IETF Logo Mail Archive

Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Mon, 20 May 2019 06:20 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D1411200CC for <netmod@ietfa.amsl.com>; Sun, 19 May 2019 23:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-kktIpqyKJs for <netmod@ietfa.amsl.com>; Sun, 19 May 2019 23:20:08 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A19E120041 for <netmod@ietf.org>; Sun, 19 May 2019 23:20:06 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id BDE4E64A; Mon, 20 May 2019 08:20:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id YxkmSb5Of8kq; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id A81502011D; Mon, 20 May 2019 08:20:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id aVoLlfmYfpVR; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from exchange.jacobs-university.de (SXCHMB01.jacobs.jacobs-university.de [10.70.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id 467912011B; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 20 May 2019 08:20:03 +0200
Received: by anna.localdomain (Postfix, from userid 501) id 5832E300927AEF; Mon, 20 May 2019 08:20:03 +0200 (CEST)
Date: Mon, 20 May 2019 08:20:03 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Qin Wu <bill.wu@huawei.com>
CC: "netmod@ietf.org" <netmod@ietf.org>
Message-ID: <20190520062003.i4wl2f7ekx34lctn@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Qin Wu <bill.wu@huawei.com>, "netmod@ietf.org" <netmod@ietf.org>
References: <B8F9A780D330094D99AF023C5877DABAA4935F8C@nkgeml513-mbx.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAA4935F8C@nkgeml513-mbx.china.huawei.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB03.jacobs.jacobs-university.de (10.70.0.155) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/6-47easGa8zFpwP-IqvV-fUkufM>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 06:20:11 -0000

On Mon, May 20, 2019 at 05:57:02AM +0000, Qin Wu wrote:
> -----邮件原件-----
> 发件人: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] 
> 发送时间: 2019年5月17日 19:15
> 收件人: Qin Wu <bill.wu@huawei.com>
> 抄送: netmod@ietf.org
> 主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
> 
> I think this does not work:
> 
>       [...]  For <copy-config> operation,it can be used to copy
>       the factory default content to another datastore, however the
>       content of the datastore is not propagated automatically to any
>       other datastores.
> 
> You can't change the way things work. If something is committed to lets say <running>, then this triggers the propagation to <intended> and eventually <operational>. You can't come along and say that copy-config from a particular source stops this.
> [Qin]:Automatic propagation we were referred to is that when we have three datastores, let's say datastore A, datastore B, datastore C, one time <copy-config> operation can not copy content of datastore A to datstore B and datastore C at the same time,
> But you are right, content of <running> will be automatically propagated to <intended> and <operational>, we will see how to tweak the text.

This is not what the text says. And given the parameters of
copy-config, it is obvious that you can't copy to multiple datastores.
 
> Is it really useful to expose factory default to copy config? Or said differenlty, would it not make sense to fix copy-config (at some other
> place) so that it can generically work with new datastores?
> [Qin]: Note that this is just an option feature to <copy-config> to assign one single target datastore with factory default content, I am wondering why it can not be defined in this draft in a more generic way?
> Even in RFC6241bis or a separate draft, if you add this feature support to <copy-config>, you will augment <copy-config> in the same way, if my understanding is correct.

No. You would allow any datastore, not a specific one.

>    The content of the factory-default datastore is usually not security
>    sensitive as it is the same on any device of a certain type.
> 
> I am not sure this is true.
> 
> For non-trivial devices, the default is likely not static but something that takes into account device features available and the specific hardware configuration present. It is actually somewhat unclear what the factory-default datastore contains; the stuff I can expect to see in <running> after the reset or some static stuff that may be tweaked during the boot process to yield the initial <running>.
> Or are we pretending these two are always the same?
> [Qin]: We emphasize "usually not", to address your comments, we could add:
> "
> When its contents are considered sensitive, It is RECOMMENDED that the factory default 
> Data is encrypted."

You propose to invent another layer of encryption???

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email