Re: [netconf] AD review of draft-ietf-netconf-sztp-csr

"Rob Wilton (rwilton)" <rwilton@cisco.com> Tue, 06 July 2021 15:02 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BED03A2B44; Tue, 6 Jul 2021 08:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.595
X-Spam-Level:
X-Spam-Status: No, score=-9.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bSvL9mEC; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=TJQbYhI9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o4Iv4N46gTpZ; Tue, 6 Jul 2021 08:02:06 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 653D43A2AED; Tue, 6 Jul 2021 08:01:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=69228; q=dns/txt; s=iport; t=1625583714; x=1626793314; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=i1B96BVU5pkiTGmdmMJpVwk8CgP0cJqHG/VEwVSRHVE=; b=bSvL9mEC2oZBOWhAJlWKPnd2busqJ+MBEAr8rHV7K+VEYZMAACUrUPQF iTBVCrt7AIaaRZsQHSiH11KC9mF2nDO2+cxLE8eiIAhYO0uvRXP4jv/bB sBYhk4JSUFl7lYTVcljes1atHJ1FkHrLGYUmsnXatpY09nmwtEwl3H86C E=;
X-IPAS-Result: =?us-ascii?q?A0AnAgAlb+Rgl5JdJa1aHgEBCxIMgg4LgSMwKSh+Wjcxh?= =?us-ascii?q?EiDSAOFOYhUA4EQjlSKQ4EugSUDTwULAQEBDQEBKgEMCgQBAYQPRAIXglwCJ?= =?us-ascii?q?TQJDgIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFaA2GRQEBA?= =?us-ascii?q?QQBARARChMBASkDCwEPAgEGAhEEAQEhAQYDAgICJQsUCQgBAQQBDQUIGoJPA?= =?us-ascii?q?YF+VwMvAQ6LKo80AYE6AoofeoEygQGCBwEBBgQEgUlBgwUYgjIDBoE6gnuED?= =?us-ascii?q?AEBgmeDeiccgUlEgRVDgWFKNz6CYgEBAgGBJx4aKwmCYTaCLoI0CCoxBhcbD?= =?us-ascii?q?CYEFC8IBgEBWyAFGAcVERUoAQIDAQoqCwYakScLESGDD4gng2WJSpB7gRYKg?= =?us-ascii?q?yGKJY0khnYSg2JBiwWXA5V4jCuTWQMKAoFbgwkCBAIEBQIOAQEGgic5gVtwF?= =?us-ascii?q?TuCaVAZDo4fDA0JgQIBAQeCQ4UUhUpzAgE1AgYBCQEBAwmKHgEB?=
IronPort-PHdr: A9a23:djUj8R+WhCHZE/9uWD3oyV9kXcBvk6r9IhUY7Nwhhq4dOqig/pG3O kvZ6L0tiVLSRozU5rpCjPaeqKHvX2EMoPPj+HAPeZBBTVkJ3MMRmQFzH8eZEkD9avjnc39yE MFLTlQw+Xa9PABcE9r/YFuHpHq04HYSFxzzOBAzKP7yH9vZjt+80Ka5/JiACzg=
IronPort-HdrOrdr: A9a23:ODatLak8znDzrc5AGiTlUikDe1HpDfOsimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7Sda9qXO1z+8T3WBjB8bdYOCGghrnEGgG1+vfKlLbalbDH4JmpM Jdmu1FeaHN5DtB/IfHCWuDYqwdKbC8mcjC74qzvhQdLz2CKZsQkjuRYTzrdHGeMTM2fabRY6 Dsn/avyQDQHUg/X4CePD0oTuLDr9rEmNbNehgdHSMq7wGIkHeB9KP6OwLw5GZfbxp/hZMZtU TVmQ3w4auu99uhzAXH6mPV55NK3PP819p4AtCWgMR9EESutu/oXvUiZ1SxhkFwnAid0idsrD AKmWZnAy1H0QKVQohym2q15+Cv6kd315ao8y7ovZKqm72IeNt9MbsbuWqcGSGptnbJe7pHof h2NiuixulqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MYiFW5uYd899RjBmcsa+S hVfbbhzecTdUnfY2HSv2FpztDpVnMvHg2eSkxHvsCOyTBZkH1w0kNdnaUk7zs93YN4T4MB6/ XPM6xumr0LRsgKbbhlDONERcesEGTCTR/FLWrXK1X6E6MMPW7LtvfMkfgIDSGRCdU1Jb4J6d v8uX9jxBsPknPVeLuzNcdwg2LwqU2GLEDQ9v0=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,328,1616457600"; d="scan'208,217";a="744797684"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Jul 2021 15:01:53 +0000
