Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11

"Reshad Rahman (rrahman)" <> Thu, 10 January 2019 13:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 95C3C130EFC; Thu, 10 Jan 2019 05:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -19.052
X-Spam-Status: No, score=-19.052 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tEufRh1XMbcL; Thu, 10 Jan 2019 05:44:32 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B64C3130EEC; Thu, 10 Jan 2019 05:44:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=36062; q=dns/txt; s=iport; t=1547127871; x=1548337471; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=wiHivxAtgh7U/HWF6tTNnazC76G4EdEsavQEE22iUak=; b=aY5YIN2Y7a2xmezNAH5QyrYA+S4987/lOfq3kaYtbcFhiPWS+osq4x82 kS18039de8li2oISW1YLDApCxAreHsQczhFNZL106inJkoD9Cwhgv0tXQ AfM52cVgFOsuEk/HtkvncbobwmSd9CPE0Kh7/dtv2MPREea5QSHO0fj05 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAAC5Szdc/40NJK1aCRkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQEBgVIDAQEBAQELAYENTSlmgQInCoN2lAmCDZd3gXsLAQE?= =?us-ascii?q?shEACF4INIjUIDQEDAQECAQECbSiFSgEBAQQjBFIQAgEIEQMBAg4TBwMCAgI?= =?us-ascii?q?wFAkIAgQBDQWCV0sBgR1krD98M4o2jD8XgUA/gREnH4FOfoRXQQkWglMxggQ?= =?us-ascii?q?iAo9chmaLMwkCkX0YgWSFJIdwgwSJbpBMAhEUgScgATaBVnAVZQGCQYIiBRe?= =?us-ascii?q?BAAEHjRUBcoEoiAcBgR4BAQ?=
X-IronPort-AV: E=Sophos;i="5.56,461,1539648000"; d="scan'208,217";a="419397259"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jan 2019 13:44:08 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x0ADi8wH010965 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Jan 2019 13:44:08 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 10 Jan 2019 07:44:08 -0600
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Thu, 10 Jan 2019 07:44:08 -0600
From: "Reshad Rahman (rrahman)" <>
To: "Robert Wilton -X (rwilton - ENSOFT LIMITED at Cisco)" <>, "" <>
CC: "" <>, "" <>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11
Thread-Index: AQHUprCFOch/e2rpE06mX+DnhAHT46WmFGWAgAKebQD//+WkgA==
Date: Thu, 10 Jan 2019 13:44:07 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_BEB99447A3064B969BAE1D5C17380561ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Jan 2019 13:44:35 -0000

Hi Rob,


From: Robert Wilton <>
Date: Thursday, January 10, 2019 at 5:18 AM
To: "Reshad Rahman (rrahman)" <>om>, "" <>
Cc: "" <>rg>, "" <>
Subject: Re: Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11

Hi Reshad,

Please see inline ...
On 08/01/2019 23:18, Reshad Rahman (rrahman) wrote:

Hi Rob,

Thanks again for the review, inline.

On 2019-01-07, 12:43 PM, "Robert Wilton" <><> wrote:

    Reviewer: Robert Wilton

    Review result: Ready with Issues

    I have reviewed this document as part of the YANG doctors directorate's

    ongoing effort to review all IETF documents being processed by the IESG.  These

    comments were written with the intent of improving the operational aspects of

    the IETF drafts. Comments that are not addressed in last call may be included

    in AD reviews during the IESG review.  Document editors and WG chairs should

    treat these comments just like any other last call comments.

    This document and the associated YANG module looks like it is in good shape to


    The two minor issues that I had that I think need to be resolved are:

    - The section 3.4 handling subscriptions by admin users wasn't intuitive to me

    (relative to what is stated in draft-ietf-netconf-subscribed-notifications).

    Specifically what should an admin user be allowed to do vs the client that

    initiated the subscription. - Section 4 on HTTP2 QoS seemed unclear to me.

<RR> See below for response on the issues above.

    I think that all my other comments are really just nits:

    1) Section 3.2 Discovery, last paragraph.

    Would it be better for this to reference draft-ietf-netconf-nmda-restconf,

    section 2 and '/yang-libary/datastore' draft-ietf-netconf-rfc7895bis, section 3?

<RR> I can add section 2 in the reference to nmda-restconf. I don't think the transport drafts need to reference 7895/bis, please note that YP already references 7895.

OK, sounds reasonable.

Off topic for this thread, but 7895bis should be published soon, and it obsoletes 7895, so should YP be updated to reference 7895bis?

<RR2> I believe so, I’ll forward this to the YP authors.

