IETF Logo Mail Archive

Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 23 March 2022 21:16 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 565D13A1036 for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 14:16:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1R05zvDbPn4r for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 14:16:08 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1990D3A102B for <netmod@ietf.org>; Wed, 23 Mar 2022 14:16:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NI+bOgdKIC7kZ3GWTRXPrDEcZSdWHPl66bgkkfdJHh1mfUrqz0g8m4IDgNFglh8AqhXrFh4d365RTim0dTPDaSnwM64FP20vWpkWrLHM4nfn6mULxyQq82ECetLRQCezXCRKDaRRu/HRLzShzg1ygXOTW98P2bZQ+sRUbh4YUEAV4VPceA7CF2+qHC7OHFEl6nxdQvZbPLumwnvuT38IhK1uwFjoNPyJmT3eZG5lujR0GRZbR1edMWSav+61fdQoprGEZfGQqQiD+6JMx1O0vV1k/dKBIGoiarM68Cevky5Gmz2T+wJpvlX1ooP5PewTWDiFniGfk56dE/1sQpUzNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=teTfVw4XqiRRzJ/Vf2FeAEdfmjdUCpD8JernHDEEs8w=; b=k/StdPopSp2pUxxlxQlA4oRpOg9SFn4ODzn+5cYsdiZ4m+QW/T13OTH0oSoSx0ZBCMTU5DOgt/Q32nefqIjZIK2f7qqpMXSMjx3eKRI3XKzXx4Z+eeFR8effvGn5wtuYAsoqUm/Dhta6f0cxM1tSSDxnBCSWD4T//ybpz3yT003mOpbJb+sEERQ31ZSE2KP1uv05BVp0cN6kp95/AvXiX5dXu8S6ExLwT/+1Tx1pjHd2FCkR/meNOVjSNeYAIPwzVwMG+xi7WI/JZo9sZU+MdC9Fs40DH40C3i7anL2r5FWIw9RGnWMOENA3/ujMS3I/A6C+fukkCOUWgbbz/DsUFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=teTfVw4XqiRRzJ/Vf2FeAEdfmjdUCpD8JernHDEEs8w=; b=XN2wOJeQCsu0gPfMi0eAGvlQakkKUVW/uZgs+gmwaOtB6YgaV9MRlXFsnUlz8aVerXGDnUCT0++0tAKBclVKbmGeT67KORtJT5mEJuScg3PAfH6D8+Lo4O7LRr84ls3Mu+2w6JjlacfBTxM4CajhTwIk9zNVL3x/20yIhnpR7FY=
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com (2603:10a6:800:6b::18) by DB9PR07MB7804.eurprd07.prod.outlook.com (2603:10a6:10:26d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.7; Wed, 23 Mar 2022 21:15:58 +0000
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2]) by VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2%6]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 21:15:58 +0000
From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= <balazs.lengyel@ericsson.com>
To: Andy Bierman <andy@yumaworks.com>, NetMod WG <netmod@ietf.org>
Thread-Topic: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
Thread-Index: AQHYPvIQIDcZg301ck2evcS37rlEr6zNduPA
Date: Wed, 23 Mar 2022 21:15:58 +0000
Message-ID: <VI1PR0701MB2351A430BA5F2EEFE96CE094F0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com>
In-Reply-To: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a72f0ba8-d561-4105-b0fd-08da0d125383
x-ms-traffictypediagnostic: DB9PR07MB7804:EE_