Received: from mail.cisco.com (xbe-aln-003.cisco.com [173.36.7.18]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 166F1qN7013139 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 6 Jul 2021 15:01:52 GMT
Received: from xfe-aln-002.cisco.com (173.37.135.122) by xbe-aln-003.cisco.com (173.36.7.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 6 Jul 2021 10:01:52 -0500
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 6 Jul 2021 10:01:52 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Tue, 6 Jul 2021 10:01:52 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I4mpGrFE/uqzde6Tr78OiGk/YtEoTsZQDPVQ3Edpo8R5ZvZc0em3WtQBG2NaUnhOwgOlF+tw4P0PEqa+7/7mWaMyM4ajK5yGD2wwN0u9AkAgfi2LWkuu4yDXpqRi3kwBVFfqi0f+1kIHu9C8DHtp5hKRZWoUJ5PwGUnFyjO9x5aJvKbv30pdk56Sriv30vfi8vEZVfcqsXm3qy+3kYUccSSJ6PNESYd2s8gf1w7Qgbo5l3DxoB6bk6KS3yo7wHFdki1ujed0P6R+1kVfHrLjXmUldpDuk3QvDUqShE+X5nU/Fz/D8z1BsInPLRKqWiqPF7eiM8TFps81cfWt3nzD/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i1B96BVU5pkiTGmdmMJpVwk8CgP0cJqHG/VEwVSRHVE=; b=aR5ED6Xem9OY0jK7iklRhqVdczkJ6F+XraC4vNmp3KBZMMcpuQDu6sdDdyr2BpnpL24etaXQLhHD2ZuVSe/JdHLFTdiEQ0FHQJdm5k7/LNIPXfJbKQCNHX5Hj6w2O4pN8UF7ynAWuKqYvyYizSSMLhW710JPMfwIjZCbUO6ntHx27ojzedIoIvlozObmvVOOsXaiA3lwExBGz0eBvHhQ1/s5sgJtjPN+wBhTMHZl1zHYRtQv7u34d4xAyZDJSlZ6gGrYit3pq7aMlzukYaDLVkK4YJaOndVlgc2OeDaKPSNVSMlx3yUGPZr1KztYrQcMigKeHx2KfE9WFvKB3aoQyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i1B96BVU5pkiTGmdmMJpVwk8CgP0cJqHG/VEwVSRHVE=; b=TJQbYhI9+5kJeB/nnUa/ePu3AKgnWYOu8qbeyRdJeisI8UdDb/cVlM9yCL23x5akPeIcZr7rNj0+/W9HxpgO5MFNbmm2O/PQmYGqs6aEcDAyZ/dRgNcVWnZFVzlWm7n3pAQC5xAcK0DSE2l9DBWjCy3gTyp/qBt9JzzTCqE0RH0=
Received: from DM4PR11MB5438.namprd11.prod.outlook.com (2603:10b6:5:399::21) by DM5PR1101MB2172.namprd11.prod.outlook.com (2603:10b6:4:50::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19; Tue, 6 Jul 2021 15:01:50 +0000
Received: from DM4PR11MB5438.namprd11.prod.outlook.com ([fe80::a85a:cb8b:2d73:5e12]) by DM4PR11MB5438.namprd11.prod.outlook.com ([fe80::a85a:cb8b:2d73:5e12%5]) with mapi id 15.20.4287.033; Tue, 6 Jul 2021 15:01:50 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Kent Watsen <kent+ietf@watsen.net>, Qin Wu <bill.wu@huawei.com>, "Charles Eckel (eckelcu)" <eckelcu=40cisco.com@dmarc.ietf.org>
CC: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-sztp-csr@ietf.org" <draft-ietf-netconf-sztp-csr@ietf.org>
