Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11
"Reshad Rahman (rrahman)" <rrahman@cisco.com> Thu, 10 January 2019 13:44 UTC
Return-Path: <rrahman@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C3C130EFC; Thu, 10 Jan 2019 05:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.052
X-Spam-Level:
X-Spam-Status: No, score=-19.052 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEufRh1XMbcL; Thu, 10 Jan 2019 05:44:32 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B64C3130EEC; Thu, 10 Jan 2019 05:44:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=36062; q=dns/txt; s=iport; t=1547127871; x=1548337471; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=wiHivxAtgh7U/HWF6tTNnazC76G4EdEsavQEE22iUak=; b=aY5YIN2Y7a2xmezNAH5QyrYA+S4987/lOfq3kaYtbcFhiPWS+osq4x82 kS18039de8li2oISW1YLDApCxAreHsQczhFNZL106inJkoD9Cwhgv0tXQ AfM52cVgFOsuEk/HtkvncbobwmSd9CPE0Kh7/dtv2MPREea5QSHO0fj05 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AFAAC5Szdc/40NJK1aCRkBAQEBAQEBAQEBAQEHAQEBAQEBgVIDAQEBAQELAYENTSlmgQInCoN2lAmCDZd3gXsLAQEshEACF4INIjUIDQEDAQECAQECbSiFSgEBAQQjBFIQAgEIEQMBAg4TBwMCAgIwFAkIAgQBDQWCV0sBgR1krD98M4o2jD8XgUA/gREnH4FOfoRXQQkWglMxggQiAo9chmaLMwkCkX0YgWSFJIdwgwSJbpBMAhEUgScgATaBVnAVZQGCQYIiBReBAAEHjRUBcoEoiAcBgR4BAQ
X-IronPort-AV: E=Sophos;i="5.56,461,1539648000"; d="scan'208,217";a="419397259"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jan 2019 13:44:08 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x0ADi8wH010965 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Jan 2019 13:44:08 GMT
Received: from xch-rcd-005.cisco.com (173.37.102.15) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 10 Jan 2019 07:44:08 -0600
Received: from xch-rcd-005.cisco.com ([173.37.102.15]) by XCH-RCD-005.cisco.com ([173.37.102.15]) with mapi id 15.00.1395.000; Thu, 10 Jan 2019 07:44:08 -0600
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: "Robert Wilton -X (rwilton - ENSOFT LIMITED at Cisco)" <rwilton@cisco.com>, "yang-doctors@ietf.org" <yang-doctors@ietf.org>
CC: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-restconf-notif.all@ietf.org" <draft-ietf-netconf-restconf-notif.all@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11
Thread-Index: AQHUprCFOch/e2rpE06mX+DnhAHT46WmFGWAgAKebQD//+WkgA==
Date: Thu, 10 Jan 2019 13:44:07 +0000
Message-ID: <BEB99447-A306-4B96-9BAE-1D5C17380561@cisco.com>
References: <154688301471.23184.11003837983933531435@ietfa.amsl.com> <D7FCDD18-260A-40E6-8EF1-0485083FE21B@cisco.com> <dfd6dda9-e67f-1969-e43a-edfd92ef37d5@cisco.com>
In-Reply-To: <dfd6dda9-e67f-1969-e43a-edfd92ef37d5@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.5.181209
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.212.37]
Content-Type: multipart/alternative; boundary="_000_BEB99447A3064B969BAE1D5C17380561ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.18, xch-aln-008.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/tTXw2qK1QUZyhC19bEWEVGWFJ_M>
Subject: Re: [Netconf] Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 13:44:35 -0000
Hi Rob, Inline. From: Robert Wilton <rwilton@cisco.com> Date: Thursday, January 10, 2019 at 5:18 AM To: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "yang-doctors@ietf.org" <yang-doctors@ietf.org> Cc: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-restconf-notif.all@ietf.org" <draft-ietf-netconf-restconf-notif.all@ietf.org> Subject: Re: Yangdoctors last call review of draft-ietf-netconf-restconf-notif-11 Hi Reshad, Please see inline ... On 08/01/2019 23:18, Reshad Rahman (rrahman) wrote: Hi Rob, Thanks again for the review, inline. On 2019-01-07, 12:43 PM, "Robert Wilton" <rwilton@cisco.com><mailto:rwilton@cisco.com> wrote: Reviewer: Robert Wilton Review result: Ready with Issues I have reviewed this document as part of the YANG doctors directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. This document and the associated YANG module looks like it is in good shape to me. The two minor issues that I had that I think need to be resolved are: - The section 3.4 handling subscriptions by admin users wasn't intuitive to me (relative to what is stated in draft-ietf-netconf-subscribed-notifications). Specifically what should an admin user be allowed to do vs the client that initiated the subscription. - Section 4 on HTTP2 QoS seemed unclear to me. <RR> See below for response on the issues above. I think that all my other comments are really just nits: 1) Section 3.2 Discovery, last paragraph. Would it be better for this to reference draft-ietf-netconf-nmda-restconf, section 2 and '/yang-libary/datastore' draft-ietf-netconf-rfc7895bis, section 3? <RR> I can add section 2 in the reference to nmda-restconf. I don't think the transport drafts need to reference 7895/bis, please note that YP already references 7895. OK, sounds reasonable. Off topic for this thread, but 7895bis should be published soon, and it obsoletes 7895, so should YP be updated to reference 7895bis? <RR2> I believe so, I’ll forward this to the YP authors. 2) RPC table in section 3.3. The identity for "kill-subscription" should probably be "delete-subscription-error" since "kill-subscription-error" isn't defined. <RR> Good catch. 