[netconf] Re: AD review of draft-ietf-netconf-restconf-client-server-29
"Rob Wilton (rwilton)" <rwilton@cisco.com> Fri, 09 August 2024 15:48 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51C2C14F69C; Fri, 9 Aug 2024 08:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.742
X-Spam-Level:
X-Spam-Status: No, score=-14.742 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id clhTbcX_cg0Y; Fri, 9 Aug 2024 08:48:38 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A5E5C14F61E; Fri, 9 Aug 2024 08:48:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=124559; q=dns/txt; s=iport; t=1723218518; x=1724428118; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=0vC95yuC3oY161Xl6km+U0HM4LGOo49yB7uVVW5ex8U=; b=FcNQJ2YFj8FXaI1LkmZtJG7K32nkaYMBktMKxPPhsehZn8G53yVNwPXE 5NnBRr77DhWW//CxyrZDZ60E2BIpAeHsUCDK56R/iBwOiQJPHyeMQZd8k eO0zGhWJUcd+3LcB/i7gyZhsRM36mwnT5dWIHmPZqM3KoQUWlSWvLecl3 8=;
X-CSE-ConnectionGUID: uyxhwKktSD62vrHiLxIMxw==
X-CSE-MsgGUID: X2Y0b1KgSZWRla1yZCS3sA==
X-IPAS-Result: A0AOAABeObZmmI0NJK1RCRwBAQEBAQEHAQESAQEEBAEBZYEXBgEBCwGBQDFSewKBHEiEVYNMA4UtiHMDgROKT4VjjE0UgWUFDwEBAQ0BAS4BBRAEAQGEQEYCFok+AiY1CA4BAgQBAQEBAwIDAQEBAQEBAQEBBQEBBQEBAQIBBwUUAQEBAQEBAQE3BQ47hTsGNA2GXgIBAwEBEAgBCEICBwQHEAIBCDgBBgMCAgIeBgsUEQEBBA4FIoJeAYIcFAMxAwEQolcBgUACiih6gTKBAd04DYJYgUgBiCweASqBMgIOgXSCBAEbgzyBHycbgUlEgRUnG4FmSjg+gh8JOQEBAhiBEQEICgEHAhc/gx06gi8EgVSEA4EeBxKDCEGBEDqBHIEKLxYNPBYSgWMtD4Ejem8ICQoCAoEyJGQYgSpQgUiBPWYWJk0qLRCFHIF7gRYTiAlICmUQIgMmMyECEQFVEw0KCwkFiUkKgXmBKimBSyaBDIMLgTUTg2aBZwwST4hUBYEJLYERgSE9AYIGgTpLg16Bf0I/gll0VkgCDQI3KR1AAwsYDUgRLBQhFBsGPm4HpBoEDieBXAGBRQEQHzwCAwECDRwTJgQNIAIUDgEBIAI5AgQhDzQIER8HDxkGCwsGKQOSMAQUEIMmSos4R44Kk1lCcQqEFIwUglWMW4YPBC+EBY0AkX+DdYJjZINUhzeNZIJWiyWEA5FJBCZBgRqDIAIEAgQFAg8BAQaBURgBN2twcBU7KgGCPAk2ExkPiguEIg0Jg1iFFMdEeAI5AgcBCgEBAwmMS2ABAQ
IronPort-PHdr: A9a23:FqLyDReHqDtmMJ7Bcb08wQJilGM/gIqcDmcuAtIPgrZKdOGk55v9e RWZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NCBo
IronPort-Data: A9a23:g2OD2KBFRh6jpxVW/+vjw5YqxClBgxIJ4kV8jS/XYbTApDIlgzcAn TNLWT2EOPyNZGT9KowiYIywoBxVvpSGy4RgOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4SGcYZtCCeB+39BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7ZRbrVA357hUmthh fuo+5eDYA/9imYuWo4pw/vrRC1H7ayaVAww5jTSVdgT1HfCmn8cCo4oJK3ZBxPQXolOE+emc P3Ixbe/83mx109F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq+kTe5p0G2M80Mi+7vdkmc+dZk 72hvbToIesg0zaldO41C3G0GAkmVUFKFSOuzXWX6aSuI0P6n3TE3uR+DF4VPpEj1rgtH3tu9 NgICRUdcUXW7w626OrTpuhEj8AnKozgO5kS/yEmxjDCBvFgSpfGK0nIzYYHh3Fr2IYXRrCHO 5NxhTlHNHwsZzVVJVYTFJU4tOypnXL4NTZfrTp5oIJtuDmPllMgieeF3Nz9Soa7Hc8MvUmjl F38+22gEyMxD4eE4G/Qmp6rrrSSxXygAt16+KeD3vJwiVOPg20eFBNTU1anqv6/hAukVslDI EsS9G8lqak/8lDuVdTnQRCi5neAujYdVsZeVeog52mlzKfI6AGfCEAFQyJPLts8u6cLqScC3 1uNmZbiAiZi9e3TQnOG/bDSpjS3UcQIEYMcTTIVXQsawNr/m61t1AzVbtdHAI+QnsKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQSn7hEFJdCuL/AD7N0+9pWLNJcbBE/rQy0BqtBI+dSl/Et 38elo3OqusPFpqK0ieKRY3h/Y1FBd7bb1UwYnY2Q/HNEghBHVb4Iei8BxkleC9U3j4sI2OBX aMqkVo5CGVvFHWrd7RrRIm6Ft4ny6Ptffy8CaqPN4cUOMUuKVPZlM2LWaJ29z2z+KTLufxgU ap3je72VB729Iw+lmPvHLZHuVPV7nthmDmJLXwE8/hX+eHDPCHOE+ht3KqmZeEi56TMuxTO7 9taLIOLzR4ZONASkQGJmbP/2WsidCBhbbiv8pQ/XrfafmJORjp7Y9ePmuxJRmCQt/kP/gs+1 ivjChYwJZuWrSCvFDhmnVg9M+y0Acch8ClT0O5FFQ/A5kXPqL2Htc83X5A2ZrIgsudkyJZJo zMtIq1s3twnpuz7xgkg
IronPort-HdrOrdr: A9a23:6zVcs6/hUrfuWrDtoYJuk+GYdr1zdoMgy1knxilNoENuA6+lfp GV/MjziyWUtN9IYgBfpTnhAsW9qXO1z+8S3WBjB8bSYOCGghrmEGgM1/qZ/9SNIVybygcZ79 YeT0EcMqy/MbEZt7eG3ODQKb9Jq7f3ktHMuQ6d9QYQcegAUdAY0+4NMHfhLqQAfng/OXNWLu v62uN34xCbVTA8aMO9CnMZX+7FieHqufvdCyIuNloM0iXLqSmnxoLbPnGjsyv2VQkh/Z4StU z+1yDp7KSqtP+2jjXG0XXI0phQkNz9jvNeGc2lkKEuW3XRozftQL4kd6yJvTgzru3qwk0tis PwrxApONk2w2/Nf1uyvQDm12DboXUTAj7ZuB2laEnY0IjErQEBeo18bEViA13kAn8bzZRBOW RwrjukXtRsfEv9dW/Glqj1vllR5zmJSDwZ4K8uZ7g1a/pFVFeXxrZvp399AdMOGjn355sgF/ QrBMbA5OxOeVffdHzBuHJzqebcFEjajn+9Mzo/U+GuonBrdUpCvgAl7d1amm1F+IM2SpFC6e iBOqN0lKtWRstTaa5mHu8OTca+F2SIGHv3QS6vCEWiELtCN2PGqpbx7rlw7Oa2eIYQxJ93nJ jaSltXuWM7ZkqrA8yT259A9AzLXQyGLHnQ49Ab44I8tqz3RbLtPyHGQFcyk9G4q/FaGcHfU+ bbAuMePxYiFxqZJW9k5XyIZ3AJEwhqbCQ8gKdOZ26z
X-Talos-CUID: 9a23:KtAMi2j136x2zC6kLBpXkX5COzJub2zNzGjzIFODJTgzVqe1SHuA2YZ0jJ87
X-Talos-MUID: 9a23:fKv4zg9y7zX9n9SVy/S1z9mQf/cy0vykUWMCqqc5gc2NbD1CEAzGlx3iFw==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-6.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Aug 2024 15:48:36 +0000