Thread-Topic: [netconf] AD review of draft-ietf-netconf-sztp-csr
Thread-Index: Addu5AFNiNMInIAwQECG9i1E+R6tMQAX418AAMixnwA=
Date: Tue, 6 Jul 2021 15:01:50 +0000
Message-ID: <DM4PR11MB5438034DFB9BBCC8963445C2B51B9@DM4PR11MB5438.namprd11.prod.outlook.com>
References: <c318ff6892614640b89a0eb775e9bf42@huawei.com> <0100017a67571569-f34e8df5-f018-4f08-ba46-5bd919b6d127-000000@email.amazonses.com>
In-Reply-To: <0100017a67571569-f34e8df5-f018-4f08-ba46-5bd919b6d127-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: watsen.net; dkim=none (message not signed) header.d=none;watsen.net; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 10142087-dfbc-4455-c921-08d9408efbc5
x-ms-traffictypediagnostic: DM5PR1101MB2172:
x-microsoft-antispam-prvs: <DM5PR1101MB217222EA13D10D808B72471FB51B9@DM5PR1101MB2172.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u5VeM80O9fluhWDKyMVxCAjIMnsnMEBxX1cZG96hBw+a6o5oJCP+aPfYxlZRZG+5AO8yb/G7oqFkKWeSdLaaW8IHd9JNl40gDd0syBEFEUkjRTuisYkK3ahalFb6j3GZpxHUDVAR7tcPWKb4n7XFYv/CidJg2xVC0V1yzlXXU6I3pnZJMAJShfkHnPuJHwr4EWvZi74oGbLC9KsByhGuF3oK4y22ww+labLQk9fGFG6bEqLaUlhR7XX9BwIi5WJIjsJuFt83/Dsko6NnQsjWY/+F1e3VJRksT46lqCbHS/O4jUMURClIQyjs05k/UYUX4cH5iCtpMwP0Vqf9RuzK+RX9nEbv812WNCgnX1ABCrRAnHZb/3gPFsj2n1am70+2c4mgFYGzUyKgCjGg3wIgqvIqDk5HA4VgoX1JabwpE13EwoUrQGD0vEAc6anFxWhRCLWu3Ih+WV/oxdDQ3HqNXVQw10P0Geg/Mlaqc+80bwH5bfft6lPMtb12AUYNFq85EryMJJ2GKBfYcv84TYeGP3D5iJWtGzQ+rahBpJgNM94BJvpdLmN/4csdwD7Ghe+0JUtJjcQnhZnw8GBfQ/zs2BQgMCN4sa6HNdoVbXlJEZi8WJTOV6k2BGcL2PfdJthmOdQoRtp+IJHraAsqB3AixfRhWFMnG4kQI+fL3P0m2U1YSmfU08kgSHbiOCBMOCUqorqe7mwCAQLQCNuH1tZaF3dwYX5yVLWXuM+WxKezphcuKK/yPtxzh9HJ7tkzm5lh4Et2SQSRFlSzHdb+W4HFWw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR11MB5438.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(396003)(136003)(366004)(39860400002)(376002)(33656002)(54906003)(53546011)(6506007)(66446008)(86362001)(55016002)(66946007)(76116006)(9326002)(5660300002)(966005)(64756008)(66556008)(2906002)(110136005)(4326008)(66476007)(9686003)(316002)(52536014)(8936002)(83380400001)(166002)(7696005)(186003)(26005)(478600001)(71200400001)(38100700002)(122000001)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?NUlkNEFocm1JUmhwK2FCcVJsTFk4dTcyeFA3eVlHMElDclJOV1VndDZ1N3Rl?= =?utf-8?B?VWdUQUpNYmFaZlNLVms3NllFR1REZWoyalF2SUR0VHFCR2tTcDNBNjhJcEVk?= =?utf-8?B?T1hSZDRqWEZkZ0ZjZERTZzNJZTZZM2FPUXRLMlB0VGZWUUN1bW9ueG9qY0VK?= =?utf-8?B?ZTFlTzR3WDdzdVNJVHZ6VzkzOGM4TzZaa3VadVVNWExndXhuLzNmVnJMV1Vp?= =?utf-8?B?Sk42UE9hR1d2eHhqaFd3dmpGcWVsSWRPMWxKSUdtc2FxbEpxY0hjdkRmRXRY?