Re: [Netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-zerotouch-25: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 10 January 2019 18:34 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6C2C130F8A; Thu, 10 Jan 2019 10:34:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpAWueT003OF; Thu, 10 Jan 2019 10:34:55 -0800 (PST)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700121.outbound.protection.outlook.com [40.107.70.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47116130F89; Thu, 10 Jan 2019 10:34:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7VQXgbMgLcsgCYpobZJvhPN4nIr8FQnQWy0JtBPd+Lg=; b=j69ryRMI/rpzkwRz/eRQGuTp4c9o5LSikOTeHX2xLx+8Fl8BV1EHCJ7KklBHzxwnx0J5r3aj2isTAAqJwmp1ntWVdBeONYa4yrbG85YNfvIv/CXW1YdiZkM1S4NX99tm1Bb6hOWte3JRU0S/XEx5o8Odd/OMZX32U/jU2yjlvAY=
Received: from MWHPR01CA0026.prod.exchangelabs.com (2603:10b6:300:101::12) by DM5PR01MB2507.prod.exchangelabs.com (2603:10b6:3:3c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.14; Thu, 10 Jan 2019 18:34:52 +0000
Received: from CO1NAM03FT057.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::202) by MWHPR01CA0026.outlook.office365.com (2603:10b6:300:101::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1516.14 via Frontend Transport; Thu, 10 Jan 2019 18:34:51 +0000
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT057.mail.protection.outlook.com (10.152.81.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Thu, 10 Jan 2019 18:34:50 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0AIYiDl012797 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Jan 2019 13:34:47 -0500
Date: Thu, 10 Jan 2019 12:34:44 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Adam Roach <adam@nostrum.com>
CC: Dave Crocker <dcrocker@bbiw.net>, Kent Watsen <kwatsen@juniper.net>, Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>, "draft-ietf-netconf-zerotouch@ietf.org" <draft-ietf-netconf-zerotouch@ietf.org>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20190110183444.GN28515@kduck.mit.edu>
References: <F526DA60-77EC-45D6-ADE0-B345020A89BF@juniper.net> <20181230003002.GC57547@kduck.kaduk.org> <5DCD6C74-7918-45AB-BEA7-2C1A020B4411@juniper.net> <20190106050255.GJ28515@kduck.kaduk.org> <35A436B3-5D57-4015-A51E-5F9A1E349D31@juniper.net> <DAC627AC-8453-41D2-B95C-BC25746E66C1@juniper.net> <cc5adc78-6751-fabf-03d2-e0c65f8a6c91@bbiw.net> <F844EDFB-3E15-47FB-A714-06363B996FC2@juniper.net> <42cddba1-9f59-f19f-176f-197f0c0c0c96@bbiw.net> <32cfe06c-8204-a63a-263d-cb5b30a7a2fc@nostrum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <32cfe06c-8204-a63a-263d-cb5b30a7a2fc@nostrum.