Received: from alln-opgw-1.cisco.com (alln-opgw-1.cisco.com [173.37.147.229]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 479FmaCK017551 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 9 Aug 2024 15:48:36 GMT
X-CSE-ConnectionGUID: lskAO1kYSnmc3WUdEbSAJA==
X-CSE-MsgGUID: bjpE19qtQUKa5LUg9Co0Zw==
Authentication-Results: alln-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com
X-IronPort-AV: E=Sophos;i="6.09,276,1716249600"; d="scan'208,217";a="35675727"
Received: from mail-bn8nam12lp2170.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.170]) by alln-opgw-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Aug 2024 15:48:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gUQLjsZmty1lflFdnA5OEp1/lVvhhcwx52+hp5KrytlGwaob2pVeGMvHNeRxzpjvhzCQhPkyFoGYoiYURK7nhssFiGhqSwCmGne3bkjkw01PIN3YedkxmfEg5h61Ul3Q2I7WcREvNzQZO9zIKoRr6G/jioPhrA0Fzntd3x5lDjSwuO7urx6AZqQLPnIf0v2nmbAWJv8ciSrKON4Ju0j4uRhS3YmfZ7Uhm02NAe5mRhGwQkIReP6tIUd1WfrTSErCzHGq/qh7brl9uo7O9zAPF0dM4xipNIOEe1r4x63ibm0SX++uNCb4FNyvjB5aPew0XSFMj1ZHz3tE9y0D+fGlnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0vC95yuC3oY161Xl6km+U0HM4LGOo49yB7uVVW5ex8U=; b=EcaI3qkgSDfsmUEp0sX6a7RupLya3PbGA03neGq+4Ml2uQJRJYLMqbfWcz9cnUCznzfU2h91foGgpw6XZz2JgWEhViUMEX10idR+K9M4FhDDlEzYZ62PJS+EQ6pms7RTR8y6RZesZwp3f7vg2zE+jpK3hW/I1iXQ7gmWZHItrkbX+uRnlsEi698CeMHwl55qQhchxKasDPr44DypenqI7WUxdX0F5QdXVikYzIN9HqA0aBq54heJmf+0gjI4qX6Xfm7Hb2OFGdBGE9TvAHC6xEwWIyp45X27NApBg9DpVkDh5YyoI07gnpwP3MJNEn+oGTOlhwTR5Zyg2SvLwDpsKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from LV8PR11MB8536.namprd11.prod.outlook.com (2603:10b6:408:1ec::19) by DM4PR11MB5993.namprd11.prod.outlook.com (2603:10b6:8:5c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.26; Fri, 9 Aug 2024 15:48:32 +0000
Received: from LV8PR11MB8536.namprd11.prod.outlook.com ([fe80::ff1c:486e:efc9:119e]) by LV8PR11MB8536.namprd11.prod.outlook.com ([fe80::ff1c:486e:efc9:119e%3]) with mapi id 15.20.7828.023; Fri, 9 Aug 2024 15:48:32 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: [netconf] AD review of draft-ietf-netconf-restconf-client-server-29
Thread-Index: AdmqjUxd1twvXZ20SW6ylmjcLVdcVCNwieYAFfvC2QABH/rnABVtSUYA
Date: Fri, 09 Aug 2024 15:48:32 +0000
Message-ID: <04CCF565-F768-49D5-94A1-641CE6326B9E@cisco.com>
References: <BY5PR11MB41966C2099AC6C2F28A4B1E3B525A@BY5PR11MB4196.namprd11.prod.outlook.com> <0100018ca85c8aca-88d466e8-ed6f-4154-99ef-11af9a63e5ff-000000@email.amazonses.com> <00FDFDFA-13C7-454F-80C8-8C7FEE076A42@gmail.com> <0100018f0622262f-962c597a-1753-445a-8399-7beb9c8995d3-000000@email.amazonses.com>
In-Reply-To: <0100018f0622262f-962c597a-1753-445a-8399-7beb9c8995d3-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR11MB8536:EE_|DM4PR11MB5993:EE_
x-ms-office365-filtering-correlation-id: 1ead7656-2b3e-4d9c-ee2a-08dcb88ab8d0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018;
x-microsoft-antispam-message-info: VbqF3UqtEUnlOzOlMVyx405jmD7VsIjqP5WkPpc5MsJuDjwdQhON96DwzNYUHtW4KBQ1MMu6bMBIF7SPq+ZEz5jdYW2u4ykatCVOyEb8MkNKAU61lUvAwMPJxihdr2Xpcs3J2eK21glgERT6VUWf37SDkMbeggXorsUrS0LviRw8GJaE/a3cH2JF3jBa8hgPaKZAROLVMPRPnO2Wj1OcRNH+ZLPuE0pTriWIc7dBy9tdPX1qns8HRhMwo3KIlLvC9QvxtAcwtdoEC9I9qgk4H1yInnWNTpTWTezA1P1EptTdAXA70IxnauBlnv5X0zDIfBHf4T08XCKHL3Gnu5fx8h6HBo5S9Bce9oL52zUDP8tO1fcXWEmRotkTVpa3JUzRZWBmKnQM6eqqLGcpbyuafD8/1a121emRA/6E2j6hA2k4dEaIp+QhrfwOR/Bdt0PxlSzNvrvsvCjs+Bqq5MeEI80D1bCGRovMLjg5fKjtIxb72qqxF3P/oMnKfBQEO4Ojvi+4fKB5hutsayHPgLToOCLa26+dT3vGFm0ZjcFHYP2T5F1+dohXybQFNWYRe0ql9lczXidXSLQU5h0lLsB4/qRKr+63PsAs+DL96rvnQomK7pDyZXX3k4pPRrcLYyc/W0l/H/apceeXlNDDkmMgLHj/hJhlPyiMnemaiSqqnLvs0kxEEdtweWyEOgX+itazB+ShKEpIweg+ZnfJ2VI9kfwvaAzjccp1VjVhTMYVKuSFWE8XHf/inBOIqr1UqyMP+7+c486hN9L/IS3dan2RjoQlffkCS0FTVwDjlRTOjwRp7SgUcCz6QWTRNet6F7CIZjatAzu74wZUe9WA/Dk3MVcgjCq5DfgW4eVFxVywYCJ2Iymz4OZVBkZlESUEcTDAN34BKaclcnk+99pSQqArZz36xvu88nQWl73asVtLDgtKkdfa7mYDpZhS72I/47cLhIMBL9A7piL2LFHecPScApez1oBq/5X3ZiYbE1D9HJ1rHYGjTcV9kGKV2NiLYmlj9Obe7iPO6D1VdKqJ5/7mvQZX0MXI+ckUOX2XpC06gngeMvs1dVvxVkFgTl2krq0E7o4b5dJeFq46LV42DdM+3bQzbjXYWDnzZdg21WLbdBrdPkwWpFNkbsiylQaFwUKiu+m9kfNAEwBLSSmTNBHCFjLaOawE8fbff4DBUS2l64bp8iDkCH5RbgaivZcnHOxRfDSymbaf1xN4mQPyatjatkod76/ouUXrKOt16IEuRKpmxNtCzlrtSUQ4+iXS/TdI34uxMue1YjY9zv/MPsI2mWEW95EEWumWVGEsWtpt92f94dGuAem7ESVxEg22+ZxHCa7vGg7vGi0OPxGWc/KaeM7toxxh12p4+xCYCjGOzgo=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR11MB8536.