[netconf] AD review of draft-ietf-netconf-restconf-client-server-29
"Rob Wilton (rwilton)" <rwilton@cisco.com> Thu, 29 June 2023 13:36 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29EC7C14CF1C; Thu, 29 Jun 2023 06:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.595
X-Spam-Level:
X-Spam-Status: No, score=-9.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="jXp4UJoy"; dkim=pass (1024-bit key) header.d=cisco.com header.b="lGHwEFc3"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dUZw0017Dwj; Thu, 29 Jun 2023 06:36:08 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AEC8C14CEFF; Thu, 29 Jun 2023 06:36:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16275; q=dns/txt; s=iport; t=1688045768; x=1689255368; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=Eq3aV7hLaewVyPGJJuTjjc9PzfYdiBBWhw1pTnr0pNM=; b=jXp4UJoynNAoMrEIbU8VR7Z+xYzFCOWzjmkbJHC8R9DcWUk5uNGMwJnf VF62ew72ZQEzRUvXp3DvqR4QzM9fUlTRNU5VBsFhkuFupXLPYSdGmQMAP Kjihmq3LJbXAvxQRuo9/y33jTeE3hXMbn5nRem9O5nC+VtAUMXui9Apv+ 4=;
X-CSE-ConnectionGUID: cQJwEqFrQdKFJMDzbD82Fw==
X-CSE-MsgGUID: jrYoNflNSru9ucQ9omPcFg==
X-IPAS-Result: A0DxBgDfh51k/4MNJK1RCR4BAQsSDEAlgR8LgWFSB2wCWSoSR4gdA4UthjiCJIEWnF6BJQNWDwEBAQ0BATETBAEBhQYChgcCJTQJDgECAgIBAQEBAwIDAQEBAQEBAQIBAQUBAQECAQcEgQoThTsGJw2GHSgGAQEjDQgRAT5CJgEEARoagl2CXAMBogcBgUACiiV4gTSBAYIJAQEGBAWybAmBQoRTiE+ETCcbgUlEgRVDgWZKgx85AoE0FBqEEoIuiRYBggwBDQELAYJngjp6gi8Hi3RlgSdvgR6BIHoCCQIRZ4EICF+Bbz4CDVULC2OBHIJSAgIROhRTeBsDBwOBBRAvBwQyCR8GCRgvJQZRBy0kCRMVQQSDWAqBDD8VDhGCWiICBzY/G1CCbQkXDjtfPANEHUADC3A9FCEUGwUEgkNugQgCRqFTgjcBEB88AgMBAg0cPS0CIwEigXEZEQsGLJIUFBCPGaJICoQIi32CUJJqF4QBpHVig0uHGY07IIIvoFaEbgIEAgQFAg4BAQaBYzyBWXAVO4JnCUkZD4oLhBWDdI95dTsCBwsBAQMJi0gBAQ
IronPort-PHdr: A9a23:/PUVRBa2soOpeSIUIMnOUL3/LTDihN3EVzX9orIuj7ZIN6O78IunZ wrU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+YgBOAMirX1TJuTWp6CIKXBD2NA57POPwT5TNjsCr0Oaa8JzIaAIOjz24Mvt+K RysplDJv9INyct6f78swwHApGdJfekeyWJzcFSUmRu9rsvl9594+CMWsPUkn/M=
IronPort-Data: A9a23:UYfJn6pGpECbJRlGXx71tj1MgCxeBmJ+ZBIvgKrLsJaIsI4StFCzt garIBmHafeKMWLxco91OouyoE8FsMLUzIUyTFRtriAyRCoUo+PIVI+TRqvS04x+DSFioGZPt Zh2hgzodZhsJpPkjk7wdOCn9T8khfzgqoPUUIbsIjp2SRJvVBAvgBdin/9RqoNziLBVOSvV0 T/Ji5OZYAbNNwJcaDpOsPrd8kI35pwehRtB1rAATaET1LPhvyF94KI3fcmZM3b+S49IKe+2L 86rIGaRpz6xE78FU7tJo56jGqE4aue60Tum1hK6b5Ofbi1q/UTe5EqU2M00Mi+7gx3R9zx4J U4kWZaYEW/FNYWU8AgRvoUx/yxWZcV7FLH7zXeXuvWx0GDfXWHVz9ZALmQaL4c0qrxZHjQbn RAYAGhlghGrjuayxvewTfNhw51lJ8jwN4RZsXZlpd3bJa95GtaYHeOTvpkBh25YasNmRZ4yY +IDdjtrcBPGSxZOIVwQTpk5mY9Eg1GmKmUI+QnM+PRfD277zhZA157jNPzuYMHbWM5sz0Gdn mno8DGsav0dHJnFodafyVqgnObBgWb6VZ4cUbu16vVthlPW3GEIFBYRU1X+qv24h0iiHslSM VIZ4Gwnqawa9UG3QJ/6RRLQiHiJohUbXdR4EuAm5keK0KW83uqCLmEASjgEY9s8uYpvAzcrz VSO2djuAFSDrYGodJ5UzZ/NxRuaMikOJmhEbigBJTbpKfG6yG3vpnojlupeLZM=
