Re: [Netconf] send 'version' in zerotouch url?
Kent Watsen <kwatsen@juniper.net> Wed, 23 August 2017 16:25 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37ED0132646 for <netconf@ietfa.amsl.com>; Wed, 23 Aug 2017 09:25:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYvj4VXhmm87 for <netconf@ietfa.amsl.com>; Wed, 23 Aug 2017 09:25:47 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0104.outbound.protection.outlook.com [104.47.32.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04FFA13202D for <netconf@ietf.org>; Wed, 23 Aug 2017 09:25:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pAhTE/uE0/LukkHNrhLGJWMOwpF83uCAaAm/K8eAL6g=; b=N9zySMP0upZJqjwEFwovxB8bTbx4mdU/juFa3aD0PFPg3WoXl9WsfHj+P5Tqj8lZ4UF1QY8osbPzP29ddBx8IJaIr3o1mwDpYe8a6f4NV16y4vHrOvBidQBsAxr1s1wQ2oi67GSuQTCYbq8WGJ4ZRqKARcAef98bSfjKYDmCY5Q=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1346.namprd05.prod.outlook.com (10.160.183.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.13.2; Wed, 23 Aug 2017 16:25:45 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1385.008; Wed, 23 Aug 2017 16:25:45 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] send 'version' in zerotouch url?
Thread-Index: AQHTG3hVIRQDzsenIkK0F81ZhuuEkaKR3vEA
Date: Wed, 23 Aug 2017 16:25:45 +0000
Message-ID: <BC282301-4C8F-40E9-A1BF-92989AF8716D@juniper.net>
References: <13059E81-66EB-40A4-AC34-BE35C4B748FA@juniper.net>
In-Reply-To: <13059E81-66EB-40A4-AC34-BE35C4B748FA@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1346; 6:oYUQLpEBGEpAG11hBlZJNN7V2v0vsKA+cTGoZmqq5jBZ50pKghcvq1+ho6IiiOj3LIJvCY7UwFiYlXhGWZBT050SXF4NeR4KO3O75PuW3Vr1Gjpc0KqXcrIY3xgJR/oQa8kaFiOLjrK4G9osthh/gmHddkliboF4wB841CutlE4yTi+QMhXtXWywQjMNmbhl7Ttr85zkH0gdCB16U5mjP7PGmO15p3S+nH87xExu7nadV3MNcWaOQzoZEQOTfGw+xPE6ybfWxiwNLRDaNT0F+uQ1VYrLL4TdFtWQ6EVnfXUfZ1/x5Uu1MyCGsadbXIb7vQ3zaUa9YRSQFdsAWDBYzg==; 5:gscysj7djAJ/g/Qm3VpiVXsFdtDsebcsK7BdsBvYtiZGOI3nCT4HEE1pgcGOeoSLpfPWNCgVNsI5mZxJ15lOsjlHejUFpIKD0UjmGfcwl4Z/wkqmvZfmOPDNd6fTlfcmHnjcufHq6godzGOh9wFhwA==; 24:bbZuBy/j6cMgvdvZDqzl/RtoNI9SctAj/U4pyll/QQgw2E2fUWoJ40hLIUtgF608JM5v+seO1LOxAhnzjcngjSuWRQAOrMKkZTOeEl3cGsk=; 7:naowj9QatfBCIucEPD+yrcKWBZrdK0d3oJ80C7+woKfvPSQDX9LR72HrmrtD78UZakTowONXjznu1Z1cRv+geoiUd4i1q4ALThlJjS256ujPukPEnKqi98xFvTeoyekiNY+e96+H6wC7qW9bRAYI7HFkrmGHOsCw1SwzQKZKcpow8sNZdAqLmfEbK0E/fSlEh0sjFjFEQ3DAXvICTi9gCUx7vU/omvwfe7EOPpwsABE=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 4e4921df-12d1-4ae6-47fe-08d4ea439b28
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(48565401081)(2017052603186)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1346;
x-ms-traffictypediagnostic: BN3PR0501MB1346:
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-microsoft-antispam-prvs: <BN3PR0501MB1346CB6573C66DA8B228A3AAA5850@BN3PR0501MB1346.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123558100)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1346; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1346;
x-forefront-prvs: 040866B734
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(199003)(189002)(5640700003)(81166006)(81156014)(1730700003)(8676002)(36756003)(8936002)(14454004)(68736007)(101416001)(6512007)(189998001)(50986999)(6436002)(76176999)(54356999)(6506006)(2900100001)(77096006)(3280700002)(6486002)(229853002)(83506001)(99286003)(53936002)(2906002)(83716003)(82746002)(2950100002)(6916009)(33656002)(4001350100001)(110136004)(3846002)(6116002)(86362001)(97736004)(3660700001)(6246003)(102836003)(5660300001)(2351001)(2501003)(105586002)(305945005)(478600001)(66066001)(106356001)(25786009)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1346; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A93C88FBA751434D84EEA721CDB8913D@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2017 16:25:45.1805 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1346
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/oobMhkB9BHbwRmgS8TAQmgYhoZk>
Subject: Re: [Netconf] send 'version' in zerotouch url?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 16:25:49 -0000
Another follow-up on this thread, regarding also defining a 'os-name' query param. Both Radek and Dean raised a point about white-boxes on top of which software is installed to give it a personality. For instance, a generic white-box might be a vendor-x router, or a vendor-y firewall, or a vendor-z switch. This means is that the white-box's serial-number alone doesn't uniquely identify the device or, more specifically, what configuration to send it. Of course, an inventory-tracking system should know which software was installed, but doing so isn't convenient. Better would be to have a query parameter called something like "os-name" to indicate what software is install. Thoughts? A related consideration to this regards the IDevID certificate. In the case of a white-box, the IDevID certificate would presumably be set by the white-box manufacturer. This isn't a problem, per se, as the bootstrap-server can also trust the white-box manufacturer's trust anchor cert, and thus still be assured that it's connected to the actual device. However, it might be desirable if, at the time of installing software on the white-box, an LDevID certificate is configured and used instead. There's no security issue here, the only issue is that the draft current only supports IDevID certs (a minor tweak is needed). Any comments on this? Thanks, Kent
- [Netconf] send 'version' in zerotouch url? Kent Watsen
- Re: [Netconf] send 'version' in zerotouch url? Kent Watsen
- Re: [Netconf] send 'version' in zerotouch url? Kent Watsen