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39860400002)(376002)(396003)(136003)(346002)(2980300002)(189003)(199004)(356004)(8676002)(47776003)(4326008)(53546011)(104016004)(229853002)(956004)(11346002)(186003)(446003)(476003)(336012)(50466002)(426003)(26005)(6916009)(5660300001)(6666004)(2906002)(6346003)(76176011)(246002)(88552002)(75432002)(126002)(2870700001)(7696005)(8936002)(33656002)(86362001)(6246003)(23756003)(54906003)(305945005)(93886005)(36906005)(106002)(55016002)(486006)(6306002)(316002)(1076003)(26826003)(786003)(106466001)(478600001)(53416004)(58126008)(567974002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR01MB2507; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT057; 1:oqX9pKlPUv0v/+yMARssPpUQSz5eCEn8eV7bNCdjS837B9SpFNlqqrIWLa/gMPH4ok1A/JChH11XQ2722S2u2sqJJOHqRBMWSovodvPf2ZbZVcgEWHI8evUwNusxcxRO
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5603849e-c4a9-4b0a-06b7-08d6772a4f06
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:DM5PR01MB2507;
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2507; 3:wPmOkpgJoqn8Sav4M+uj/E4TWee+c7me6T2JyvS4AMxFWeLqu+DyCdiA7UDOCBFNrs3DKXqx0Y60jUR+nfiWMbaUi3zMkr1p3IT5JROXod/vzEkkva8VLGsqtFKozhV+FcVi8vtJ8Ioje1ZxurbTMQJ/h6x55G55S6/H1V5eKMccsYtBkJTNtwuCycEoMG93rqIw5JRwkBUXanaZZeA6N9D2CTenFA4cgeVraYDqwffI/XBlYD1T6sJgsd5OYOz9Ms6kESGj7VhkxDrTrQ0H++uAapYdXRXhOHM8kPbcVOFGBhTuNHpl9ouhZqqOGkQqTt+6rNvxC0SO+ys7rfV6T23gUSm3EiNmfM6m6ZfB7J4juCZQ9ubJkmhfX+WgCuUC; 25:+MLJvPFX3FL3I4VL6ZsnPY2ZtUh6GP0zklWAjPvaqPfhxiXxeEwFX5gQu4Lsb6Um3B/XMVO7hBuYPDETZaxeVaCzNfVFu4Np6lxfGGyF/JzXcnjYQEw/pKptZya4x2sGBBo3E0zcBgXk9PHmfVz7ZlF7RuS2A3Il4Cj6SPuCMOdmTB5RVLwF2VMh3Ep0eSLUlZFvEWzXQejnuEs3dioA7gnu0ee8X+G7DxH3zBKBwMti9pqs9H9mmOsud0saqSCC2K681nXqCD0zV+USuaDKJGaiyhRcrwQttoWGOMKiGwVCg5xCiHNcPBxB6WWWvqV+PuNDPvOoK1S5evemlfbemw==
X-MS-TrafficTypeDiagnostic: DM5PR01MB2507:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2507; 31:LPJOKvwwqEtfiPDA+41/u6Ex9d9aM0pSLTVxEj4wPzghCmd4VT+bc3borwEEbHGsG0Gdr5/xMhelndJJ+GKthTyfIppnGhAxkraN2bF/Q/EEbxpv+5gPHxwVZvjLvm5T7R5BGJvOHpVWcov7p9uyEGq9MHqk60Son1dcQvNSzaYa6Sbb1eTeviBiBSVkKjLITy0aIXzEACaXDLY2+oZYKccAKe8JAK5ileBol35sc1c=; 20:why5Ec7LmQ0jC/4pqsUUliHPtTYEvNhRiopvMIwe0BVBeEq52ZY3xSQWaGr+d4h0Kwl51L1m84Snq+sEdgrj8DTSqtyIqsvYVnk3N82/NE/S92RxTLlcZs4Hp2y/Lofuar3gZj6EwBn1PNZPn13JjogSt1sF+hMyzkFneZocp0EaMLwmHPCiY6YtmvuOjlHZDY0LxO7NwIkldWI17RkZvTkhTiHgYdEt7oEG6dbhKXVbXRkVqNg97O+Y3KtyXrHqjLR7t+RjRWjj4keKFfxuz9vmUvJ8H/68+SP6oxmYmaXeAEn6UekjuO3d/EUTtC3d67u2z9f76NqabMRyZZe4tHu/pDexMvU6Q2EBAM8M1OdQ2OfmW8IenC+Oz7l6uDBjnrdAnRuG4P2BpaRfBsZTFzkNKqg4XGxrAbKvDG/u+X2f+SXIp4dmcxir6QMRbKX6JiTE95S273CtlnH/2TY1O/2FiCXWis1i4i4/QzMux8f+0jIUIm2Der0TMiffzFen
X-Microsoft-Antispam-PRVS: <DM5PR01MB2507FE115E991F1BF1C2E9D0A0840@DM5PR01MB2507.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2507; 4:RE4XHOabDO1voa5oJnbzXG1RuJsy7DrQxNnZ6iyvPDQN6nwE1FiHK6u3L9uBN9QCiY0ijL6A6wjuYmwkWQ06yoqjRicJIaSd6w1h7D6d0iEMQx/UTrESZKbEiHW1YXkdJaU6YsrO9xutMjZxPOGE3xRw5cFknQY+ir0v6HFmaaSlSuBLAhzRNnEw1ALHcdCSN6zQPSwtPnq+HO3WpeWn623fvu1uTCU1xbNhM67FytYrfXi6npHNQzZieq0RnWsQqEetag+IIgszcAW6Ac2/zz1xJexOvHEdz5GL/bfU0rtKeZnvbbrvbt3GYM8BSNxT
X-Forefront-PRVS: 0913EA1D60