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XF187aBQE8DFnvz+2d7045EFMPEJTyd5FQh1JEs01Xr4x4wVaa/jPhAJ3YdfuFg/MqZJzLN3zLz15kmCXxbA5Y/+sfxG4fn6dT/EjyHpRIPjGWd7UeG4F2+f9RNaVdzCNmBhGcrLRqt2A3kyc14G3xxt0PxBr2lI/X64yXPN3lWqU1sA9PPcjVtYVtrd36PbhSg6yoBzo64vC7y6QFk47bxAnBTl4B4lIHH6PBxoJ29jxcd3dLSL0TimZN1trclIP/LBjVE17BqQVI1AxO1i3e8+2/yCJvGWG9jnLyIZkiIa+CafolWLYWJ54nL0O8i01mN4OAGJU8JH7oEx3gz89RY2S/5ht+jwGi6HaKlA/RrzMjQdJsYpHvTg+SUlYGpuTVkKXUQglodCwzkak3iougZGe5WZn6DNHhiMSmzoSbKrLUJJf/clGqQxS37aHjAJ427mCm6dIYFnf4Y/qFSnQZP5Pa75WzpohUuc1MCb+rZEXc0yUt21Qjiy0xEeYr8tgMLDB3uZ0jAj566mvfaFFLvRLWVmYyJm1CIdrQ4qU11GdAhsAherSxUEvXl1PYmUk7nhZBu9wI1QWO5vzwZaJmOxJxIBhYuHp/TNBT5FZVwh5mqOTkgu0tIPRQzbN3ioRtrS/3OrLGVofbUYKjqDLrbC698kjDGR1WMB1mh4oVVGmc+OU6pb9ploMDPgBgYr0p9N/OAqPWaMqEyGa35jHH42b+Xs81sPes2/YQrasojYQ08ndTIpH6CQbwlK+NpL8f/wGxxHq5LEAD0e1fAQKmNf7WFwBUJw7UvvrQdi10cVnnpunYLIsnYB00ZIMceT25L3C288ZYPY7AZfJTTbQQIl0TMMxP6abmd9nWwvZfxUOH/SWBxFRDmhre6jayzsQhxRTYNSXRw5GQQiKzegmgeFTPaViemZh27Y40gVKGA8wO3Ehg+ela55Z44ZyIEa0PK3py3FOPXnKz39LVatB3+0BnTujqHmFACMbLeBgKvg4kUMUsxxOVEFFLZUkf8LXq/dWWgEOspIbmuv/+9GsCIQWbk30KJ8/rb7eczG2fPTLUik/gecJp3wanDEA3VxUtuuoqkl725vmnibqr1Uvl0yVVz5NxLRml7sKZ698pwvzcTwnmLJAPB2K8moNDCYOG5ua/lRDLmWrTuNHoSNO9bjlKQaP1shzZNN8cS3YR+QDDpaJNZVSp+RMAHPbvr9afH8HR+cW8Wqp6uFin1j5uwzHsAiZ2LaVxaB3E5DJuRp+UmxmAah0yMrmP28Wnpa4Qf07b5eZxKPPPQWdkkbmVyL562bEDXFq4is4ZKxMaAhjLF63nhVTdG2tw4sOlVz4U0pGaIc2IrhHKlzMV1UAB1dy0KYJ3Cf8OmfCn3axh0PjozyIXrKHEGq72rDnVFKKeUnwOTm4AiObEeRVYZKn0NpSSHiBzBtYf/vJux51J+wW2mnKWClGIWQhf6ZBa711KkJIZJ/aSGf5vAGmfFo6G16ppjiyjixaQpx5F+0L/IecG5ZFa/vIqH0rx0R4/dnmRevtCWIvVts+IFdvcCMJns00j/1GmZWNwFRfhut0VcQ2srYCSbvd27Nj9eGdEB1
Content-Type: multipart/alternative; boundary="_000_04CCF565F76849D594A1641CE6326B9Eciscocom_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR11MB8536.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ead7656-2b3e-4d9c-ee2a-08dcb88ab8d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2024 15:48:32.4998 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gHjaAuK9PwXs4ID3g6QXsL/ByWg1LHyZRGmpktAPhOCwUHTWF7HQI4R4lsMqx7jhjdblp1ZpAc0Cg70pANMHZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5993
X-Outbound-SMTP-Client: 173.37.147.229, alln-opgw-1.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Message-ID-Hash: Y5TCPMNDQLW5WI4F3UDIRL6NDOMYQ7NB
X-Message-ID-Hash: Y5TCPMNDQLW5WI4F3UDIRL6NDOMYQ7NB
X-MailFrom: rwilton@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-netconf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [netconf] Re: AD review of draft-ietf-netconf-restconf-client-server-29
List-Id: NETCONF WG list <netconf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/bMeLq6vOnAIYMfPUJLbICvePEAs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Owner: <mailto:netconf-owner@ietf.org>
List-Post: <mailto:netconf@ietf.org>
List-Subscribe: <mailto:netconf-join@ietf.org>
List-Unsubscribe: <mailto:netconf-leave@ietf.org>
Hi Kent, Mahesh asked me to try and help close out the issues that I raised previously. Hence, some comments inline (only for the open issues). On 22 Apr 2024, at 15:07, Kent Watsen <kent+ietf@watsen.net> wrote: Hi Mahesh, What are my plans to submit the updated version of both the draft? First, please note that I’ve been submitted updated versions of the NC/RC drafts throughout the IESG review process for the first seven drafts (of the suite of client-server drafts). Note that the Subject line in this email refers to -29, whereas it is -36 on Datatracker now. The following URL shows all diffs between -29 and -36: https://author-tools.ietf.org/iddiff?url1=draft-ietf-netconf-restconf-client-server-29&url2=draft-ietf-netconf-restconf-client-server-36&difftype=--html I would imagine that everything that I marked as “fixed” below is fixed in the current (-36) version as well. It would be good for Rob (or you?) to follow-up to ensure that it is in fact the case. For other items, where I was asking Rob (you?) a question, the question remains open. I am waiting for a response before making a change… PS: below you will find what looks like a response from me like this: "KENT - factor out top-level container to its own YANG module?”