IronPort-HdrOrdr: A9a23:9YmRKaGuZHAU4bIvpLqFbZHXdLJyesId70hD6qkvc31om52j+f xGws516fatskdqZJhBo7q90dq7MA7hHPlOkMIs1NaZLUHbUQ6TTL2KgrGSuwEIdxeOk9K1tp 0QOZSWaueAdmSS5PySiGLVYrVQouVvm5rY4ts2uk0dND2CHJsQiTuRZDzrdnGeQjMqObMJUL 6nouZXrTupfnoaKu6hAGMeYuTFr9rX0Lr7fB8vHXccmUWzpALtzIS/PwmT3x8YXT8K66wl63 L5nwvw4bjmm+2nyyXby3TY4/1t6ZTcI5p4dYKxY/ouW3XRYzWTFcdcsnq5zXIISdSUmRcXeR /30lId1opImjfslyqO0GfQMkHboUkTAjnZuBKlab+Jm72+eNr8YPAxwr5xY1/X7VEts8p717 8O12WFt4BPBReFhyjl4cPUPisa4XZcjEBS5NL7tUYvJbc2eftUt8gS7UlVGJAPEGbz750mCv BnCIXZ6OxNeV2XYnjFti03qebcF0gbD1ODWAwPq8aV2z9ZkDRwyFYZ3tUWmjMF+IgmQ5dJ6u zYOuBjla1ITMURcaVhbd1xN/efGyjIW1bBIWiSKVPoGOUOPG/MsYf+5PEv6OSjaPUzvekPcV T6ISBlXEIJCjLT4Je1reN2Gzj2MRSAYQg=
X-Talos-CUID: 9a23:3UnSN2BIQcmETkT6EyJe1lE5A+4/S3H+4lX1D12yJTYzZqLAHA==
X-Talos-MUID: 9a23:YPysIggd0b0oqxY4EI+mIsMpNt1Z5IKgDGY2i4hXpsK9ZCt1Azyzg2Hi
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2023 13:36:07 +0000
Received: from alln-opgw-3.cisco.com (alln-opgw-3.cisco.com [173.37.147.251]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 35TDa6xa030556 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 29 Jun 2023 13:36:07 GMT
Authentication-Results: alln-opgw-3.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=rwilton@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.01,168,1684800000"; d="scan'208";a="3631621"
Received: from mail-dm6nam12lp2170.outbound.protection.outlook.com (HELO NAM12-DM6-obe.outbound.protection.outlook.com) ([104.47.59.170]) by alln-opgw-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2023 13:36:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WpaYYl9oi8hT1tir8DKAKExCl61QgBBWsxRd8qpXInqAKuv8O6CZ2rq95urR/Mu7ZWmUmnVaIXMK9d8tlN+9vUdIpWYnpybs3cxxmIMk/o0zoAXfEM6dhxFfl0YRUuOMdD2NIQJTT1qdAHWGr1KAvbr/xRKXsdnT0YmL6S/yoceob8NIMfftzKduDkdklHP4F0kXCGPb3gcNmUxoqHT0l8a0ATVH2HMoeGtxptabzDPnRBGceY7lwikv8RjZg9Txob4z1qGgPYd6cIWr1YY8ng8xzzACzkqv/+wfdhl/supXQ7AaH3aX06bYCfH1iy1A7sGGn5h89Zb7TX4lg03ulA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZS7poxhjjPH+pgB1fxtMozC2VOuBVSxJeIHzsr1kuaY=; b=nhj8Y1qdQss73QAbyuih/u9CEaOpogzH6YLBf73tGqJwkzqKNtwYyc68L9CJfQs+bECdyhel+mdDiNLlNoyDW6DCMUShh4Gg5LovCS6xX+tmJFA6TIjC0zubNbZBvIhH4aJwkFjdsZ4s2ecchil7wlRuME3MKln7Uva6wxaOMOktCp6OykJNRyFqLqm2hlJSy/YqPieyA/dMQ0Alzsz3hLDaRZbfI9/9xnH0wodi7QnQ12b6YrdThJudN/qDd1HYFUNJQ18p8lB3Ligr/3JQ/+ixFyg7rpi5GVvVM33zCpnn71B0/GpHydJQ1F8EW3osjE0L4PtmK4XxaZOZP6kz5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZS7poxhjjPH+pgB1fxtMozC2VOuBVSxJeIHzsr1kuaY=; b=lGHwEFc3Fbw5AHj6NDL414FY2rkurfHzyfe9715c0pS1JigvzVIQ5P4NAXP1OE7qKBSUIv7pwCE7ovteMd77n5KNNrgBc6sLYAMfw/ST+K71HUyf+eVXUF5JYr3I5exS9+VkJdnjWZLo7lH4fCVHhfm1QaE/yNbfboqtgc6nOig=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by CH3PR11MB7865.namprd11.prod.outlook.com (2603:10b6:610:128::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Thu, 29 Jun 2023 13:36:04 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::a6a3:7e3b:903b:2035]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::a6a3:7e3b:903b:2035%5]) with mapi id 15.20.6521.024; Thu, 29 Jun 2023 13:36:04 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-restconf-client-server.all@ietf.org" <draft-ietf-netconf-restconf-client-server.all@ietf.org>
Thread-Topic: AD review of draft-ietf-netconf-restconf-client-server-29
Thread-Index: AdmqjUxd1twvXZ20SW6ylmjcLVdcVA==
Date: Thu, 29 Jun 2023 13:36:04 +0000
Message-ID: <BY5PR11MB41966C2099AC6C2F28A4B1E3B525A@BY5PR11MB4196.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4196:EE_|CH3PR11MB7865:EE_
x-ms-office365-filtering-correlation-id: ae0f882a-f5ca-46a5-7ee6-08db78a5c922
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Qwkt7/xnMFdf4yqUbfv2OPK6IqO4ISDERh70irEfqyM24e8LMPH2oW8seDReic22Ya4lsv4dLjEn59XPnwJI6dOfYIAb8xBEHVriXOKz3m1WHkrjKFu8MRTiDKbH8mFigD/I7j6Q1LLCB845PEgPH1OMrJkFSUIMnUPWgvM3vvGlTYOFTqLwGScRUmHoETH3dgYUNMtcCT5Io0Yngq+Fy6r3VcVAA6j1MFwGDUbG/QTR299nduIvciVYLS1e4sMTMXVlQ8IVMFi8lUQ7nAMXsg0ihoJJsore0RSghSN1Tn7Yn4SsKecO7DgRTQUV4LuJlI7hBmlXzZVMf4Puf3bDPOwqLxo1GPWlOKfRRztL37SVNkNP/m6giGMb8xTt9FKtZVLoPdePTBiWrxCrsMWo6u4n6Oz8dUjzMv1FgrAaCeOKmEt5atoQOyGaCzWpAUjHrjJrZSzTbelbhEMqauHRnU4nnysqZBBP0QvNPJQrmvj0KATjMAxCPxmjzepvsfZ1noQXs46FwST5VzXjAIe2hjODMUqZtX0810x9NiDdX/cb4WGq4y8pnkdf7gVHPXtWDLv2rchnnZH9zey2LVakkPydvUOmuYUuH2LB9iHIzAs0Yft5L8iUpPXxKs1vpT5R