x-microsoft-antispam-prvs: <DB9PR07MB780424BA674358710EF540C3F0189@DB9PR07MB7804.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PZ9wkGPvhjwCk5oPY1KUlw9tVtwa2YfeQ05u6/67BxKjxE6mU66Eo9r1LRfsFngEsEHbCo0F/WutAw8gWCVnzR16ialSF4EHo+km0ATGUloP455pKMXkpwVWJPkXpM0+Se6Vi+BEmEpw8DRaGXge+3dsZ/9jK//WgXmKeCBTM+zaJQkvZfwfLPNAP7xanVOBdd4XHC5qwpnFiN7fd/iZ/vN/YLSSaN2L5fs6W67/SEf+Q6VcnVqF4L9rk/b7d2Ktoz7kvKEvWH6Nq3Iam1XTopLsNc5e75Uqlb3UQmX0JOnllIxZCgwwFPus3MxLujSGIVV2mkjYVvt9hbyAwTZKHoW5r+Uxj6DIUQQUpDEwKoZALVgo9DvIkwfg00fZFkaZDEgT6m7aF4EE4L1y94VbJmBeGROXTiiysT2hVO2/R88Te5Fp4SVw0+03SweMyvzbjGS7r5DXVTnaRZIep5kcXKnTaQZjhQg8lOAVzw390VfFNFdUw+fLII571VqCqqLgd94qFBI7NAPm8MbqGprvVImBoP2Y3riXu8v+2AHjPyaqPcmrDJhxFRxwi+xaTKIcwi35S3j2rI4XxcdCrXKs2GTZ0B0Xn31sazmo6AvgWVfNJyyOJ0f0YAGsdezZDYAK9SndqfFtR/11gC3H17a5t4UJpy52UzJBOzjt8tQJgIBCj6qCQLpuVeIEywbxuXFIE1bJjRlByImXrQ+MlUXLnhKeE0GejklDb3vm3iJVLuqylXpWMRv9t7qx+PNDz016pmc1QKlQypDFTXIx7ZoHR5CdtrjYECGLpyBYWXiIh9E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2351.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(82960400001)(166002)(52536014)(9326002)(2906002)(508600001)(55016003)(85202003)(85182001)(966005)(33656002)(71200400001)(66556008)(66946007)(76116006)(66476007)(5660300002)(38100700002)(9686003)(83380400001)(26005)(110136005)(122000001)(66446008)(53546011)(8676002)(7696005)(316002)(8936002)(6506007)(64756008)(186003)(86362001)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?WFd1MjFrMmR6MGhLYktLSCt3blJqTHgrRnZjWGMwVTBtU295SkpIRjZkdXdJ?= =?utf-8?B?SFBzY2VsTk84VnAxdGY2YjdmSFB0UnBEVG14TVA4emxYOVBYVjhrSkYyTHN5?= =?utf-8?B?ZEdnOXNRMHVzbDJOcEh5MFdSMmk5cGtUb3ppY1hGVVQ4SCtvVUwwSjdmMVJU?= =?utf-8?B?UmFrUmI0bVdvOUptWlFVdW45RE11S0VUOW1XR1RuNGoyMEljNU13RDhJMzJL?= =?utf-8?B?eWRQbzVPMkxCMTFDT1A4TUY1RnRGc0FobmEvdDdyVENsNk9kd1Q0Qkt4RTNG?= =?utf-8?B?UE50TlNvNERWN2ltYVJVUXpVRExIYUszQ0YveHA3YkhORjAreGdNQkFGV1N3?= =?utf-8?B?MGw1QWFEUm1qeURhUERJRVhHVGxpZkVFK1pnMXRGRG0yODZQSURWS0cxeENB?= =?utf-8?B?Y1ZXeG1MdEhBTDhYZTdmK3M4WGkzemdRUjBPekJTWXZmbUIreWZpNG5DeFY5?= =?utf-8?B?eC9OTklsYUttQkl6VTlHQ2k1Vno3L2J0cHRKV3R2M2JNZmd2VFc1d2pqenZY?= =?utf-8?B?bXU3a2RvRjI2ZmVzQy9LQ2dMeG1NaUFDeWMwd0d4TXVFT3pYUEVleFB0QmFS?= =?utf-8?B?NVdyYTVhTWpMVHFjdldpSUEybng0amRtR2pFLy9KQndwcUVTZ0x0YnlObDlj?= =?utf-8?B?WXZzbVgvVTRMbm5VYmxoNnRjcUoxWFd0RVhBbUFjUC8vMzFXZDBrMVRJUFFC?= =?utf-8?B?dGUwN1NHdkY0cHdWNkpyTmNmY2ExNFRKMEUxbW1jSjZzSUtWa2ZaR1YvMjdG?= =?utf-8?B?aDRIL2lLL2hEUWZVMDYzRHVxSFlFWllwMnBLV1lmbFZ4TnRTMGt6eG5vVUZy?= =?utf-8?B?cVd1dlFRcUpveThTbXU5WEhPL1hiajl4eXpWNnpuMEtqZk03MW15QkFzZmEw?= =?utf-8?B?ZXdLdmRIUDV0YVluT3Q5YzNPZ29ranFmdVZVc2x5TzVmMzVYTTB0Mjl3aGNk?= =?utf-8?B?RW5YTVB0VUxRVnNTY0UvckYxblBNUHlXRFoxc3ZnTytRSXBCdU5lZVZEcnBR?= =?utf-8?B?YTlmRkxGMHh5SlNOWlk1TjFscTYzQVRJV1JBelo0ZDZzL0kyUG0vL2tUSWdr?= =?utf-8?B?SGhRM1BpODhZRVhRem1XSFo2WVR6Rm5QTHFhSmhMKzdVdWIwVE0yT3NvdWdj?= =?utf-8?B?Vlc5eFNYM0JydFVnaXBTY2ZvS2R3MmExa0lDa0VaT1BRLzlaNUpVS1d2SUFj?= =?utf-8?B?SzZTNmwydkNsQlMzblF1d2tSWC9RdkRNbHcxUWRvU1pDdlk5M0I4NmMzVWdX?= =?utf-8?B?dWgwTGZzYW9oZDdwVUNaMTNaN0Jhckd4VW5naUV2L0dhY0ZVTTdHSHJUVEo3?