. This is not a response to Rob so much as me leaving a comment to myself, which I forgot to remove before hitting SEND. FWIW, given the uproar regarding the http-client-server draft, which also has “stack” groupings, I am now inclined to isolate the “stack” groupings to their own YANG modules. Thoughts? Kent // author On Apr 16, 2024, at 4:41 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote: Hi Kent, I am following up on your responses on this and the netconf-netconf-client-server draft. I have not heard any objections from Rob on your suggested set of changes. What is your plan to submit the updated version of both the draft? Thanks. On Dec 26, 2023, at 3:01 PM, Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> wrote: Hi Rob, Thank you for your review. Please see below for responses to your comments. Kent // author On Jun 29, 2023, at 9:36 AM, Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org<mailto:rwilton=40cisco.com@dmarc.ietf.org>> wrote: Hi Kent, Here is my AD review of draft-ietf-netconf-restconf-client-server-29. Another draft that is also well written and a pleasure to review - thank you. Review comments: Moderate level comments: (1) p 0, sec RESTCONF Client and Server Models draft-ietf-netconf-restconf-client-server-29 I've not reflagged issues that have been flagged previously, and I presume that you will handle generically/consistently on all drafts (e.g., RFC editor guidance, relationship text, whether to highlight presence containers in the description). Ack. (2) p 10, sec 2.1.3. Protocol-accessible Nodes * The reason for why "restconf-client-app-grouping" exists separate from the protocol-accessible nodes definition is so as to enable instances of restconf-client-app-grouping to be instantiated in other locations, as may be needed or desired by some modules. In theory, this could be achieved by whether the module is "import-only" or "implemented" although I have to say that I don't really like the distinction - it seems to add complexity. An alternative, maybe cleaner, way of solving this could be to put the groupings into a separate "ietf-restconf-client-types" or "ietf-restconf-client-groupings" module separate from the module that defines the protocol nodes for the central client or server. E.g., I think that it would be a shame if all modules started to follow this module of having top-level if-feature statements. KENT - factor out top-level container to its own YANG module? KENT - factor out top-level container to its own YANG module? KENT - factor out top-level container to its own YANG module? - Foo.yang - Foo-stacks.yang - Foo-app.yang I think that the core of the RESTCONF module is the groupings - and hence I would keep those in the existing ietf-restconf-client and ietf-restconf-server modules. But I still have a prefer for moving the central implementations into separate modules without the top-level feature. E.g. ietf-restconf-client-central-app, ietf-restconf-server-central-app. This would give a default central implementation that can be used, but without necessarily implying that clients/servers will generically implement it. (3) p 21, sec 2.3. YANG Module choice connection-type { mandatory true; description "Selects between available connection types."; case persistent-connection { Should there be an option for an "on-demand" connection? I.e., the details are stored centrally, but a connection is made if needed, and then it is closed (possibly after an idle timeout), if the connection is no longer needed. This comment also equivalently applies to the server part. This choice statement is in the "restconf-client-app-grouping” grouping. This grouping has “description” statement: description "A reusable grouping for configuring a RESTCONF client application that supports both 'initiate' and 'listen' protocol stacks for a multiplicity of connections."; Note the word “application”. The intention of the “app” grouping is to support NMS/Controller clients that wish to maintain long-lived connections to devices (RESTCONF-servers in this case) that the NMS/Controller manages. The two “connection-type” case statements: are “persistent” and “periodic”. Please be aware that “periodic" doesn’t exclude "on-demand”, as an NMS/controller can always connect ASAP. Technically, “periodic” is more like “on-demand and periodic”, but that’s wordy (and not always true), so I shortened it to just “periodic”. The “description” statement could be improved to be clearer on this point... Is this what you had in mind wrt “on-demand”? (i.e., as an adjunct to “periodic”) Or did you mean just “on-demand” by itself? If so, would this make sense for an *app* that is trying to maintain long-lived connections to servers that may need to push notifications over the