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(376002)(346002)(366004)(39860400002)(136003)(396003)(451199021)(2906002)(186003)(7696005)(55016003)(30864003)(71200400001)(122000001)(9686003)(83380400001)(38100700002)(6506007)(86362001)(110136005)(41300700001)(38070700005)(478600001)(316002)(76116006)(66556008)(66446008)(66946007)(33656002)(64756008)(66476007)(450100002)(52536014)(5660300002)(8676002)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PmpC3nQ5lf+S4sUiAF2HWQ4WD0aBXPVs/ZAyRV8jn6HvGG/z56K09PmiUZooUy8kbhzK/2TcbwXlQSuJ0OPlYo1GAfPrqi58B9IipWyK/0FzTs2WHkv78t4DTtN6syOer3xMTVIWrsqxDg8UgL2yAG91t/gUSNp2C2e2dSu2sivlUHOpBkld9N1h83fXWZ0/F+/ET9FQHHcxBnGaDlUNA3L+fP2iCeelzo09YcAfp3EViT4PVivpobQgzITu1AnxIlqZhHdx1I0Rckyf2D4G+iFzxODBGiahnjEMHPoKgKK1gp3IcZjrPVl1X0ij36y3nZZdxxqh8ZwCGQNFJuLIZIBGL3UeGP+DlrTNnrfmh1WRCFGLdgUw06mEas/vF2gZoPvR39rLLd8aXSSI/sPspYVf+AFT54GWeRFB2M87+t6GBCNA+lcDqRWe3mwzlW6MXFqdBGJqozeBDlwAhE13rD0R/vuMpKAtn3Ypmga1sZW00JF9eBLLHKTlvkEBHNCABiD9QRYS4k4rrevSyry1ymNSfFNHcotoL7huGG8eGr75+nRDjbx36FCdDiQL6yvnn9C/0uZx8+1Wy9tmJpUuMLc+cEwqj+VmWIZgk3ecHIjAvcMPXwF0FpI6nkPUcSUUT1Pfbc08p2IHP9d/+nslJkS1AzHAQGCELaso5AVGIBM3wifNVrBWNZV5aYMes7Ef71QC+lXUSC6Uva8LuSqPFZykF3dT3qXJnrZW4FL4OTuKyLTS8+bodPBvKF0ax0bvqhW1jJmJL383ybohdDzxNQuGgu0lwzDKJKWf8STcfoyLYa5O0lqi9PZoVkhOpyaGY8KmaOJs6SYFJY8zFvHvxvqZ5heGLAfP51QH2daUiQJ2rqWAp+Kh5CBCPlmreb2CEFGUhtG2Ivd6YOEzzmxZ2bnYYRLtYteyIieAFrcNwhrfRW9sup8L+wTTAcKV8lzurNCp6nYWtq+Zcmb8wWVLoB80OsiufpER/nqA8we6KMgAa6ElA5cdTHYIXGIYkVg6L9hS4G+8YCFgzYEBSv2bxfhP9AJvzJuMHo665P14CIsaG6sTwZeJe5kXVyYxBJhWRF71N1+E08YIXyKr260RbNL3d+Uu/tOYJO65tOaXIOJ8h+k1tBR9O9lRlpvFIMIvWXBW0+3Zt3DovMyMA9aCvIH5n7HyhJmwlI47ffiy63nbiv6hXIF9N+fMYfhUT82qmap6GOBvLzkkq8Z1OvGrVOW2zh0GxkIpG4IWD6b+dcIxuHDOq8f/9EyPui8HtbE2VBvyb2U3eTuyRaNCTKEN+eetoFde3zlSJ+kY7oUvjATQQOlNOCeNn4YR4UqmUeRE3aJikv3+qDHGPrgkOA9X86i1q3FyxNFHu0dEwCJxb3Mj23mU3sKyRVrYWqk4BGDy6rICjoxZ1Plm0oYvvbQpf/A3o1WOqnXo8kY3R25K6rXE4nV7ODA28MLSmevPCMiPHstlcHeCIRCiJeyqtYcQ1caisZsUxu+R4UD5hZkWM1sWbxa6d0DsVau9TFnaIN/EdevM46e5ms6gGG/14cmrjsJMUm4nVI58zYcbHm71PK3SVvczyQsbIh0ikzPJRBu/Tux+KxBKqm30QsYWm6NQaxHK6rQFl+Mpcr6++8+pVEg=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ae0f882a-f5ca-46a5-7ee6-08db78a5c922
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jun 2023 13:36:04.2080 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: HA/40hiciFVTJ9h+5igD9MsE6K/zhdolV+NmD1c/bQ4wN12qcOtlc3tgkbOqitP2EeW32WvihUWrz9mK2yL9iw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7865
X-Outbound-SMTP-Client: 173.37.147.251, alln-opgw-3.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/sU-Qrnlvti62zzq1d0qOmEyJYp8>
Subject: [netconf] AD review of draft-ietf-netconf-restconf-client-server-29
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 13:36:12 -0000
Hi Kent,
Here is my AD review of draft-ietf-netconf-restconf-client-server-29.