= =?utf-8?B?amR3d1dPc2swdXM3dkoxT09SZ2dNOW9PK1B1bnF5Sk1yU3Z4MVNjcmhTd2Ny?= =?utf-8?B?Ui81MTZJZE96VGlQWFNac0UvM1ZNR2FpQ2tGTUZUazFoV2xzYkwvWFZHQlZE?= =?utf-8?B?Z3FBbldXTlNnYkZCUU5vbGxSQWZUMWNFMGNjM3JtbzZSekJsWCtuVUpYeGhN?= =?utf-8?B?ejRGdlNtYWRLWXpFS0dIeXVEVjRmbzl4eFpST3hacWQ0a1NJLzdaZ1hXcWRz?= =?utf-8?B?VDArVU1OcDcwQUxnMDN3SHVuWlJtR2xsUTBxUXA1eVcxYmdLUER1K25QTFV3?= =?utf-8?B?M0xzRWtYM1ZwWUQwN1JuTVBPdXo1VWhieW81aDhHcVFoRXJveEM3aDdaWFJR?= =?utf-8?B?TEd5RjF0VmZ2Yk5IbTlJVkVITTVuOE1GWE9mUzA3cUUwZDNhV0d2TWJRQWY3?= =?utf-8?B?MmUveDcwSXFQc3Uyd2dDRko3OFNHOU5mSjlqN0lyeDlzcjR1c2tVckE4Sm5o?= =?utf-8?B?Q1JSNkZ6cEVVamVVNHlsNm9YWmk4MCtjekZKQmpCZjhRdFA0cHU1YWtqY1E3?= =?utf-8?B?VUFpYkZ2dWlvZmtRRWprbllqMXJwZkdXdGtNWDlLSWcxQUxoRnA0TVgvTXRW?= =?utf-8?B?WnRkdEFmelhLaWxoU1YyOENoVXdYV0FRcE9TaFhjdm1BYTZjSDZTbDVrVjg0?= =?utf-8?B?aUtYQzRhVHpnPT0=?=
Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB2351A430BA5F2EEFE96CE094F0189VI1PR0701MB2351_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR0701MB2351.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a72f0ba8-d561-4105-b0fd-08da0d125383
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 21:15:58.7120 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GriTex02UPdH0SBYFpVRcKo94J3FilYZ3GgARzOCq39Av/f8gBTAxNCR8bvTM9BMGI1/aeSMefDXDTZXlSdkUjVdWvJB05S0KAMMgYRX4BQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7804
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/7E8aldp_12dnwN0YWr7jAHgXUJ8>
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 21:16:14 -0000

Hello Andy,
I also propose an extension. (see my mail Review of draft-ma-netmod-immutable-flag-00)
In Ericsson we saw no need for exceptions, but do see the need for applying it to descendant nodes. Typically we need to protect a full subtree.

Why do you need the exceptions? Could you provide some use-case examples ?
Regards Balazs

From: netmod <netmod-bounces@ietf.org> On Behalf Of Andy Bierman
Sent: Wednesday, 23 March, 2022 21:10
To: NetMod WG <netmod@ietf.org>
Subject: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Hi,

IMO the problem should be viewed as a refinement to the
access control policy of the device.  A standard mechanism
such as a YANG extension would be better than a growing
mix of proprietary solutions.

We have such a YANG extension called "user-write" that is widely deployed.
A simple boolean is not fine enough granularity, so a bits type is
needed instead to allow control of create, update, and delete access operations.


https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-876c03f0bc610d95&q=1&e=c875257e-41f5-45d6-a9e9-871e5ebb4243&u=https%3A%2F%2Fwww.yumaworks.com%2Fpub%2Flatest%2Fyangauto%2Fyumapro-yangauto-guide.html%23ncx-user-write>


Andy

v2.8.7 | Report a Bug | By Email