client-initiated connections? I might be wrong, but I assumed that controllers like NSO which are managing many devices, may not want to keep the connections open (because it would mean that it would need to keep open too many connections). Instead, I think, e.g., for a config change to a particular device, that they open a connection to the device, do the required work, and then close it again afterwards, and in that context I think that periodic would be quite confusing. (4) p 23, sec 2.3. YANG Module enum last-connected { description "Indicates that reconnections should start with the endpoint last connected to. If no previous connection has ever been established, then the first endpoint configured is used. RESTCONF clients SHOULD be able to remember the last endpoint connected to across reboots."; } The SHOULD be able to remember the last endpoint feels like somewhat of a (possibly unnecessary) burden to the client. I would prefer this to be a MAY, or something softer, or to better understand where this requirement is coming from. The idea behind “across reboots" is that it might make use of caches that the "last-connected” endpoint may have created and possible reuse. To what extent it matters I cannot say. Should I add this detail or remove the last sentence all together? I’d rather remove the sentence than make it a MAY, since there is an implicit SHOULD in the first sentence… Thoughts? Perhaps change it to something like: enum last-connected { description "Indicates that reconnections should start with the endpoint last connected to, if known. If no previous connection is known, then the first endpoint configured is used."; } (5) p 47, sec 4.1. The "ietf-restconf-client" YANG Module None of the writable data nodes in this YANG module are considered sensitive or vulnerable in network environments. The NACM "default- deny-write" extension has not been set for any data nodes defined in this module. I think that this section (and the one below) must list the paths that are security sensitive in the groupings that it uses, i.e., just deferring the grouping definition is probably not sufficient to make readers sufficiently aware. I agree that the previous text insufficiently made readers aware. But instead "carrying up” every NACM flag set in recursively used groupings, I added this statement. Please be aware that this YANG module uses groupings from other YANG modules that define nodes that may be considered sensitive or vulnerable in network environments. Please review the Security Considerations for dependent YANG modules for information as to which nodes may be considered sensitive or vulnerable in network environments. I added this to every module-specific Security Consideration section in all of the "*-client-server” drafts. That is, all drafts except crypto-types, truststore, and keystore, as these drafts already “carried up” NACM flags set in imported modules. Good enough? Yes, good enough for me. I'll leave to Mahesh and the SEC ADs to decide if it good enough for them. Minor level comments: (6) p 6, sec 2.1.2.1. The "restconf-client-grouping" Grouping * This grouping does not define any nodes, but is maintained so that consuming modules can augment nodes into it if needed. This probably should be reworded since the grouping doesn't help with augmentations. There is part of me that wonders whether the grouping is really helpful at all. Removed. Also removed in the netconf-client-server draft. (7) p 9, sec 2.1.2.4. The "restconf-client-app-grouping" Grouping * Both the "initiate" and "listen" subtrees must be enabled by "feature" statements. I find this text slightly unclear, i.e., I presume that this means that they are both predicated by feature statements rather than both features must be enabled when using this grouping. Agreed. s/must be enabled by/are predicated by/ Fixed in the netconf-client-server draft also. (8) p 10, sec 2.1.3. Protocol-accessible Nodes * The top-level node "restconf-client" is additionally constrained by the feature "central-restconf-client-supported". I wasn't sure whether 'central' is the best adjective here, possible alternative suggestions could be 'default' or 'common'. The “central” term is now used in the truststore, keystore, netconf, and restconf drafts. I think that, before, the term “global” was used…. If you want to change the term again, perhaps “top-level”? I personally