    2) RPC table in section 3.3.  The identity for "kill-subscription" should

    probably be "delete-subscription-error" since "kill-subscription-error" isn't


<RR> Good catch.

    3) Diagram in 3.4.  It wasn't immediately obvious to me that the vertical lines

    in the lined up with connections (a) and (b).  I'm not sure whether it is worth

    adding a comment to make this more explicit.  I figured it out whilst reading

    the text below, perhaps most other readers would also do so.

<RR> I'll try to make it clearer.

    4) Section 3.4, bottom of page 7, "must be sent within (b)" -> "MUST be sent

    within (b)"

<RR> Yes.

    5) Section 3.4:

       o  RPCs modify-subscription, resync-subscription and delete-

          subscription can only be done by the same RESTCONF username

          [RFC8040] who did the establish-subscription, or by a RESTCONF

          username with the required administrative permissions.  The latter

          also has access to the kill-subscription RPC.

    Just to check, is it true that any RESTCONF username with the required

    permissions is allowed to invoke the "delete-subscription" RPC?  Or should this

    be restricted to same RESTCONF username?  In fact, I was wondering whether an

    administrator should be allowed to invoke modify-subscription or

    resync-subscription, or whether they should be restricted to kill-subscription


<RR> I do not see the benefit of restricting what an admin user can do. E.g. the admin may want to decrease the frequency of a periodic subscription.

I had a couple of concerns:
 1) Trying to align the RESTCONF handling of these RPCs to the behaviour specified in draft-ietf-netconf-subscribed-notifications and draft-ietf-netconf-netconf-event-notifications.
2) If NACM is used as the access control mechanism, then any client that has access to the <*-subscription> RPCs is allowed to invoke them for any subscription, unless additional checking is performed.  However, I appreciate that this extra checking could be more difficult/expensive to implement on some platforms.

<RR2> Having perfect alignment is problematic because there are no transport sessions in RESTCONF, that’s why the username/NACM method was proposed by a few people. But I do agree that your point 2) is an issue and your proposed text below addresses that, so I’ll make the change.



Considering both of these, would the following rewording of the paragraph be better?


       o  RPCs modify-subscription, resync-subscription and delete-

          subscription can only be done by the same RESTCONF username

          [RFC8040] who did the establish-subscription, or by a RESTCONF

          username with the required administrative permissions.  The latter

          also has access to the kill-subscription RPC.


   o  In addition to any required access permissions (e.g., NACM),

      RPCs modify-subscription, resync-subscription and

      delete-subscription SHOULD only be allowed by the same RESTCONF

      username [RFC8040] who invoked establish-subscription.

   o  The kill-subscription RPC can be invoked by any RESTCONF

      username with the required administrative permissions.

    6) Section 4 is unclear to me:

     - The paragraph starting "take any existing subscription "priority" ..."

     states that the "dscp" field is copied into the HTTP2 stream priority, but I

     couldn't find such a field in section 5.3 of RFC7540.  Hence, I was wondering

     whether this paragraph shouldn't instead be stating the the "weighting" field

     is copied into the HTTP2 stream priority header?



       o  take any existing subscription "priority", as specified by the

          "dscp" leaf node in

          [I-D.draft-ietf-netconf-subscribed-notifications], and copy it

          into the HTTP2 stream priority, [RFC7540] section 5.3, and


       o  take any existing subscription "priority", as specified by the

          "weighting" leaf node in

          [I-D.draft-ietf-netconf-subscribed-notifications], and copy it

          into the HTTP2 stream weight, [RFC7540] section 5.3, and

 <RR> Good catch.

    There is also no mention of how the "E" (Exclusive) bit should be set in the

    HTTP2 stream headers.  Is this an omission?

<RR> It is an omission, implied that it's not used. I can add text stating that it's set to 0.


    7) Section 6 doesn't contain any YANG Tree output.  Probably time to put that

    in, but I would suggest not putting in the entire tree output, just the

    relevant snippets.  If you want to include the full tree output then I would

    suggest putting in an appendix instead.  The text in this section describing

    the YANG model needs to be fixed since the YANG module doesn't actually define

    any identities.

<RR> I believe the YANG module was changed but not the text. Will fix and add the tree diagram.

    8) Section 7, YANG module comments

    Just nits:

    8.1) Check line length of the file, it looks like it goes over 69 characters.

     - In particular, the namespace statement might need to be split.

     - The module description text indentation looks off on the first line, and

     probably needs to be re-flowed. - Some of the other descriptions look wide.

    8.2) The description for "subscription-modified" doesn't quite scan (as it goes

    over the line break).

    9) One of the filter examples appendix A.3 is clearly over 72 characters,

    suggest spliting.

<RR> Ack.