Another draft that is also well written and a pleasure to review - thank you. Review comments:
Moderate level comments:
(1) p 0, sec
RESTCONF Client and Server Models
draft-ietf-netconf-restconf-client-server-29
I've not reflagged issues that have been flagged previously, and I presume that you will handle generically/consistently on all drafts (e.g., RFC editor guidance, relationship text, whether to highlight presence containers in the description).
(2) p 10, sec 2.1.3. Protocol-accessible Nodes
* The reason for why "restconf-client-app-grouping" exists separate
from the protocol-accessible nodes definition is so as to enable
instances of restconf-client-app-grouping to be instantiated in
other locations, as may be needed or desired by some modules.
In theory, this could be achieved by whether the module is "import-only" or "implemented" although I have to say that I don't really like the distinction - it seems to add complexity. An alternative, maybe cleaner, way of solving this could be to put the groupings into a separate "ietf-restconf-client-types" or "ietf-restconf-client-groupings" module separate from the module that defines the protocol nodes for the central client or server. E.g., I think that it would be a shame if all modules started to follow this module of having top-level if-feature statements.
(3) p 21, sec 2.3. YANG Module
choice connection-type {
mandatory true;
description
"Selects between available connection types.";
case persistent-connection {
Should there be an option for an "on-demand" connection? I.e., the details are stored centrally, but a connection is made if needed, and then it is closed (possibly after an idle timeout), if the connection is no longer needed. This comment also equivalently applies to the server part.
(4) p 23, sec 2.3. YANG Module
enum last-connected {
description
"Indicates that reconnections should start
with the endpoint last connected to. If
no previous connection has ever been
established, then the first endpoint
configured is used. RESTCONF clients
SHOULD be able to remember the last
endpoint connected to across reboots.";
}
The SHOULD be able to remember the last endpoint feels like somewhat of a (possibly unnecessary) burden to the client. I would prefer this to be a MAY, or something softer, or to better understand where this requirement is coming from.
(5) p 47, sec 4.1. The "ietf-restconf-client" YANG Module
None of the writable data nodes in this YANG module are considered
sensitive or vulnerable in network environments. The NACM "default-
deny-write" extension has not been set for any data nodes defined in
this module.
I think that this section (and the one below) must list the paths that are security sensitive in the groupings that it uses, i.e., just deferring the grouping definition is probably not sufficient to make readers sufficiently aware.
Minor level comments:
(6) p 6, sec 2.1.2.1. The "restconf-client-grouping" Grouping
* This grouping does not define any nodes, but is maintained so that
consuming modules can augment nodes into it if needed.
This probably should be reworded since the grouping doesn't help with augmentations. There is part of me that wonders whether the grouping is really helpful at all.
(7) p 9, sec 2.1.2.4. The "restconf-client-app-grouping" Grouping
* Both the "initiate" and "listen" subtrees must be enabled by
"feature" statements.
I find this text slightly unclear, i.e., I presume that this means that they are both predicated by feature statements rather than both features must be enabled when using this grouping.
(8) p 10, sec 2.1.3. Protocol-accessible Nodes
* The top-level node "restconf-client" is additionally constrained
by the feature "central-restconf-client-supported".
I wasn't sure whether 'central' is the best adjective here, possible alternative suggestions could be 'default' or 'common'.