wish these top-level containers didn’t exist in the netconf/restconf drafts, but the WG previously said they thought there were important. :sigh: FWIW, the top-level nodes *are* useful in the truststore/keystore drafts... Probably not worth changing now, and this is probably just a bike shed anyway. (9) p 16, sec 2.3. YANG Module feature https-listen { description "The 'https-listen' feature indicates that the RESTCONF client supports opening a port to listen for incoming RESTCONF server call-home connections. This feature exists as not all RESTCONF clients may support RESTCONF call home."; reference "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; } To differentiate between these two features, the descriptions should probably clarify that they are listening for HTTPS vs HTTP connections. Good catch. For “http-listen”: s/call-home connections/call-home connections using HTTP/ For “https-listen”: s/call-home connections/call-home connections using HTTPS/ (10) p 17, sec 2.3. YANG Module grouping restconf-client-initiate-stack-grouping { description "A reusable grouping for configuring a RESTCONF client 'initiate' protocol stack for a single connection."; Maybe 'single outbound connection', or 'single client connection', to differentiate from call-home? Fixed. In netconf-client-server draft too. Also fixed the other “stack” grouping in a similar way. - it now says “listen on a single port”. (11) p 17, sec 2.3. YANG Module choice transport { mandatory true; description "Selects between available transports. This is a 'choice' statement so as to support additional transport options to be augmented in."; I'm not convinced that the second sentence should be in the YANG model (e.g., if it turns up in UI documentation), but is great in the prose that accompanies the module. If you agree to change in the module definition then it would make sense to change this in other places as well. Second sentence is removed. A total of four locations in the two restconf modules. Interestingly, the second sentence was not present in the two netconf modules. (12) p 17, sec 2.3. YANG Module case https { if-feature "https-initiate"; container https { must 'tls-client-parameters/client-identity or http-client-parameters/client-identity'; description "Specifies HTTPS-specific transport configuration."; container tcp-client-parameters { description "A wrapper around the TCP client parameters to avoid name collisions."; uses tcpc:tcp-client-grouping { refine "remote-port" { default "443"; description "The RESTCONF client will attempt to connect to the IANA-assigned well-known port value for 'https' (443) if no value is specified."; } } } container tls-client-parameters { description "A wrapper around the TLS client parameters to avoid name collisions."; uses tlsc:tls-client-grouping; } Looking at these further and thinking about how they would get displayed in a UI, I wonder whether these containers would just be better described as "TLS client parameters" rather than mentioning what is really an implementation detail. If you agree to change this then I presume that you would update in other places and drafts to be consistent. Agreed. In all drafts, I updated all of the description statements to NOT mention that it was a “wrapper...to avoid name collisions”. (13) p 18, sec 2.3. YANG Module container http-client-parameters { description "A wrapper around the HTTP client parameters to avoid name collisions."; uses httpc:http-client-grouping; } container restconf-client-parameters { description "A wrapper around the RESTCONF client parameters to avoid name collisions. This container does not define any nodes. It exists as a potential augmentation target by other modules."; I wasn't sure that the last paragraph is helpful here (and is already stated as part of the grouping), since if anyone does augment in extra nodes then it becomes misleading. Agreed. Removed not just second sentence, but second paragraph (also in the netconf-client-server draft) I removed the third sentence also to be consistent with the other similar nodes in those modules. (14) p 22, sec 2.3. YANG Module The RESTCONF client SHOULD gracefully close the underlying TLS connection upon completing planned activities. For a periodic connection, how are the planned activities specified, initiated, or controlled? Having the periodic connection specified in this way seems a bit strange