Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-03.txt

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 14 July 2020 16:50 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A88E3A08C0 for <netconf@ietfa.amsl.com>; Tue, 14 Jul 2020 09:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.61
X-Spam-Level:
X-Spam-Status: No, score=-9.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ik76br77; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=VHK2d3go
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVW5T5zG7yqP for <netconf@ietfa.amsl.com>; Tue, 14 Jul 2020 09:50:56 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9153A0A94 for <netconf@ietf.org>; Tue, 14 Jul 2020 09:50:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27703; q=dns/txt; s=iport; t=1594745455; x=1595955055; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=FVoJaCs5h1AWwXM2J0EfGahQKNhhDqYhoWyBpTsduOE=; b=ik76br77G+TZVD3924gq+QzAUFpfatbSPC6RCkAChMKcEIYf3Oj6EvdU ZY7DJ2Fsi5ju6hkKrYnAHM639UsZo9cH3Fzxzz+nJjm/6kQEtRHkh27cL caX1R5qww0dv0BT07nGYJmfkwlkSJ+Deoxqbl6wW02/QgduIz7gZQO7jB Y=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:EIZP+R1rJ347PXBosmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWGuadiiVbIWcPQ7PcXw+bVsqW1X2sG7N7BtX0Za5VDWlcDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoPk1cGcK4bFrX8TW+6DcIEUD5Mgx4bu3+Bo/ViZGx0Oa/s53eaglFnnyze7R3eR63tg7W8MIRhNhv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CdBQBn4Q1f/40NJK1gHAEBAQEBAQcBARIBAQQEAQFAgUqBIy9RB28rLS8sCodvA41Rh1iRBoFCgREDVQQHAQEBCQMBARgBDAgCBAEBhAhEAoIHAiQ4EwIDAQELAQEFAQEBAgEGBG2FWwyFbwEBAQECAQEBEBUGEwEBLAsBBAsCAQgOFxMHBwIlCxQRAgQBDQUIBhSDBYF+TQMOEQ8BDp8UAoE5iGF0gQEzgwEBAQWBMgEDAg5Bgy8YggcHCYE4gVOBF4oIGoFBP4FUgk0+glwBAQIBARWBLRsrEYMLgi2PNIoDgRWZWYEECoJdhDGCV4FLkSiCdoEeiBuTBZFxiiSUUwIEAgQFAg4BAQWBaiOBV3AVGiGCNQEBMglHFwINjh4MF4NOhRSFQnQ3AgYIAQEDCXyOPwGBEAEB
X-IronPort-AV: E=Sophos;i="5.75,352,1589241600"; d="p7s'?scan'208,217";a="781585883"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jul 2020 16:50:52 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 06EGoqTt021477 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 14 Jul 2020 16:50:52 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 14 Jul 2020 11:50:52 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 14 Jul 2020 12:50:51 -0400
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 14 Jul 2020 11:50:50 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EZqk/O2VMKhCsZdr0A0fBgHUTiW6Oc/s9BKn4tWSXcLjSpdjvCrd/CP19FpLVlFiOoIaZYSFnt+zZGGsgiwAJmc3NaHsAlvmtO+hOWeKqfu+2Az1y30olXApQBAaqjM8HB8O19nrKtqXegjIQZYEiMpzugPiI/6zlxpfbSvVtg9KOhLrGduBL87OVc01hmc6FEca+ow2Od7uGSoXbWveWcVtSvZTSeYhoekey0lIedRjPdbdmtQsSQRPi8bdVucD1TS27XkKySmLqAMdeKT0Y74iwdrLP0Uza9+qdS/WthvH+3zAx0jRUaOs2B9Znej+14E3EOAJhWUD6h+NuR6KXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tydq6Nqk0SJGpDJLXEJpmeFHx3anqKKoJ+2GSi19JXI=; b=SBvSXw0S/IrVoXB8niuw6Qfd+tJN9W6nHOgE9oiNVfP68UJm4arlYxOI/f30yD55EGQxxTINR0CcwZZYLvhk5z3pIoQPlrpcRCASjTw2Du2m5Sv37KBd2ZClo1/H9WEqMLFcJXTeeJD9AFggYCRSm5f64PrAPj8GB0MQdYlNZUJmqxyTpWXfsBfr2rf1RFC/+NImfJWhwIvUu2gjDdrRVqoyq2eBxOvZF1vAuh19x7w6vFtIKm5TTPAlM/FzXQzHNQCThyH3+zIvTZULKdYcpvvKdYA6SWnQbS66vh2IkKikCHLjPO3xSngx8NQpfJEXHtil+2Xcssn5bxaIg1BJTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tydq6Nqk0SJGpDJLXEJpmeFHx3anqKKoJ+2GSi19JXI=; b=VHK2d3goQNT5JCTVEma6uAlbGYBQvBdgMB5Cp+VQQmudnJKcuGi2rp3RbF7wRvsGyrhXlYEVh1a0zQ9r3K7vwVlVNyrIiAk7HCz5EHtnYk+WQarHlQ5FaVcZDAr/WGZmnVwP6s9yUkXXjXjXK55GqIxy0VwrStEi3yVNmeGHoHQ=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4741.namprd11.prod.outlook.com (2603:10b6:208:26a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.23; Tue, 14 Jul 2020 16:50:41 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2%5]) with mapi id 15.20.3195.017; Tue, 14 Jul 2020 16:50:41 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>, Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-https-notif-03.txt
