Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 3D1411200CC
 for <netmod@ietfa.amsl.com>; Sun, 19 May 2019 23:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id B-kktIpqyKJs for <netmod@ietfa.amsl.com>;
 Sun, 19 May 2019 23:20:08 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de
 [212.201.44.20])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 6A19E120041
 for <netmod@ietf.org>; Sun, 19 May 2019 23:20:06 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222])
 by atlas5.jacobs-university.de (Postfix) with ESMTP id BDE4E64A;
 Mon, 20 May 2019 08:20:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217])
 by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new,
 port 10032)
 with ESMTP id YxkmSb5Of8kq; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de
 [212.201.44.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hermes.jacobs-university.de",
 Issuer "DFN-Verein Global Issuing CA" (verified OK))
 by atlas5.jacobs-university.de (Postfix) with ESMTPS;
 Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222])
 by hermes.jacobs-university.de (Postfix) with ESMTP id A81502011D;
 Mon, 20 May 2019 08:20:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23])
 by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new,
 port 10028)
 with ESMTP id aVoLlfmYfpVR; Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from exchange.jacobs-university.de
 (SXCHMB01.jacobs.jacobs-university.de [10.70.0.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "exchange.jacobs-university.de",
 Issuer "DFN-Verein Global Issuing CA" (verified OK))
 by hermes.jacobs-university.de (Postfix) with ESMTPS id 467912011B;
 Mon, 20 May 2019 08:20:04 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by
 sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Mon, 20 May 2019 08:20:03 +0200
Received: by anna.localdomain (Postfix, from userid 501)
 id 5832E300927AEF; Mon, 20 May 2019 08:20:03 +0200 (CEST)
Date: Mon, 20 May 2019 08:20:03 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Qin Wu <bill.wu@huawei.com>
CC: "netmod@ietf.org" <netmod@ietf.org>
Message-ID: <20190520062003.i4wl2f7ekx34lctn@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Qin Wu <bill.wu@huawei.com>,
 "netmod@ietf.org" <netmod@ietf.org>
References: <B8F9A780D330094D99AF023C5877DABAA4935F8C@nkgeml513-mbx.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAA4935F8C@nkgeml513-mbx.china.huawei.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB03.jacobs.jacobs-university.de (10.70.0.155) To
 sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/6-47easGa8zFpwP-IqvV-fUkufM>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-01.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>,
 <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>,
 <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 06:20:11 -0000

On Mon, May 20, 2019 at 05:57:02AM +0000, Qin Wu wrote:
> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> =E5=8F=91=E4=BB=B6=E4=BA=BA: Juergen Schoenwaelder [mailto:j.schoenwael=
der@jacobs-university.de]=20
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2019=E5=B9=B45=E6=9C=8817=E6=97=A5=
 19:15
> =E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu <bill.wu@huawei.com>
> =E6=8A=84=E9=80=81: netmod@ietf.org
> =E4=B8=BB=E9=A2=98: Re: [netmod] I-D Action: draft-ietf-netmod-factory-=
default-01.txt
>=20
> I think this does not work:
>=20
>       [...]  For <copy-config> operation,it can be used to copy
>       the factory default content to another datastore, however the
>       content of the datastore is not propagated automatically to any
>       other datastores.
>=20
> You can't change the way things work. If something is committed to lets=
 say <running>, then this triggers the propagation to <intended> and even=
tually <operational>. You can't come along and say that copy-config from =
a particular source stops this.
> [Qin]:Automatic propagation we were referred to is that when we have th=
ree datastores, let's say datastore A, datastore B, datastore C, one time=
 <copy-config> operation can not copy content of datastore A to datstore =
B and datastore C at the same time,
> But you are right, content of <running> will be automatically propagate=
d to <intended> and <operational>, we will see how to tweak the text.

This is not what the text says. And given the parameters of
copy-config, it is obvious that you can't copy to multiple datastores.
=20
> Is it really useful to expose factory default to copy config? Or said d=
ifferenlty, would it not make sense to fix copy-config (at some other
> place) so that it can generically work with new datastores?
> [Qin]: Note that this is just an option feature to <copy-config> to ass=
ign one single target datastore with factory default content, I am wonder=
ing why it can not be defined in this draft in a more generic way?
> Even in RFC6241bis or a separate draft, if you add this feature support=
 to <copy-config>, you will augment <copy-config> in the same way, if my =
understanding is correct.

No. You would allow any datastore, not a specific one.

>    The content of the factory-default datastore is usually not security
>    sensitive as it is the same on any device of a certain type.
>=20
> I am not sure this is true.
>=20
> For non-trivial devices, the default is likely not static but something=
 that takes into account device features available and the specific hardw=
are configuration present. It is actually somewhat unclear what the facto=
ry-default datastore contains; the stuff I can expect to see in <running>=
 after the reset or some static stuff that may be tweaked during the boot=
 process to yield the initial <running>.
> Or are we pretending these two are always the same?
> [Qin]: We emphasize "usually not", to address your comments, we could a=
dd:
> "
> When its contents are considered sensitive, It is RECOMMENDED that the =
factory default=20
> Data is encrypted."

You propose to invent another layer of encryption???

/js

--=20
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>