to me, and I'm struggling to understand exactly how it will be used and how everything dovetails together. Let’s first think about a persistent connection: The client sends RPCs when it wants, and the server sends notifications when it wants. Now extend that to periodic connections: replace “when it wants” with “on the next periodic connection”. Of course, in some systems, the server can still send “when it wants” by forcing the connection to be established ASAP. For this reason some might call it an “on-demand/periodic” connections. But since that’s too long, and not always the case, I shortened to just “periodic” connection. Thoughts? Defer to the previous conversation on this. I think that ad-hoc is probably a different use case, but perhaps there isn't any configuration in that case, I'm not sure. (15) p 26, sec 3.1.1. Features Features: +-- http-listen +-- https-listen +-- https-call-home +-- central-restconf-server-supported Similar to the client, I wasn't sure whether 'central' is the best adjective here, possible alternative suggestions could be 'default' or 'common'. Please see my response to your comment in the client module. (16) p 26, sec 3.1.2.1. The "restconf-server-grouping" Grouping * The "client-identity-mappings" node, which must be enabled by "feature" statements, defines a mapping from certificate fields to RESTCONF user names. The comment about needing to be enabled via "feature" statements looks to be inaccurate, or otherwise I'm confused by it. Agreed. Removed. Shocking that such typos are still being found (thank you for being thorough!) (17) p 28, sec 3.1.2.3. The "restconf-server-callhome-stack-grouping" Grouping grouping restconf-server-callhome-stack-grouping: +-- (transport) +--:(https) {https-listen}? +-- https +-- tcp-client-parameters | +---u tcpc:tcp-client-grouping +-- tls-server-parameters | +---u tlss:tls-server-grouping +-- http-server-parameters | +---u https:http-server-grouping +-- restconf-server-parameters +---u rcs:restconf-server-grouping I just wanted to check, is 'https-listen' the right name for the feature statement? I had assumed that this configuration would be for an outbound connection rather than an inbound one, and to me listen implies inbound. Egads, absolutely not. It was supposed to be "https-call-home”. Fixed now. Note: the feature was already correct in the netconf-client-server draft. (18) p 29, sec 3.1.2.4. The "restconf-server-app-grouping" Grouping grouping restconf-server-app-grouping: +-- listen! {http-listen or https-listen}? | +-- endpoint* [name] | +-- name? string | +---u restconf-server-listen-stack-grouping +-- call-home! {https-call-home}? +-- restconf-client* [name] +-- name? string +-- endpoints | +-- endpoint* [name] | +-- name? string | +---u restconf-server-callhome-stack-grouping +-- connection-type | +-- (connection-type) | +--:(persistent-connection) | | +-- persistent! | +--:(periodic-connection) | +-- periodic! | +-- period? uint16 | +-- anchor-time? yang:date-and-time | +-- idle-timeout? uint16 +-- reconnect-strategy +-- start-with? enumeration +-- max-wait? uint16 +-- max-attempts? uint8 I've raised this in a previous review, but I wonder whether it would be helpful to also include the fully expanded groupings for your top-level groupings intended to be used by implementors, and maybe the top level "central" definition as well. These could end up being fairly long, but assuming that they do not wrap too much (to the point that they become unreadable), then these could just be included in an appendix. The problem is that they do wrap so much as to become unreadable. If we were to add fully-expanded tree diagrams to the appendix, I would want to see corresponding Datatracker update that unfolds the artwork for all document formats except the plain-text format. Especially for web, a horizontal scrollbar would be excellent... Okay. Let's leave this for a future enhancement ;-) (19) p 32, sec 3.2. Example Usage <http-server-parameters> <server-name>foo.example.com<http://foo.example.com/></server-name> </http-server-parameters> The remote-address field and server-name fields differ. Is this valid (and for the second endpoint below)? Correct. “Remote-address” is for where the call-home connection goes. “Server-name” is how the RESTCONF-server announces itself to the RESTCONF-client it connects to. These are different things. (20) p 37, sec 