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2507; 23:loYSXgknfDmzRqZUSFSrXWEONm0sC9d4ggGOfrq+OcdivXWHpAfscsO5CW2GXEAmUmS9lzPSmvz25ZXsU4gfBaoAGWm7pPvPKl/2VPRXs24G0E7hjx/l4vZ+nHNXfDfpRGHJChr8MR0B1I8ZCXwnt5xKjJR7WVzqE+udo2OgV6LWxlP+VsXOzcoQERgJfmiC4TQi7G/w9rq3oa7QPAgoj1W93id++VNGr9xerWylOM5m1F100nLUpjvky9IDlL/03n4OmMMbXBT/b5WAeLz2q/oMcJuQyIC+DrjPv3Bte7EyMMAjb13yED2qDjk+onOB+sp+2BdnSpH4mopeOMlWQdCfY8KgVszdAxAc3vinklSCR9e8ylHvqkKIn4xvjngliN6ntBMoAOgVW8SiVolcJh7H6Tl/o8b+Jiq9i92rreKt+0fVWXgPwBkvDhs6H0C+uEofnCSdmVEcKMa7L6TZidO1tKZydrC7fDlQ3AvbOdBiBWITIdLQGpHT+SRZ29I3K+Ii5KrB9s8yge3b1DEJazF6gMLQ4o6Cdih8yeJLOqdHBBCA7zC3wvDRQgXJds2+W5V750dGKe2PRCZ9jTyhmoK9S37abiOEfyl6OEVHbyyZarhs6ku3jyeQnEkK/ZG2RK8Un99WD8dEg1/DeVZkdPwYOtbsfZU7khrYzAuNXcn4RhparyDPHhI6+dvRkTvvchINfaXowTMtQFsfmoavYOLcm+AFfx+jiS69iPFKgxRnrLHBxlgwtS/RLEa5NwYZAT+vG0xyNpkgvZf6TCWa2oBXoA1bwbQbzNX665i78v8bVS9K3LzPZmjTok/e6rav0WimFhFAJ+5qeqcidYK+BC/HMAF4jafDJXm3eZ8Wag0ocQrRUfhvc2kY5Yoc9ipczdAr+2iJ3VvJWDpt/rZpJZyVGjhOZ7xg0wrziy+DBgyuEw5GdhQmuDRVTQYRJJrl0vYVsHWtJ0n6DaqYWvhKpFHkZhMgFZPuaJoIj+czMT7AHPFlt2+19HeArdrUE+YMlRj/dhrYKl8s7NUdQkFU/84EyOs5E8SW74l0L3mYctFHDqGDKM2y/gg/RaGjZYXVYAt10kSC1CVc9etzvtgNMEmW+n/JrXOPpLUnegaMaeU0HDoOC2kS0slkM7ayTqGzy+f1g51obwkY39VG83Sja4WfB+RYNvK2Z2+i+Ifzz60b0zNsQokUFh8KjyxU3Bsb7lRzjTiV4L4+UZFtHuOfqzREToDz7MPN6wAbLlXKPwXA0H58t3IeYATK5y5O87ZySx4lqSBM9URUdS48DMLcOg==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 2bc3mS4YGDX0CR9T4MuiHaBrBd0L3kNX7iLaiup8UBo9+Zu8gQbPDqCPq8p95Uc6wL3/KT94JSKAAJ5qxMLPCIYz3mFEn7+rN0C6/uRwVViPoHuiccrYarOvFZosF1SWlW5Jby2wilJvPATFOEoxnbM45AAeh946LCpTcPTqt/WygWB3KkeuwclLB4E003IZ6bwMkTUpDvdf48/hS0aT8knU/TUpY9tj3mh3sa/hS69TRI7m0x3ORVNiYNF9+KT5wS6M9YitPxOE9wRe3GGhSC5EWBvqOgJ2Zpkm71rGzTbwZ1trHeW+GZ7hSFZUcDQV
X-Microsoft-Exchange-Diagnostics: 1; DM5PR01MB2507; 6:iJ9JX/BBYdYoqyB/cIvZqe6G1yIwBc+O4WKCSKw7WofHHoi6kq6VcotB/Qd/oF37wcJsaAfLmk4U0iCghX7AAysNYL3QxjcERqU01ikc/aIoiHiAkMMgMukdwzBxyiXvSnsXXnoWpnu5+XgaKcL2bKa+6y00RJ39q3TnXD48aMP/+RLCXfMg/ank8fviT4iDNgcwKtWcb5+xd3yuOpb/9mZgCUtB9XZ4sXDuN3RHfsebJGYOAFA+pid4EJhRzWP73DkHokaGO5U6Vf8THSqZg+kzIDjI0jxxJr+PihlbLKpQcnQ1LN7onNK6KCB5xzZT5ecAnMK+rBKjbA2YIB2LNA+vFj9ut7Vn4p9MCCc46RFwfOhLsXmYNjD+0EBXLVjBGSKXVEZ+XK2BweBA6D/RMKdh+2j//iULKdy4iOW6WfMX+96tvtMwsju4SDq1F7zh4AlVWolz4/bdmjAwaIHP8g==; 5:7BTWCyDVqLRHrHvxiGlBEZ63EQ/fs4vVuYxtC/yMVRKUc+H3u5iKLUAK5QukIUQ/VDN2l3WfDOQwXEmXfG3B8c+Dz+VDXL1uo2yHmcFijSxr6uomNDOipKhlmDMbDWvU0alLU08qMDaU8lHbL7Yr0LuaVGf57vYU/JCqFocn7cbjphYi5ugzn9tfBlq+7iJ0R/pdzivWnBE9xIDnLoO7ig==; 7:NFV/Xc83w1Os3fA0iX9AzX9mG2uXyMfdccbela7oodjgcTot7a1jMIC3OLXTYedbObdryUuHon/zi/puzKh3vLHtBEDHSIr07Fde37QbjlnL/FBsYIBpHsoAmvzNAfQ+t/3RU/hvqU7v+l/S2OhX0Q==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2019 18:34:50.9505 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5603849e-c4a9-4b0a-06b7-08d6772a4f06
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR01MB2507
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/wQ3n5hyqkxViBtMWJgRlg6NMIv8>
Subject: Re: [Netconf] Benjamin Kaduk's Discuss on draft-ietf-netconf-zerotouch-25: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 18:34:58 -0000

On Thu, Jan 10, 2019 at 12:22:03PM -0600, Adam Roach wrote:
> On 1/10/19 11:26 AM, Dave Crocker wrote:
> > On 1/9/2019 1:12 PM, Kent Watsen wrote:
> > ...
> >> To clarify, the draft uses DNS in two ways:
> >>
> >> 1) the first is for traditional SRV records, for which being under 
> >> _tcp makes sense.
> >
> > +1
> >> 2) the second is for TXT records that, of and in themselves, are not 
> >> describing a TCP service, so much as providing bootstrapping data, 
> >> that may or may not cause the device to initiate a subsequent 
> >> connection (TCP or otherwise). For this case, we also have the _sztp 
> >> record under _tcp, but *should* it be under the TLD instead?
> >
> > Absent deep involvement in the work of the spec, and just basing my 
> > view on the small bits of the spec I've read, I'd suggest dropping use 
> > of _tcp for the TXT and just using _sztp as a globally-scoped attrleaf 
> > node name, registering it in the new attrleaf registry. 
> 
> 
> I don't think this is right. Draft-ietf-netconf-zerotouch is explicitly 
> using DNS-SD procedures [1]. In turn, DNS-SD absolutely mandates the 
> presence of both SRV and TXT records with the same name [2]. So the 
> names need to match.

Whoops, that's totally an error on my part.  If we're explicitly doing
DNS-SD, then there's "nothing to see here".

Sorry for missing that.

-Benjamin

> Dave's assertion that the use of _sztp._tcp... is not under the purview 
> of draft-ietf-dnsop-attrleaf is correct [3]. The assumption in attrleaf 
> is that whatever document ends up registering a global underscored name 
> will provide guidance for those name elements that precede (are lower 
> down in the tree than) the global underscored name.
> 
> In the case of DNS-SD, both the SRV and TXT _tcp global leaf namespace 
> is clearly spelled out to be governed by 
> <http://www.iana.org/assignments/port-numbers> [4][5][6][7].
> 
> In short, unless we're making radical changes to zerotouch so that it no 
> longer uses RFC 6763, there is no valid path forward other than 
> registering a corresponding service in the IANA table cited above (such 
> as "sztp").
> 
> /a
> 
> ____
> [1] draft-ietf-netconf-zerotouch §4.2.1: "Devices claiming to support 
> DNS as a source of bootstrapping data MUST first query for 
> device-specific DNS records using DNS-SD [RFC6763]"
> 
> [2] RFC 6763 §6: "Every DNS-SD service MUST have a TXT record in 
> addition to its SRV record, with the same name"
> 
> [3] draft-ietf-dnsop-attrleaf §2: "Only global underscored names are 
> registered in the IANA Underscore Global table."
> 
> [4] draft-ietf-dnsop-attrleaf §4.3 defers authority for SRV/_tcp to RFC 
> 2782 and authority for TXT/_tcp to RFC 6763.
> 
> [5] RFC 6763 §7: "The first label of the pair is an underscore character 
> followed by the Service Name [RFC6335]."
> 
> [6] RFC 6335 §10, which is too long too reasonably quote here.
> 
> [7] RFC2782 §"The format of the SRV RR"; see definition of "Service", 
> with STD 2/RFC 1700 -> RFC 3232 -> iana.org
> 
>