= =?utf-8?B?dDVmRjFzMTBTb1lRUjJDSUViK2U3dk5CTkhqWXlxZWlsdkpvVjNiMXZRVWpH?= =?utf-8?B?bUw2S3VrYnBsSGpUakVOOTdES3dZa1FFYU1ld0EyNWlkL2l1MDlIbmtiMmFh?= =?utf-8?B?Yk9iaU9SU2EzVXU2cDJaS3YxazRKOXZiVlFsRWR1TVBqdno2QTBxZmwwWko3?= =?utf-8?B?ZTVKd29PTndjN1U5S1k2OC8vR2dzVEM2VWhvN1BpMGRTcnVsMVRQZHpWNEQr?= =?utf-8?B?b2ZtR3c2ZjFhSUpkcFZjVjVUZTRwcVd2aDFMSy8rU0dEMkduNnZsVG1XZmJ3?= =?utf-8?B?b3hVNVNGMW5oREZXbVE1VkQzWklndkw3LzZRVmhaRDBBRGl0dFlHZ3pFMHN3?= =?utf-8?B?RTJqTlMxVktyNlp6UU9qOWJsWVhPdnRhVTFzM0MraUR1WE5tN3ZBa0RabVI4?= =?utf-8?B?QzMzSzBBdVVRZUpzSTVlNDVpMlE5Q294d0VaN1c2TTloRXRVZ0RFNnVmTW5s?= =?utf-8?B?emhGVjhwQXhINlRIT0k2Njd5MTVBNnFpRWJoNW9LM0lYOHg3eDk3N2VPakNz?= =?utf-8?B?RmtSVkx1cStJaE4zVjlnNEZDQk1PNmVLWmh4NUlyMHZqandST1I0NFg2UjJQ?= =?utf-8?B?d0RSSVJRNEZEdzg2Wm8vRGlRVDB1eWxPaThJeE9aWS95QVVrbTB3dGNZR21S?= =?utf-8?B?ZkNwS2V0d0JWbExhaFJURkFGeThiNDRFbTFaeDBtR2kzM2pMY3p0WXE2RnRO?= =?utf-8?B?UEd5R1ZQT2M1aFZoemQ5K2tIMXFUTnpUZFYxTTZpVSs3SEJsaW1VSjhvaDBi?= =?utf-8?B?bTFJR1JVUjg1S0NZd0VSbmpCck1lWklEL2RYemhtbkp1RE42c0JGQnFiK3Y5?= =?utf-8?B?OWQrcEtzU2g2WnZENG43YnhFZkxxMStUcUM2N09XMExlU1JRVGF4ZzNld3du?= =?utf-8?B?am9RMGpIb3ZTSzlYdE4zYml5TlFZMjd2VFRkN1hIYXQzMElQdEVPSjdyT25k?= =?utf-8?B?Zk9VaGw4RVdpeWRNMWNRZlFjakhhaHJLZnFOeTNWdUFLMHVoanRLRGh5OWhB?= =?utf-8?B?WnFsZURnVW5qS3pEc01tNTdzb2paNG9qdTNaRzhjWTJheEdQY0ZkQ3JMMVRM?= =?utf-8?B?UUdxOHlDOXhVaUo5UEd3b2tVWWJFQmxKRkViVjRZeUNGYm14c1hHUFowcGpa?= =?utf-8?B?N0VGeUZIODVTRytCUEtrekhLczlJbitSd1NCdlUvMzR6SWRoVU5LR2Njb3RQ?= =?utf-8?B?QmErYkovdC8yR3ZUcllEMU1rWTZzZDRraUhLS0ZuMHBKTWRwMDY0U3dyNDhI?= =?utf-8?B?Y2ZIZjZVMWVmczAvSFRhNGlMTlZ2WndHSjVTaUJzMmM2Q1A5cjFOU3dtZ3dm?= =?utf-8?B?RmlMQUxkMHJDcDV4OUNGZ3JpUlNmYkgwbnJJejRQcTcvYUljQ2t0ck5Mc1Zt?= =?utf-8?B?OUlURk90cGgxVkg1SlVsTEtWd3JrbFg3Z0NXSnRkNGdSZzl3cW05eVRKWEN5?= =?utf-8?Q?wVd/snjyiQNPMAu3785v6yZVRn7UoVjxeSYKV5i?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM4PR11MB5438034DFB9BBCC8963445C2B51B9DM4PR11MB5438namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5438.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 10142087-dfbc-4455-c921-08d9408efbc5
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2021 15:01:50.1609 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ntYVEwQNZ6M6/2bqx0EvY+MJCdBlKgBpgaGWuN8qj+BQTa+q7DWWGt9mDcEyJo++t8Z1cMMzwHafDtiwrITbOQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2172
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xbe-aln-003.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/aCw_0AaHDHm_eZi9mXDEhLr_pLA>
Subject: Re: [netconf] AD review of draft-ietf-netconf-sztp-csr
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2021 15:02:21 -0000