3.3. YANG Module feature https-listen { description "The 'https-listen' feature indicates that the RESTCONF server supports opening a port to listen for incoming RESTCONF over TLS client connections, whereby the TLS connections are terminated by the server itself."; reference "RFC 8040: RESTCONF Protocol"; } As per my previous comment, this description doesn't cover that it is also used in the call home stack. Correct, nor was it intended to. The next “feature” in the module is used: 110 feature https-call-home { 111 description 112 "The 'https-call-home' feature indicates that the RESTCONF 113 server supports initiating connections to RESTCONF clients."; 114 reference 115 "RFC 8071: NETCONF Call Home and RESTCONF Call Home"; 116 } (21) p 42, sec 3.3. YANG Module grouping restconf-server-app-grouping { description "A reusable grouping for configuring a RESTCONF server application that supports both 'listen' and 'call-home' protocol stacks for a multiplicity of connections."; container listen { if-feature "http-listen or https-listen"; presence "Identifies that the server has been configured to listen for incoming client connections. This statement is present so the mandatory descendant nodes do not imply that this node must be configured."; description "Configures the RESTCONF server to listen for RESTCONF client connections."; list endpoint { key "name"; min-elements 1; description "List of endpoints to listen for RESTCONF connections."; leaf name { type string; description "An arbitrary name for the RESTCONF listen endpoint."; } uses restconf-server-listen-stack-grouping; } } Rather than having a presence container here, you could have just had endpoint be a list of 0 or more elements. A similar comment applies to the call-home container below. True, for this case, but leaving as is allows a consuming module to augment-in more “mandatory true” nodes outside the list. Thoughts? Okay as is. Thanks, Rob I also note that there is an endpoints container wrapping the endpoints under call-home but not listen. Presumably this has been done because there are other leaves under call-home/restconf-client, but I'm not sure that you can guarantee that wouldn't ever be the case under listen as well. I.e., would having the containers in both places be more consistent? Ah yes, I remember seeing this before… I added the wrapping “endpoints” container (in both modules in this draft and also the netconf-client-server draft) FWIW, as annoying as it is, I always try (in IETF drafts) to have a wrapping “container” for lists so that the entire list can be deleted in a single protocol operation. Okay. (22) p 46, sec 3.3. YANG Module enum last-connected { description "Indicates that reconnections should start with the endpoint last connected to. If no previous connection has ever been established, then the first endpoint configured is used. RESTCONF servers SHOULD be able to remember the last endpoint connected to across reboots."; Note, same comment about remembering the last endpoint applies here. Please see my response above to this issue. Nit level comments: (23) p 19, sec 2.3. YANG Module container tcp-server-parameters { description "A wrapper around the TCP client parameters to avoid name collisions."; s/client/server/? Yup, found and fixed already (also in the netconf-client-server draft) (24) p 39, sec 3.3. YANG Module description "Identifies contact information for the external system that terminates connections before passing them thru to this server (e.g., a network address translator or a load balancer). These values have no effect on the local operation of this server, but may be used by the application when needing to inform other systems how to contact this server."; s/thru/through/ Fixed (also in two other locations where used) Thanks, Rob K. Mahesh Jethanandani mjethanandani@gmail.com<mailto:mjethanandani@gmail.com> _______________________________________________ netconf mailing list netconf@ietf.org https://www.ietf.org/mailman/listinfo/netconf
- [netconf] AD review of draft-ietf-netconf-restcon… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-res… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-res… Mahesh Jethanandani
- Re: [netconf] AD review of draft-ietf-netconf-res… Kent Watsen
- [netconf] Re: AD review of draft-ietf-netconf-res… Rob Wilton (rwilton)
- [netconf] Re: AD review of draft-ietf-netconf-res… Kent Watsen