[netconf] Éric Vyncke's Discuss on draft-ietf-netconf-https-notif-13: (with DISCUSS and COMMENT)
Éric Vyncke via Datatracker <noreply@ietf.org> Mon, 12 December 2022 16:38 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 76493C14F747; Mon, 12 Dec 2022 08:38:00 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-https-notif@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, maqiufang1@huawei.com, maqiufang1@huawei.com
X-Test-IDTracker: no
X-IETF-IDTracker: 9.2.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <167086308047.46335.8881003980522216529@ietfa.amsl.com>
Date: Mon, 12 Dec 2022 08:38:00 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/rx2nrr9MZRR3sXsOzERl5eWQ9UI>
Subject: [netconf] Éric Vyncke's Discuss on draft-ietf-netconf-https-notif-13: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2022 16:38:00 -0000
Éric Vyncke has entered the following ballot position for draft-ietf-netconf-https-notif-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-https-notif/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, comments for draft-ietf-netconf-https-notif-13 CC @evyncke Thank you for the work put into this document. Please find below one blocking DISCUSS points (easy to address), some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Qiufang Ma for the shepherd's detailed write-up including the WG consensus *and* the justification of the intended status. I hope that this review helps to improve the document, Regards, -éric ## DISCUSS As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a DISCUSS ballot is a request to have a discussion on the following topics: ### Section 6.1 `The module contains the TCP, TLS and HTTPS parameters` seems to prevent the use of HTTP/3, which relies on QUIC, i.e., UDP. Is it on purpose ? If so, a justification is probably required. Related to the above sentence, the tree has: ``` +--rw https-receiver +--rw (transport) | +--:(tls) {tls-supported}? | +--rw tls ``` Please, bear with my ignorance of YANG, but does the '?' indicate that the tls sub-tree may not be supported ? Weird for an IETF draft whose title include HTTPS ;-) (or is it to support QUIC ?) Finally, and for sure it is my ignorance about YANG, but I do not see an obvious link between the tree view and the YANG module. Should there be a written explanation in the text ? (this is of course a COMMENT-level point). ### Section 7 The security section is mainly about the YANG RESTCONF/NETCONF template, but does not address the security of sending notifications over HTTP. E.g., as written below, what about TLS mutual authentication ? How is the HTTP server certificate is trusted ? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ## COMMENTS ### Abstract ``` This document requires that the publisher is a "server" (e.g., a NETCONF or RESTCONF server), but does not assume that the receiver is a server. ``` This last paragraph adds more confusion on the roles... Suggest to remove it. ### Roles Suggest to prefix server always by HTTPS (i.e., "HTTPS server") and use "publisher" for the NETCONF/RESTCONF "server". ### Which TLS version ? I will let the transport/security ADs to ballot a DISCUSS if required, but wouldn't a specification of which HTTP and TLS versions are required ? Should the certificate validation procedure be specified ? ### Section 2 Probably linked to my ignorance of the system (a global archicture or a more detailed introduction would be appreciated), but how is the "relay-notifications" known by the publisher ? In the examples, there is not such item. Minor comment: is it a "path" or a "common prefix" ? Also, doesn't having a common prefix in the URI prevent having two "HTTP servers" for the same subscription. E.g., one for the capabilities and one for the notifications (e.g., for geographica load distribution). ### Section 3.2 `a publisher can issue an HTTPS GET request` should the 'can' be 'upgraded' to a "SHOULD" or "MAY" ? ### Section 3.4 Please replace 'nnn' by the exact Content-Length. ### Section 4.1 s/HTTPS POST request/HTTP POST request/ ? ### Section 4.2 ``` ... In case of corrupted or malformed event, the response should be an appropriate HTTP error response. ``` Suggest to replace "should" by "SHOULD" or even "MUST". ## NITS ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments
- [netconf] Éric Vyncke's Discuss on draft-ietf-net… Éric Vyncke via Datatracker
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Mahesh Jethanandani
- Re: [netconf] Éric Vyncke's Discuss on draft-ietf… Eric Vyncke (evyncke)