Hi Kent,

So, I agree on moving back to “400”.

BTW, one of my colleagues was looking at this draft, and couldn’t immediately understand what it was for.  Hence, would it be helpful to add a sentence or two in the introduction to explain why having a signed LDevID on the device is helpful?

Regards,
Rob


From: Kent Watsen <kent+ietf@watsen.net>
Sent: 02 July 2021 14:10
To: Rob Wilton (rwilton) <rwilton@cisco.com>om>; Qin Wu <bill.wu@huawei.com>om>; Charles Eckel (eckelcu) <eckelcu=40cisco.com@dmarc.ietf.org>
Cc: netconf@ietf.org; draft-ietf-netconf-sztp-csr@ietf.org
Subject: Re: [netconf] AD review of draft-ietf-netconf-sztp-csr

Hi Qin, Charles, and Rob, thank you for your responses!

Rob, special thanks for checking with Francesca.   I did also notice that moving to 300 produced a disconnect with regards to RESTCONF’s “errors" RPC-reply message.  As you say, the draft currently returns error-tag as ""missing-attribute”, which aligns with 400 Bad Request.

Looking at the "409 Conflict / data-missing” combination, I cannot say that it’s better.  FWIW, my understanding is that HTTP status codes ending with “00” (100, 200, 300, etc.) are the generic catch-all value for the class of codes, which have up to the next 99 values.   Thusly, I believe 400 is a more generic value than “409”, which suggests it’s the safest 4XX choice.

I fully agree there is no great choice here.  Specifically, given that the client sent a perfectly valid request, it seems wrong to say that the request was “bad”.   This is why I was thinking to define a custom code.  I understand the push-back but, to Qin’s point, why not?  Surely within the world of HTTP there is a pattern of a server prompting a client to provide more data.  That said, this is not something that I’m interested spending time on, unless Francesca offers immediate support for the proposal...

In sum, unless Francesca says otherwise, I think we should move back to the original "400 Bad Request”.


Kent // contributor






On Jul 1, 2021, at 10:01 PM, Qin Wu <bill.wu@huawei.com<mailto:bill.wu@huawei.com>> wrote:

Hi, Rob and Charles, Kent:
I can understand we should be cautious to introduce new HTTP status code, mapping between error code and HTTP status code seems a right direction.
Such mapping helps refine HTTP status code semantics. Using 300 multi choice response seems confusing, since we didn’t see location head field is added.
I also think status codes such as 421 should be considered.

-Qin
发件人: netconf [mailto:netconf-bounces@ietf.org] 代表 Charles Eckel (eckelcu)
发送时间: 2021年7月2日 0:36
收件人: Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>>
抄送: draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org>
主题: Re: [netconf] AD review of draft-ietf-netconf-sztp-csr

I agree that defining a new status code is likely not a good way to go.
A 4xx response seems better to me than a 3xx response.

Cheers,
Charles




On Jul 1, 2021, at 9:27 AM, Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>> wrote:

Hi Charles, Kent,

Thanks for the suggestion.  The problem with that 401 requires the server to return a WWW-Authenticate header field (as per section 15.5.2, of draft-ietf-httpbis-semantics-16<https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-semantics-16#page-161>)1>).

I’ve also asked Francesca (ART AD responsible for HTTP) if she has a view.  She has taken a quick look and suggested that defining a new code is probably not the right way to go, but said that she would take a proper look after today’s telechat, but if we want to get other opinions then we could also ask on the httpbis mailing list.

