IETF Logo Mail Archive

Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-03.txt

Kent Watsen <kent+ietf@watsen.net> Wed, 15 July 2020 23:21 UTC

Return-Path: <0100017354c87c8a-e19d1df5-0113-4b19-b6cd-9394c017b6ff-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30A6D3A0B4C for <netconf@ietfa.amsl.com>; Wed, 15 Jul 2020 16:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9S_Pssg3TQu for <netconf@ietfa.amsl.com>; Wed, 15 Jul 2020 16:21:33 -0700 (PDT)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57C573A0B49 for <netconf@ietf.org>; Wed, 15 Jul 2020 16:21:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1594855292; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=cNCvjEKrDkFWEjS5ajqS80aTJ3Vt+L731Mv5SKOshes=; b=SXtG8zIjEBmr9znOYITTSZq6Gjxbam/smQA9tvkrt42J2UG48oS2ziP6CqzmIBkD vhIU2ama3LHh80mIMGTsPbgdQxpeDGb2yaD4X38weHx6EiTZNSUH3yAIVghyEsYiFup XVhCDEtwGRISz2DImR5isumsaBSGbdMi0RSo/4kI=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100017354c87c8a-e19d1df5-0113-4b19-b6cd-9394c017b6ff-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BA6C79FF-F084-4BFF-8077-9F437E42DEC3"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 15 Jul 2020 23:21:32 +0000
In-Reply-To: <BL0PR11MB312248671AB8F1773295D357A1610@BL0PR11MB3122.namprd11.prod.outlook.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
To: "Eric Voit (evoit)" <evoit@cisco.com>
References: <159440288260.29660.1882956283740039536@ietfa.amsl.com> <BL0PR11MB312248671AB8F1773295D357A1610@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-SES-Outgoing: 2020.07.15-54.240.8.96
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/dHSbk-E07bQub9RpVCMpggTRqjg>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-03.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 23:21:35 -0000

Hi Eric,

> (1) For ietf-https-notif.yang why did you choose "uses x509c2n:cert-to-name" rather than linking to ietf-truststore.yang's
>      grouping truststore-grouping
>        +-- certificate-bags! {certificates}?
>           +-- certificate-bag* [name]
>              +-- name?          string
>              +-- certificate* [name]
>                 +-- name?                            string

I’m unclear about the issue.  Cert-to-name performs a mapping that doesn't exist anywhere else...


> (2) Do you plan any functionality which inter-related with the receiver action 'reset' from SN?  Right now this SN action resets the subscription.  Whether this actually does anything to any underlying connection is undefined in SN.  So I think what you have is fine as you define no actions on receiver-instances.  But I figured I would ask: is there anything connection related which you might expose for the receiver as a whole?

No SN-relation is planned. I’m unsure exactly what the ask is.  Please advise.

 
> (3) I have a question on receiver capability discovery prior to sending notifications.  Section 2.1 says that a publisher 'can' issue an HTTP GET for the capabilities.  This also suggests that it can choose not to send such a request.  What is the required behavior for an HTTPS publisher and receiver when the targeted receiver doesn't support the expected capabilities?

IIRC, the encoding MAY be configured in the SN model.  If it is not *and* the publisher doesn’t probe the receiver’s capabilities, and thus blindly sends whatever it wants, it risks the receiver returning an HTTP 4xx error.  Makes sense?


>  (4) Extending the question (3), the  <subscription-started> notification from SN can be used for this functionality.   Looking at the example you have in pipelining Section 1.5.1, the second POST of a YANG notification occurs is shown before the "Send 204 (No Content) is returned" for the first notification.   Could you explicitly add the <subscription-started> notification to section 1.5.1 to disambiguate things?  For example:   
>  
>        -------------                               --------------
>        | Publisher |                               | Receiver   |
>        -------------                               --------------
>  
>        Establish TCP             ------>
>  
>        Establish TLS             ------>
>  
>        Send HTTPS POST message
>        with <subscription-       ------>
>        started> notification 
>                                                    Send 200 (OK)
>                                  <------           for <subscription-started>
>  
>  
>        Send HTTPS POST message
>        with YANG defined         ------>
>        notification #1
>  
>        Send HTTPS POST message
>        with YANG defined         ------>
>        notification #2
>                                                    Send 204 (No Content)
>                                  <------           for notification #1
>  
>                                                    Send 204 (No Content)
>                                  <------           for notification #2

I think that this is proper.  Guidance welcomed.  But not that, beyond HTTP [N}ACKs, this is a one-way flow of content, so whatever needs to fit into those HTTP responses.

Kent // as co-author



> There were some earlier discussions on these overall interactions in threads like:
> https://mailarchive.ietf.org/arch/msg/netconf/oUxidvvW95lmxS1LLqyvuivuRcA/ <https://mailarchive.ietf.org/arch/msg/netconf/oUxidvvW95lmxS1LLqyvuivuRcA/>
>  
> Thanks,
> Eric

v2.23.0 | Report a Bug | By Email