Thread-Index: AQHWVuGAMhvA4eAgHUC1kvcCfWaYoqkHQQNg
Date: Tue, 14 Jul 2020 16:50:40 +0000
Message-ID: <BL0PR11MB312248671AB8F1773295D357A1610@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <159440288260.29660.1882956283740039536@ietfa.amsl.com>
In-Reply-To: <159440288260.29660.1882956283740039536@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.70]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2c28afd2-9463-4d81-9ef6-08d828160af8
x-ms-traffictypediagnostic: MN2PR11MB4741:
x-microsoft-antispam-prvs: <MN2PR11MB4741CE2C5C2CFA6D83FF1AE0A1610@MN2PR11MB4741.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: f+N2hp8l2OZc+e2Ts79BWnZmIlFd9LFEg5XTYSlLaUoEqMGx0DFCU4DZYmiurtj7OfugOhnG+Gg+Ac4XSP7t4+G/8GJHpFp8cpPRnEezvzkDoTAQDpxZVb40zodXZ+FlkOyssc1m6imw0OrZ4YsIbzqos3VZJGicztn++t2GeULGHh+5z878Y536uZnA/mS1Hbx1Uc1b4JjrmQQbeCXYKZgdsuSOr6MQNhy1Off6XyJ4kZWMlQLeFIifY6eziR4JBUPXTzOhgE0wHWwTo0pz/J4JMfo3eox3e7cGJNzE/YlXAIcnGKu9jam6Y4TzenOP/w+Z+C3+Zp6siRZvgOa1btDZ3chGwWBBNOZlJfjz3+PosK6XMXzqiqC+MrQEuSX9sODMV/V3qVd3WovFXvRQ5Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(376002)(39860400002)(346002)(366004)(9326002)(9686003)(33656002)(7696005)(5660300002)(99936003)(186003)(55016002)(6506007)(26005)(110136005)(52536014)(316002)(66946007)(2906002)(66446008)(76116006)(966005)(66574015)(8676002)(166002)(83380400001)(478600001)(86362001)(4326008)(8936002)(71200400001)(66616009)(66556008)(66476007)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: hO6W0xjVFZSAwTGYqVIo/Z8aRPKT3m3YdiaEJnLvRwZkoE9SUi0fMuvV4/4uRx8aCsv9TB3gv4OW3xNQS3yv6voEILVE5ZwgiQtSevs38XkxXKeZVYpVnup0L/gkajD58Gr7GNCa8KcP2gbUlc+8kn3N9cOeuH+ISyq5K0tMuP6rXSazCXV5DgjY6XXljePBuCYJqDKStdkE8L37Mb+rz6jX5DGEwdWx7ljeUmgiDPEuceB7cKWq1sORPshbhiY1KZ6P9aZoJW1LReeiEAfZ5sZLwi0dTAMj0dgmBlsfgdQhKGNkU7mTxr/X4rYPy2LTxbaURYlJU/Gg6B/EVZXi0RxwKRwsE/dBZTXKd4f3Re9w3FiVVSGEnZYihz3kBGtpTTEfzV3q4dCEwpFos2F4mFM2rbWtgg356xnVB6LfC9//Y71Wz2D+NvCbwcKvyFMAmYi7FdFkyjSkZnMLgU49PUMHgKT7c5lA8hOrwpSH4O2PEqENy3IFRAk25yLkuP2B
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="----=_NextPart_000_0115_01D659DC.C149BA40"; protocol="application/x-pkcs7-signature"; micalg="SHA1"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c28afd2-9463-4d81-9ef6-08d828160af8
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2020 16:50:40.9003 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1BurOGCs4FwQKD965bw8lFcaY0iDL/wS3a2blsfb4lzarCGReWmRWCfyJ9mxmLCF
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4741
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/fkSkFaMlwR_1RC1GzxJcMxgT_yE>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-03.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 16:50:58 -0000

Hi Mahesh,

Hi Kent,

 

It is good to see the updates and simplifications made.  A few questions /
thoughts on the latest:

 

(1) For ietf-https-notif.yang why did you choose "uses x509c2n:cert-to-name"
rather than linking to ietf-truststore.yang's

     grouping truststore-grouping

       +-- certificate-bags! {certificates}?

