IETF Logo Mail Archive

Re: [netmod] WG Last Call: draft-ietf-netmod-acl-extensions-03

Mahesh Jethanandani <mjethanandani@gmail.com> Tue, 05 December 2023 22:09 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A791C14F61C; Tue, 5 Dec 2023 14:09:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u89_64rGX0M3; Tue, 5 Dec 2023 14:09:17 -0800 (PST)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E50E6C14F5F1; Tue, 5 Dec 2023 14:09:17 -0800 (PST)
Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6cdde2aeb64so5959098b3a.2; Tue, 05 Dec 2023 14:09:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701814157; x=1702418957; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=gEhIlArpOmAl9SoDVvXX972MN5tW3vflJ2+GTvqqoxM=; b=F9hPqlbZlok3GBuAMQ1gDxVWyKFIOnJyJvsWXW7Pa45sgkPzsv84AiLlst1dXA//tH 0oN0xnkFqpmI3eTjHFm8d1FSpTyEqiO8ttfoXjdGTTHKDTeSVFVJI+zESKxUXgVtWyPT lxxpjuCtcNnq2tfz85QHzSlL1iS7Sso9yPo8GG4TwTs/1jCGKfz5mmpk+NoflvOYklkA ckBnvSiMvqYq9WPtxVLpNh3bKTexBCB0+CMCaN2va22z9HwCiVeG0VCT7zcmWt11G+u9 1gRYu4sB70gBuv8N1tu3W7xS4aNtLePpA0XnYRkTbP42utukZUGzJb9f+GpN9noN+Yeb 99NQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701814157; x=1702418957; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gEhIlArpOmAl9SoDVvXX972MN5tW3vflJ2+GTvqqoxM=; b=mXAhSPtkdzJyO3OSerXH/UxKlN/bdhea9/7TpVoMwexFXsKvTHfhvlh+Dee2Ys8sOw nlRCUSqUENZtafBhikjWPsXcb7MyVnsnmVsrlYKFK7114E5QI30TmZ2SgarxNuy1SA2t iHSE3bcP2zldf6Nd9/JIzRLf595F9kWSGq/CV5NwDZGIJUQPQprtNjO6/BeW8M8DoVsP 4PCgXaD5mHMwUAQaoV/KbxA13OhahiEPm/gkbtCJaXmwzN78CyTYUq3AysxymU4i5Go5 X7Z5SbgNqSlOU5a/jjKp4YKrzzrnHV9+8mpYfnlor8SznE6ivoOT/hwt+9gKSiH7buej LFBQ==
X-Gm-Message-State: AOJu0YwJxywSwzHrXb6NEomwvMUWT9ucSNJulBb/KjipJWILGjCZW6RU WcHM5MIUsK3cpkcxO3WN3KtYQ6CzQL4=
X-Google-Smtp-Source: AGHT+IHcdCWrjZjKIrbk4pM90PssenaoHYaejpIpwLUhIABXo83sAcpKSeoNPM3Z+UzR+iVNzCUtMQ==
X-Received: by 2002:a05:6a20:12c3:b0:18f:97c:615d with SMTP id v3-20020a056a2012c300b0018f097c615dmr8799128pzg.90.1701814157033; Tue, 05 Dec 2023 14:09:17 -0800 (PST)
Received: from smtpclient.apple ([70.234.233.187]) by smtp.gmail.com with ESMTPSA id z29-20020a62d11d000000b006ce75111ce7sm1437258pfg.162.2023.12.05.14.09.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Dec 2023 14:09:15 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <28F35BAC-6CEB-43FB-AF64-E1007F3FAA9C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B050737A-B92F-4210-813E-B087775B357F"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.15\))
Date: Tue, 05 Dec 2023 14:09:14 -0800
In-Reply-To: <5b6d8915-6c03-4b29-a150-b7611de75d3c@labn.net>
Cc: NETMOD Group <netmod@ietf.org>, NetMod WG Chairs <netmod-chairs@ietf.org>
To: Lou Berger <lberger@labn.net>
References: <5b6d8915-6c03-4b29-a150-b7611de75d3c@labn.net>
X-Mailer: Apple Mail (2.3654.120.0.1.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Biw-Am19fggqoT5lW959OBXFMPk>
Subject: Re: [netmod] WG Last Call: draft-ietf-netmod-acl-extensions-03
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Dec 2023 22:09:22 -0000

Hi,

I do support this work, as it is much needed, and would like to see it progress. However, I do believe that the document needs to undergo a revision to qualify for LC. Some of the comments are editorial or minor, and can be addressed easily, but others are not. They should all be addressed for the WG to call the document ready.

- The Security Considerations section has both the read/write nodes and the read-only nodes as empty (or marked as TBC, which I imagine stands for To Be Completed). This needs to be filled out, or if no nodes are worth any security considerations, it should be stated so, and why.

- Isn’t the YANG model normative portion of the document? Isn’t what this document all about? Why is it then in the Appendix?

- Why is the Section titled "Initial Version of the The ICMPv4 Types IANA-Maintained Module”, when the model in question is "iana-icmpv6-types@2020-09-25.yang”?

- ‘defined-sets’ and ‘aliases’ have been defined in a the separate model ‘ietf-acl-enh’. Are these sets and aliases defined to be used outside of ACL? If that is the case then having them outside the ‘ietf-access-control-list’ model makes sense. Otherwise, almost everything in the ‘ietf-acl-enh’ is an augmentation of the model defined in RFC 8519, as stated in the Introduction of the document

"The YANG module in this document is solely based on augmentations to the ACL YANG module defined in [RFC8519].”

If that is the case I see no reason why those containers should not be augmentations into the same model, as in

augment “/acl” {
  container defined-sets {
  ….
  }

  container aliases {
     …
  }
}
  

- I just pulled down the latest version (-03) of the draft, and ran into this error. 

$ pyang ietf-acl-enh@2022-10-24.yang 
iana-icmpv6-types@2020-09-25.yang:1: error: unexpected latest revision "2023-04-28" in iana-icmpv6-types@2020-09-25.yang, should be "2020-09-25”.

- Section 3.4. TCP Flags Handling. The document states that. 

"Clients that support both 'flags-bitmask' and 'flags' matching fields MUST NOT set these fields in the same request.”.

Can the model have a must statement to prevent this from being configured inadvertently?

Same for Section 3.5 Fragments Handling

- There should be clear direction to the RFC Editor on what should be done with revision dates. The same is true for other placeholder text. For example, what is the RFC Editor to do with text "RFC XXXX"?

- References in the YANG model should be expanded to include the title of the RFC.

- Examples are always good. Not only can they be used to validate the model, but users get to understand how it can be used. See other models such as BGP, TCP, BFD on how an example can be added.

- How is this a reference?
        reference
          "- Bill Simpson <mailto:Bill.Simpson&um.cc.umich.edu>


Thanks.


> On Dec 4, 2023, at 3:00 PM, Lou Berger <lberger@labn.net> wrote:
> 
> All,
> 
> This starts working group last call on
> https://datatracker.ietf.org/doc/draft-ietf-netmod-acl-extensions/
> 
> The working group last call ends on December 18th (any TZ).
> Please send your comments to the working group mailing list.
> 
> Positive comments, e.g., "I've reviewed this document
> and believe it is ready for publication", are welcome!
> This is useful and important, even from authors.
> 
> Thank you,
> Lou (Co-Chair & doc Shepherd)
> 
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod


Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email