IETF Logo Mail Archive

Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt

David Mandelberg <david+work@mandelberg.org> Wed, 29 August 2018 00:52 UTC

Return-Path: <david+work@mandelberg.org>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03BEE130DDD for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 17:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bh3IUeH1Xsoz for <netconf@ietfa.amsl.com>; Tue, 28 Aug 2018 17:52:01 -0700 (PDT)
Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADBB5130DD3 for <netconf@ietf.org>; Tue, 28 Aug 2018 17:52:01 -0700 (PDT)
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.2 cv=Q6OQ2M+a c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=dapMudl6Dx4A:10 a=bmmO2AaSJ7QA:10 a=BTUBnpS-AAAA:8 a=Iwy9DCPzQeMk7noanHkA:9 a=QEXdDO2ut3YA:10 a=pblkFgjdBCuYZ9-HdJ6i:22
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHNlb21uQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com header.from=david+work@mandelberg.org; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=david+work@mandelberg.org; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 209.6.43.168 is neither permitted nor denied by domain of mandelberg.org)
Received: from [209.6.43.168] ([209.6.43.168:34626] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from <david+work@mandelberg.org>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id DD/78-48224-F2EE58B5; Tue, 28 Aug 2018 20:51:59 -0400
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id C29301C6093; Tue, 28 Aug 2018 20:51:58 -0400 (EDT)
To: Kent Watsen <kwatsen@juniper.net>, "netconf@ietf.org" <netconf@ietf.org>
References: <153478564565.23119.9766582310559048569@ietfa.amsl.com> <0DA47346-64BE-4FD1-888F-F0E47688C14F@juniper.net> <4be03677-70b8-98a2-49b3-1be4abd5da7e@mandelberg.org> <6FF89601-E95F-4296-B6E5-80438DF03543@juniper.net>
From: David Mandelberg <david+work@mandelberg.org>
Message-ID: <b50965ed-9cc6-29a4-3e23-87702a5d1bba@mandelberg.org>
Date: Tue, 28 Aug 2018 20:51:57 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <6FF89601-E95F-4296-B6E5-80438DF03543@juniper.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/s9tvESSeEsr8rvaxxL4uA3gSCoE>
Subject: Re: [Netconf] I-D Action: draft-ietf-netconf-zerotouch-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2018 00:52:04 -0000

On 08/27/2018 01:22 PM, Kent Watsen wrote:
>> Section 5.6: "Hinder[ing] the ability for the device to continue the
>> bootstrapping sequence" was only part of why I asked about the error
>> cases. The other part is that I think there's a security risk in leaving
>> bootstrapping enabled after the device is partially/mostly configured,
>> since bootstrapping opens the possibility for various parties to change
>> the configuration. Is there a reason not to require devices to fully
>> rollback the configuration if there's an error after it's applied?
> 
> Why do you think the document allows this?  The beginning of s5.6 says:
> 
>     Some state MAY be retained from the bootstrapping process (e.g., updated boot
>     image, logs, remnants from a script, etc.), however, the retained state MUST
>     NOT hinder the ability for the device to continue the bootstrapping sequence
>     (i.e., process onboarding information from another bootstrap server).
> 
> Are you thinking that the MAY needs to be a MUST NOT?  This text (s5.6) used to
> be much more explicit but need to undo the  configuration (I think I sent you
> that version), but others felt that it  was too proscriptive and, as the
> Implementation Notes section (at the very end of 5.6) says, the device may have
> other ways to reset itself (e.g., relaunch a VM).  Thoughts?

I think it's fine if boot images and logs are retained, and allowing for 
variation in how the device resets itself makes sense. I think the MUST 
NOT covers only half of what shouldn't be retained though. What do you 
think of this? (Feel free to change my wording, especially if you can 
think of something less vague than "behave as if".)

Some state MAY be retained from the bootstrapping process (e.g., updated 
boot image, logs, remnants from a script, etc.). However, the retained 
state MUST NOT hinder the ability for the device to continue the 
bootstrapping sequence (i.e., process onboarding information from 
another bootstrap server), and MUST NOT enable the device to behave as 
if it were successfully configured.


-- 
https://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email