3) Diagram in 3.4. It wasn't immediately obvious to me that the vertical lines in the lined up with connections (a) and (b). I'm not sure whether it is worth adding a comment to make this more explicit. I figured it out whilst reading the text below, perhaps most other readers would also do so. <RR> I'll try to make it clearer. 4) Section 3.4, bottom of page 7, "must be sent within (b)" -> "MUST be sent within (b)" <RR> Yes. 5) Section 3.4: o RPCs modify-subscription, resync-subscription and delete- subscription can only be done by the same RESTCONF username [RFC8040] who did the establish-subscription, or by a RESTCONF username with the required administrative permissions. The latter also has access to the kill-subscription RPC. Just to check, is it true that any RESTCONF username with the required permissions is allowed to invoke the "delete-subscription" RPC? Or should this be restricted to same RESTCONF username? In fact, I was wondering whether an administrator should be allowed to invoke modify-subscription or resync-subscription, or whether they should be restricted to kill-subscription only? <RR> I do not see the benefit of restricting what an admin user can do. E.g. the admin may want to decrease the frequency of a periodic subscription. I had a couple of concerns: 1) Trying to align the RESTCONF handling of these RPCs to the behaviour specified in draft-ietf-netconf-subscribed-notifications and draft-ietf-netconf-netconf-event-notifications. 2) If NACM is used as the access control mechanism, then any client that has access to the <*-subscription> RPCs is allowed to invoke them for any subscription, unless additional checking is performed. However, I appreciate that this extra checking could be more difficult/expensive to implement on some platforms. <RR2> Having perfect alignment is problematic because there are no transport sessions in RESTCONF, that’s why the username/NACM method was proposed by a few people. But I do agree that your point 2) is an issue and your proposed text below addresses that, so I’ll make the change. Regards, Reshad. Considering both of these, would the following rewording of the paragraph be better? OLD: o RPCs modify-subscription, resync-subscription and delete- subscription can only be done by the same RESTCONF username [RFC8040] who did the establish-subscription, or by a RESTCONF username with the required administrative permissions. The latter also has access to the kill-subscription RPC. NEW: o In addition to any required access permissions (e.g., NACM), RPCs modify-subscription, resync-subscription and delete-subscription SHOULD only be allowed by the same RESTCONF username [RFC8040] who invoked establish-subscription. o The kill-subscription RPC can be invoked by any RESTCONF username with the required administrative permissions. 6) Section 4 is unclear to me: - The paragraph starting "take any existing subscription "priority" ..." states that the "dscp" field is copied into the HTTP2 stream priority, but I couldn't find such a field in section 5.3 of RFC7540. Hence, I was wondering whether this paragraph shouldn't instead be stating the the "weighting" field is copied into the HTTP2 stream priority header? E.g. OLD: o take any existing subscription "priority", as specified by the "dscp" leaf node in [I-D.draft-ietf-netconf-subscribed-notifications], and copy it into the HTTP2 stream priority, [RFC7540] section 5.3, and NEW: o take any existing subscription "priority", as specified by the "weighting" leaf node in [I-D.draft-ietf-netconf-subscribed-notifications], and copy it into the HTTP2 stream weight, [RFC7540] section 5.3, and <RR> Good catch. There is also no mention of how the "E" (Exclusive) bit should be set in the HTTP2 stream headers. Is this an omission? <RR> It is an omission, implied that it's not used. I can add text stating that it's set to 0. OK. 7) Section 6 doesn't contain any YANG Tree output. Probably time to put that in, but I would suggest not putting in the entire tree output, just the relevant snippets. If you want to include the full tree output then I would suggest putting in an appendix instead. The text in this section describing the YANG model needs to be fixed since the YANG module doesn't actually define any identities. <RR> I believe the YANG module was changed but not the text. Will fix and add the tree diagram. 8) Section 7, YANG module comments Just nits: 8.1) Check line length of the file, it looks like it goes over 69 characters. - In particular, the namespace statement might need to be split. - The module description text indentation looks off on the first line, and probably needs to be re-flowed. - Some of the other descriptions look wide. 8.2) The description for "subscription-modified" doesn't quite scan (as it goes over the line break). 9) One of the filter examples appendix A.3 is clearly over 72 characters, suggest spliting. <RR> Ack. Regards, Reshad. Thanks, Rob Thanks, Rob
- [Netconf] Yangdoctors last call review of draft-i… Robert Wilton
- Re: [Netconf] Yangdoctors last call review of dra… Reshad Rahman (rrahman)
- Re: [Netconf] Yangdoctors last call review of dra… Reshad Rahman (rrahman)
- Re: [Netconf] Yangdoctors last call review of dra… Robert Wilton
- Re: [Netconf] Yangdoctors last call review of dra… Reshad Rahman (rrahman)