Re: [netmod] Éric Vyncke's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)

Qin Wu <bill.wu@huawei.com> Thu, 23 April 2020 01:53 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41C043A10B1; Wed, 22 Apr 2020 18:53:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlwQJyFnbaE7; Wed, 22 Apr 2020 18:53:28 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5476B3A10AB; Wed, 22 Apr 2020 18:53:28 -0700 (PDT)
Received: from lhreml721-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id E2FE433D85E6E53F0125; Thu, 23 Apr 2020 02:53:25 +0100 (IST)
Received: from lhreml721-chm.china.huawei.com (10.201.108.72) by lhreml721-chm.china.huawei.com (10.201.108.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 23 Apr 2020 02:53:25 +0100
Received: from DGGEML422-HUB.china.huawei.com (10.1.199.39) by lhreml721-chm.china.huawei.com (10.201.108.72) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Thu, 23 Apr 2020 02:53:25 +0100
Received: from DGGEML511-MBX.china.huawei.com ([169.254.1.248]) by dggeml422-hub.china.huawei.com ([10.1.199.39]) with mapi id 14.03.0487.000; Thu, 23 Apr 2020 09:53:21 +0800
From: Qin Wu <bill.wu@huawei.com>
To: =?utf-8?B?w4lyaWMgVnluY2tl?= <evyncke@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-netmod-factory-default@ietf.org" <draft-ietf-netmod-factory-default@ietf.org>, "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtbmV0?= =?utf-8?Q?mod-factory-default-14:_(with_COMMENT)?=
Thread-Index: AdYZDvJMTBevZe+PRoqB//3nPCJK5g==
Date: Thu, 23 Apr 2020 01:53:21 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAAD628F7A@dggeml511-mbx.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.123]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/CZXhMtHK_dRFZpJsHZ3dOxVgUWI>
Subject: Re: [netmod] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-ie?= =?utf-8?q?tf-netmod-factory-default-14=3A_=28with_COMMENT=29?=
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 01:53:38 -0000

Thanks Eric, see reply inline below.
-----邮件原件-----
发件人: Éric Vyncke via Datatracker [mailto:noreply@ietf.org] 
发送时间: 2020年4月22日 14:45
收件人: The IESG <iesg@ietf.org>
抄送: draft-ietf-netmod-factory-default@ietf.org; netmod-chairs@ietf.org; netmod@ietf.org; Kent Watsen <kent+ietf@watsen.net>et>; kent+ietf@watsen.net
主题: Éric Vyncke's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)

Éric Vyncke has entered the following ballot position for
draft-ietf-netmod-factory-default-14: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for the work put into this document. The document is clear, easy to read and quite useful.

Please find below some non-blocking COMMENTs. An answer will be appreciated.

I also support Barry's comment.

I hope that this helps to improve the document,

Regards,

-éric

== COMMENTS ==

If the "factory-default" is optional (per section 3), then it may be worth to specify this quality in the abstract and in the introduction.

[Qin]: Thanks, will mention this in both abstract and introduction.

-- Section 2 --
What happens with the different counters in the <operational> data store ?


[Qin]: As described in 2, The contents of the <operational> datastore MUST reflect the
operational state of the device after applying the factory default
configuration. In other words, Referencing figure 2 of RFC8342, counter seen as system state of operational datastore will reflect
the operational state of the device. 

Why is this a SHOULD for overwritting sensitive data before deletion and not a MUST? At least section 6 writes that "owner of the device MUST NOT rely on any sensitive data (e.g., private keys) being forensically unrecoverable"

[Qin]: I have no preference on whether we should use strong language or soft language, but the idea here is deleting dynamically generated files is mandatory, overwriting security sensitive data is recommended.