(9) p 16, sec 2.3. YANG Module
feature https-listen {
description
"The 'https-listen' feature indicates that the RESTCONF client
supports opening a port to listen for incoming RESTCONF
server call-home connections. This feature exists as not
all RESTCONF clients may support RESTCONF call home.";
reference
"RFC 8071: NETCONF Call Home and RESTCONF Call Home";
}
To differentiate between these two features, the descriptions should probably clarify that they are listening for HTTPS vs HTTP connections.
(10) p 17, sec 2.3. YANG Module
grouping restconf-client-initiate-stack-grouping {
description
"A reusable grouping for configuring a RESTCONF client
'initiate' protocol stack for a single connection.";
Maybe 'single outbound connection', or 'single client connection', to differentiate from call-home?
(11) p 17, sec 2.3. YANG Module
choice transport {
mandatory true;
description
"Selects between available transports. This is a
'choice' statement so as to support additional
transport options to be augmented in.";
I'm not convinced that the second sentence should be in the YANG model (e.g., if it turns up in UI documentation), but is great in the prose that accompanies the module. If you agree to change in the module definition then it would make sense to change this in other places as well.
(12) p 17, sec 2.3. YANG Module
case https {
if-feature "https-initiate";
container https {
must 'tls-client-parameters/client-identity
or http-client-parameters/client-identity';
description
"Specifies HTTPS-specific transport
configuration.";
container tcp-client-parameters {
description
"A wrapper around the TCP client parameters
to avoid name collisions.";
uses tcpc:tcp-client-grouping {
refine "remote-port" {
default "443";
description
"The RESTCONF client will attempt to
connect to the IANA-assigned well-known
port value for 'https' (443) if no value
is specified.";
}
}
}
container tls-client-parameters {
description
"A wrapper around the TLS client parameters
to avoid name collisions.";
uses tlsc:tls-client-grouping;
}
Looking at these further and thinking about how they would get displayed in a UI, I wonder whether these containers would just be better described as "TLS client parameters" rather than mentioning what is really an implementation detail. If you agree to change this then I presume that you would update in other places and drafts to be consistent.
(13) p 18, sec 2.3. YANG Module
container http-client-parameters {
description
"A wrapper around the HTTP client parameters
to avoid name collisions.";
uses httpc:http-client-grouping;
}
container restconf-client-parameters {
description
"A wrapper around the RESTCONF client parameters
to avoid name collisions.
This container does not define any nodes. It
exists as a potential augmentation target by
other modules.";
I wasn't sure that the last paragraph is helpful here (and is already stated as part of the grouping), since if anyone does augment in extra nodes then it becomes misleading.
(14) p 22, sec 2.3. YANG Module
The RESTCONF client SHOULD gracefully close
the underlying TLS connection upon completing
planned activities.
For a periodic connection, how are the planned activities specified, initiated, or controlled? Having the periodic connection specified in this way seems a bit strange to me, and I'm struggling to understand exactly how it will be used and how everything dovetails together.
(15) p 26, sec 3.1.1. Features
Features:
+-- http-listen
+-- https-listen
+-- https-call-home
+-- central-restconf-server-supported
Similar to the client, I wasn't sure whether 'central' is the best adjective here, possible alternative suggestions could be 'default' or 'common'.
(16) p 26, sec 3.1.2.1. The "restconf-server-grouping" Grouping
* The "client-identity-mappings" node, which must be enabled by
"feature" statements, defines a mapping from certificate fields to
RESTCONF user names.
The comment about needing to be enabled via "feature" statements looks to be inaccurate, or otherwise I'm confused by it.
(17) p 28, sec 3.1.2.3. The "restconf-server-callhome-stack-grouping" Grouping
grouping restconf-server-callhome-stack-grouping:
+-- (transport)
+--:(https) {https-listen}?
+-- https
+-- tcp-client-parameters
| +---u tcpc:tcp-client-grouping
+-- tls-server-parameters
| +---u tlss:tls-server-grouping
+-- http-server-parameters
| +---u https:http-server-grouping
+-- restconf-server-parameters
+---u rcs:restconf-server-grouping
I just wanted to check, is 'https-listen' the right name for the feature statement? I had assumed that this configuration would be for an outbound connection rather than an inbound one, and to me listen implies inbound.