However, I also noticed that RFC 8040 maps from NETCONF error-codes to status-codes, and defines:
+-------------------------+------------------+
| error-tag               | status code      |
+-------------------------+------------------+
| missing-attribute       | 400    (which is what you had originally).

An alternative could be:
| data-missing            | 409              |

Which NETCONF defines as:


   error-tag:      data-missing

   error-type:     application

   error-severity: error

   error-info:     none

   Description:    Request could not be completed because the relevant

                   data model content does not exist.  For example,

                   a "delete" operation was attempted on

                   data that does not exist.

Which would go hand-in-hand with 409:


15.5.10<https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-semantics-16#section-15.5.10>10>.  409 Conflict



   The _409 (Conflict)_ status code indicates that the request could not

   be completed due to a conflict with the current state of the target

   resource.  This code is used in situations where the user might be

   able to resolve the conflict and resubmit the request.  The server

   SHOULD generate content that includes enough information for a user

   to recognize the source of the conflict.



   Conflicts are most likely to occur in response to a PUT request.  For

   example, if versioning were being used and the representation being

   PUT included changes to a resource that conflict with those made by

   an earlier (third-party) request, the origin server might use a 409

   response to indicate that it can't complete the request.  In this

   case, the response representation would likely contain information

   useful for merging the differences based on the revision history.

I don’t see any great choice here.  I now think that aligning with RESTCONF seems to be right thing to do (so not using 300).  Perhaps choose “data-missing” & 409 if you think that is slightly better, or otherwise go back to “missing-attribute” & 400.

Regards,
Rob


From: Charles Eckel (eckelcu) <eckelcu@cisco.com<mailto:eckelcu@cisco.com>>
Sent: 01 July 2021 15:21
To: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>>
Cc: Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>>; draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org>
Subject: Re: [netconf] AD review of draft-ietf-netconf-sztp-csr

Hi Kent,

I have not been following this draft closely but had a thought on this thread that I thought might be helpful.

It seems to me a 401 would be more appropriate in this scenario.
If the server does not require a CSR, it returns a 2xx response.
If it does require one, it returns a 401 indicating which one it requires.

Cheers,
Charles




On Jun 29, 2021, at 1:54 PM, Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> wrote:

 s/Since been/I’ve been/

K.





On Jun 29, 2021, at 4:49 PM, Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> wrote:

Hi Rob,

Since been spinning on the below thread since we had it and am wondering if if would be best to ask for an HTTP expert review?   Please advise.

The reason being is that a close reading of "300 Multiple Choices" suggests that it’s used by an HTTP-server to indicate when there are multiple choices for a resource, whereas in this exchange, the “csr-support” node in the client’s POST effectively indicates that *it* has multiple choices for the server to choose from…

I’m beginning to wonder to the document might need to define a custom HTTP status code to properly indicate the semantics of the response…

Kent // contributor






2. Section 2.2:
 Assuming the SZTP-server wishes to prompt the SZTP-client to provide
 a CSR, then it would respond with an HTTP 400 (Bad Request) error
 code:

I wonder whether returning a 400 "Bad Request" error is really the best
return code, i.e.,



it wasn't clear to me whether this requesting the capabiltiies is really an
error.



Did you consider potentially using other return codes?  Possibly:
300 Multiple Choices,
403 Fobidden,
406 Not Acceptable

I did before look at all the 4xx codes.  I was initially drawn to 412
Precondition Failed, but noted that it is specific to HTTP request header
fields.   As for the others you mention, the semantics of 403 Forbidden is that
the request should not be repeated, which isn’t out case, and 406 Not
Acceptable regards the use of the HTTP “Accept” headers, which aren't in
play here either.  That said, 300 Multiple Choices does appear to be a better
if not perfect option, so I made that change in my local copy.
Ack.


_______________________________________________
netconf mailing list
netconf@ietf.org<mailto:netconf@ietf.org>
https://www.ietf.org/mailman/listinfo/netconf

_______________________________________________
netconf mailing list
netconf@ietf.org<mailto:netconf@ietf.org>
https://www.ietf.org/mailman/listinfo/netconf