Re: [netconf] comments on Re: I-D Action: draft-ietf-netconf-tcp-client-server-15.txt
Kent Watsen <kent+ietf@watsen.net> Fri, 10 February 2023 20:51 UTC
Return-Path: <010001863d194775-9fbca54b-13d0-4515-9ec2-80f03e90f97a-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACBB1C1522AB for <netconf@ietfa.amsl.com>; Fri, 10 Feb 2023 12:51:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfnYcDI4XrME for <netconf@ietfa.amsl.com>; Fri, 10 Feb 2023 12:51:53 -0800 (PST)
Received: from a48-94.smtp-out.amazonses.com (a48-94.smtp-out.amazonses.com [54.240.48.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83D0FC1516E9 for <netconf@ietf.org>; Fri, 10 Feb 2023 12:51:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1676062312; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=bfQ9EWTbNpsAHcUY+wy8s6+NzakL83muzS5om8FbLGs=; b=LnxJc21GutfcD4eqpOhucgeO9eKGrR9hEN/B+ASxaDnIxr7mtDxLAG3kr0LCdmva 9C+g1esItEXek+M28wtSg6SltxNWDF//Hu8K+fK1paMeS9IbtfYRHeaTYo7esWB2YzP hYd8Pw6tXfmUgQ/OrfxwBpli4M7NYCkNQzWVJ+Cc=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
From: Kent Watsen <kent+ietf@watsen.net>
In-Reply-To: <AM7PR07MB624874B4F71F35942B3B3DEEA0DE9@AM7PR07MB6248.eurprd07.prod.outlook.com>
Date: Fri, 10 Feb 2023 20:51:52 +0000
Cc: "netconf@ietf.org" <netconf@ietf.org>, "perander@cisco.com" <IMCEAMAILTO-perander+40cisco+2Ecom@eurprd07.prod.outlook.com>, "michael.scharf@hs-esslingen.de" <michael.scharf@hs-esslingen.de>
Content-Transfer-Encoding: quoted-printable
Message-ID: <010001863d194775-9fbca54b-13d0-4515-9ec2-80f03e90f97a-000000@email.amazonses.com>
References: <167087098217.46198.11833137297012936668@ietfa.amsl.com> <AM7PR07MB624874B4F71F35942B3B3DEEA0DE9@AM7PR07MB6248.eurprd07.prod.outlook.com>
To: tom petch <ietfc@btconnect.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2023.02.10-54.240.48.94
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/jBhPMMzZMklItNtoMs3PTnK0loA>
Subject: Re: [netconf] comments on Re: I-D Action: draft-ietf-netconf-tcp-client-server-15.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2023 20:51:56 -0000
Hi Tom,
Thank you for your review of the tcp-client-server draft.
Please see below for my responses to your comments.
PS: you have now reviewed all but one of the suite of
client-server drafts, with draft-ietf-netconf-trust-anchors
being the only one not reviewed. Not that there is an
expectation, but do you plan to review the trust-anchors
draft as well?
Kent
> My last attempts to comment on the tcp-client-server got mixed up with those on tls so I send them again with a few additions.
Np
> Should there be a name string for the local/remote configuration of client and server? I expect to see one in a design document.
It is expected that the importing module will name names where needed. For example, this snippet is in the restconf-client-server draft:
<restconf-client xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf-client">
<initiate>
<restconf-server>
<name>corp-fw1</name>
<endpoints>
<endpoint>
<name>corp-fw1.example.com</name>
<https>
<tcp-client-parameters>
<remote-address>corp-fw1.example.com</remote-address>
...
</tcp-client-parameters>
...
<endpoint>
<endpoints>
<restconf-server>
<initiate>
So here "endpoint" has a name, as does each "restconf-server". Having another name at the TCP-level would be unwarranted. Do you agree?
> The language for me is not quite right in several places in e.g. the choice of verb or preposition and we have had ADs who are rather keen on this, but this is late in the process so I am inclined to let it ride.
>
> s1.1
> Hyperlinks to each RFC are provided below the diagram.
>
> Well, it depends on the format and they are absent in mine. URL yes, hyperlink no.
This was addressed per a previous comment of yours. Replaced "Hyperlinks" with "URLs".
> Examples could do with IPv6, again something that some ADs are keen on.
What are you saying? Is there a general preference to use IPv6 addresses in examples over IPv4 addresses. Is this subtle encouragement to transition to IPv6?
> s.3,3
> YANG features could (always) do with references. I do not know what proxy-connect is and cannot find it in a TCP RFC.
refs added. Description improved.
> Ditto local binding.
The feature-description seems sufficient. Are you asking for a reference? I have no idea, but it goes back to the beginning of IP, as every Socket API I've used has had the ability the specify local bindings for a socket.
> Keepalives are in RFC793 and its replacement and should be referenced since that is a more authoritative source than s.2.1.5 of this I-D IMHO
Added refs to RFC 9293.
> username/password when initiating TCP connections via
> and SOCKS Version 5 proxy server.";
> I cannot parse this
Rewritten (both instances)
> (instead of 'mandatory true') so that as application
> ditto
Rewritten.
> "The local IP address/interface (VRF?) to bind to for when
> ditto twice
I removed the "(VRF?)" string, but otherwise don't see an issue...?
> <local-address>10.20.30.40</local-address>
> should be documentation address
I fixed this issue from your previous comment. Now 192.0.2.2.
> <local-port>7777</local-port>
> should be a private port 49152-
> no ports are reserved for documentation
Now 49152 - thanks.
> s.5.1
> Both of these protocols
> have mandatory-to-implement secure transport layers (e.g., SSH, TLS)
> with mutual authentication.
> Well the mutual authentication is optional so I think you need something like
> Both of these protocols
> have mandatory-to-implement secure transport layers (e.g., SSH, TLS);
> mutual (client?) authentication is optional and SHOULD be configured.
That line regards NETCONF and RESTCONF and, indeed, mutual auth is required for both protocols.
> crypto-types is an import so should be a Normative reference in the I-D.
Fixed.
K.
> Tom Petch
- [netconf] I-D Action: draft-ietf-netconf-tcp-clie… internet-drafts
- [netconf] comments on Re: I-D Action: draft-ietf-… tom petch
- Re: [netconf] comments on Re: I-D Action: draft-i… Kent Watsen