          +-- certificate-bag* [name]

             +-- name?          string

             +-- certificate* [name]

                +-- name?                            string

 

(2) Do you plan any functionality which inter-related with the receiver
action 'reset' from SN?  Right now this SN action resets the subscription.
Whether this actually does anything to any underlying connection is
undefined in SN.  So I think what you have is fine as you define no actions
on receiver-instances.  But I figured I would ask: is there anything
connection related which you might expose for the receiver as a whole?

 

(3) I have a question on receiver capability discovery prior to sending
notifications.  Section 2.1 says that a publisher 'can' issue an HTTP GET
for the capabilities.  This also suggests that it can choose not to send
such a request.  What is the required behavior for an HTTPS publisher and
receiver when the targeted receiver doesn't support the expected
capabilities?

 

(4) Extending the question (3), the  <subscription-started> notification
from SN can be used for this functionality.   Looking at the example you
have in pipelining Section 1.5.1, the second POST of a YANG notification
occurs is shown before the "Send 204 (No Content) is returned" for the first
notification.   Could you explicitly add the <subscription-started>
notification to section 1.5.1 to disambiguate things?  For example:   

 

       -------------                               --------------

       | Publisher |                               | Receiver   |

       -------------                               --------------

 

       Establish TCP             ------>

 

       Establish TLS             ------>

 

       Send HTTPS POST message

       with <subscription-       ------>

       started> notification 

                                                   Send 200 (OK)

                                 <------           for
<subscription-started>

 

 

       Send HTTPS POST message

       with YANG defined         ------>

       notification #1

 

       Send HTTPS POST message

       with YANG defined         ------>

       notification #2

                                                   Send 204 (No Content)

                                 <------           for notification #1

 

                                                   Send 204 (No Content)

                                 <------           for notification #2

 

There were some earlier discussions on these overall interactions in threads
like:

https://mailarchive.ietf.org/arch/msg/netconf/oUxidvvW95lmxS1LLqyvuivuRcA/

 

Thanks,
Eric

 

> A New Internet-Draft is available from the on-line Internet-Drafts
directories.

> This draft is a work item of the Network Configuration WG of the IETF.

> 

>         Title           : An HTTPS-based Transport for Configured
Subscriptions

>         Authors         : Mahesh Jethanandani

>                           Kent Watsen

>             Filename        : draft-ietf-netconf-https-notif-03.txt

>             Pages           : 27

>             Date            : 2020-07-10

> 

> Abstract:

>    This document defines a YANG data module for configuring HTTPS based

>    configured subscription, as defined in RFC 8639.  The use of HTTPS

>    maximizes transport-level interoperability, while allowing for

>    encoding selection from text, e.g.  XML or JSON, to binary.

> 

> 

> The IETF datatracker status page for this draft is:

>  <https://datatracker.ietf.org/doc/draft-ietf-netconf-https-notif/>
https://datatracker.ietf.org/doc/draft-ietf-netconf-https-notif/

> 

> There are also htmlized versions available at:

>  <https://tools.ietf.org/html/draft-ietf-netconf-https-notif-03>
https://tools.ietf.org/html/draft-ietf-netconf-https-notif-03

>  <https://datatracker.ietf.org/doc/html/draft-ietf-netconf-https-notif-03>
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-https-notif-03

> 

> A diff from the previous version is available at:

>  <https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-https-notif-03>
https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-https-notif-03

> 

> 

> Please note that it may take a couple of minutes from the time of

> submission until the htmlized version and diff are available at
tools.ietf.org.

> 

> Internet-Drafts are also available by anonymous FTP at:

>  <ftp://ftp.ietf.org/internet-drafts/> ftp://ftp.ietf.org/internet-drafts/

> 

> 

> _______________________________________________

> netconf mailing list

>  <mailto:netconf@ietf.org> netconf@ietf.org

>  <https://www.ietf.org/mailman/listinfo/netconf>
https://www.ietf.org/mailman/listinfo/netconf