms of its identities and typedefs. ” Fixed (per above comment) > 5. > Appendix A.3 said: “ > This section provides an overview of the "iana-ssh-public-key-algs" > module in terms of its identities and protocol-accessible nodes. > “ > It is clear that " iana-ssh-public-key-algs " module doesn’t define > Any protocol-accessible nodes such as container node, list node, leaf > node, etc. It only defines identities and typedefs. Suggest the > following change as > follows: NEW TEXT: “This section provides an overview of the " > iana-ssh-public-key-algs " module in terms of its identities and typedefs. Fixed (per above comment) > 6. Appendix A.4 said: > “ > This section provides an overview of the "iana-ssh-key-exchange-algs" > module in terms of its identities and protocol-accessible nodes. > ” > It is clear that " iana-ssh-key-exchange-algs " module doesn’t define > Any protocol-accessible nodes such as container node, list node, leaf > node, etc. It only defines identities and typedefs. Suggest the > following change as > follows: NEW TEXT: “This section provides an overview of the " > iana-ssh-key-exchange-algs " module in terms of its identities and typedefs. Fixed (per above comment) > 7. Section 6 IANA Section > Section 6.3,Section 6.4, Section 6.5, Section 6.6 describe IANA > maintained module, but doesn’t follows Guidance for Writing the IANA > Considerations for RFCs Defining IANA-Maintained Modules defined in > RFC8047bis. So the question is for IANA maintained Module, if such > module shadows algorithm name sub-registry of SSH protocol parameters > registry, should IANA section follow guidance for Defining IANA > Maintained Modules defined in RFC8047bis, My understanding is yes. Similar example can be found in the section 3 of RFC7224. Yes, they should follow rfc8047bis template. I just updated the four instances in this document and the one instance in the TLS document. > 8. Appendix A > It looks the gen-identities python code is specific to SSH related > encryption algorithm, I am wondering whether there is more generic > code for get identity or get enum to automatically help IANA generate > IANA maintained modules every time the new value is added? If the > answer is, I think such code can be integrated into RFC8407bis as well. The problem with that is that each IANA registry is different: - column names - column ordering - how deprecate/obsolete are expressed, if at all - how reserved/unassigned entries are expressed - etc. The `gen-identities.py` script included in the SSH and TLS drafts are 85% overlap, but vary in important ways. > 9. There are 31 errors spot by the current YANG validation tool. It > looks line wrapping per RFC 8792 is root cause for such errors. I am > wondering whether YANG validation tool in the datatracker should be > upgraded to ignore line folding per RFC8792 or provide YANG validation > check after removing line wrapping from YANG module code. Fixed. It was easy once I found the “textwrap” Python library. PS: I could publish these update now, but I think that I’ll wait until getting (hopefully) closure on the first three drafts going thru IESG review... Kent
- [netconf] Opsdir last call review of draft-ietf-n… Qin Wu via Datatracker
- Re: [netconf] Opsdir last call review of draft-ie… Kent Watsen
- Re: [netconf] Opsdir last call review of draft-ie… Qin Wu
- Re: [netconf] [Last-Call] Opsdir last call review… Kent Watsen