(18) p 29, sec 3.1.2.4. The "restconf-server-app-grouping" Grouping
grouping restconf-server-app-grouping:
+-- listen! {http-listen or https-listen}?
| +-- endpoint* [name]
| +-- name? string
| +---u restconf-server-listen-stack-grouping
+-- call-home! {https-call-home}?
+-- restconf-client* [name]
+-- name? string
+-- endpoints
| +-- endpoint* [name]
| +-- name? string
| +---u restconf-server-callhome-stack-grouping
+-- connection-type
| +-- (connection-type)
| +--:(persistent-connection)
| | +-- persistent!
| +--:(periodic-connection)
| +-- periodic!
| +-- period? uint16
| +-- anchor-time? yang:date-and-time
| +-- idle-timeout? uint16
+-- reconnect-strategy
+-- start-with? enumeration
+-- max-wait? uint16
+-- max-attempts? uint8
I've raised this in a previous review, but I wonder whether it would be helpful to also include the fully expanded groupings for your top-level groupings intended to be used by implementors, and maybe the top level "central" definition as well. These could end up being fairly long, but assuming that they do not wrap too much (to the point that they become unreadable), then these could just be included in an appendix.
(19) p 32, sec 3.2. Example Usage
<http-server-parameters>
<server-name>foo.example.com</server-name>
</http-server-parameters>
The remote-address field and server-name fields differ. Is this valid (and for the second endpoint below)?
(20) p 37, sec 3.3. YANG Module
feature https-listen {
description
"The 'https-listen' feature indicates that the RESTCONF server
supports opening a port to listen for incoming RESTCONF over
TLS client connections, whereby the TLS connections are
terminated by the server itself.";
reference
"RFC 8040: RESTCONF Protocol";
}
As per my previous comment, this description doesn't cover that it is also used in the call home stack.
(21) p 42, sec 3.3. YANG Module
grouping restconf-server-app-grouping {
description
"A reusable grouping for configuring a RESTCONF server
application that supports both 'listen' and 'call-home'
protocol stacks for a multiplicity of connections.";
container listen {
if-feature "http-listen or https-listen";
presence
"Identifies that the server has been configured to
listen for incoming client connections. This statement
is present so the mandatory descendant nodes do not
imply that this node must be configured.";
description
"Configures the RESTCONF server to listen for RESTCONF
client connections.";
list endpoint {
key "name";
min-elements 1;
description
"List of endpoints to listen for RESTCONF connections.";
leaf name {
type string;
description
"An arbitrary name for the RESTCONF listen endpoint.";
}
uses restconf-server-listen-stack-grouping;
}
}
Rather than having a presence container here, you could have just had endpoint be a list of 0 or more elements. A similar comment applies to the call-home container below.
I also note that there is an endpoints container wrapping the endpoints under call-home but not listen. Presumably this has been done because there are other leaves under call-home/restconf-client, but I'm not sure that you can guarantee that wouldn't ever be the case under listen as well. I.e., would having the containers in both places be more consistent?
(22) p 46, sec 3.3. YANG Module
enum last-connected {
description
"Indicates that reconnections should start with
the endpoint last connected to. If no previous
connection has ever been established, then the
first endpoint configured is used. RESTCONF
servers SHOULD be able to remember the last
endpoint connected to across reboots.";
Note, same comment about remembering the last endpoint applies here.
Nit level comments:
(23) p 19, sec 2.3. YANG Module
container tcp-server-parameters {
description
"A wrapper around the TCP client parameters
to avoid name collisions.";
s/client/server/?
(24) p 39, sec 3.3. YANG Module
description
"Identifies contact information for the external
system that terminates connections before passing
them thru to this server (e.g., a network address
translator or a load balancer). These values have
no effect on the local operation of this server,
but may be used by the application when needing to
inform other systems how to contact this server.";
s/thru/through/
Thanks,
Rob
- [netconf] AD review of draft-ietf-netconf-restcon… Rob Wilton (rwilton)
- Re: [netconf] AD review of draft-ietf-netconf-res… Kent Watsen
- Re: [netconf] AD review of draft-ietf-netconf-res… Mahesh Jethanandani
- Re: [netconf] AD review of draft-ietf-netconf-res… Kent Watsen