Re: [netmod] WGLC on draft-ietf-netmod-node-tags-06

Balázs Lengyel <balazs.lengyel@ericsson.com> Tue, 19 April 2022 09:04 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D386F3A0D61 for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2022 02:04:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnxKvMj8Swly for <netmod@ietfa.amsl.com>; Tue, 19 Apr 2022 02:04:05 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on060f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::60f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FAE63A0D42 for <netmod@ietf.org>; Tue, 19 Apr 2022 02:04:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nRiKM/MnnWYCFfDN+TxK5KMbeB1HxmvOWJ2gimFxONDsRHOeZOtz4kwZ4nREZRQtUCb6+LZQhyP5LomCEIoV6MWzK8NbU4NuNy7vUQOIK1n0P2E4S9D4jVOcb751t0aoSh22NCRf3RiMgUL50GkuybMrFKXlSXYd0ZRYLYxcC4csWUqDGTmH2wf050+wKV4RaCnwUPqT05xB/N1YjQI4CbJFi+ADKHzEvHOtyp/A6bGLI5COTlo2zFYsANKrA8vQLKe6bLhf/bcHA2KpPo5VAW4mPZkJCZ9IKDjx28UNTkAJjoh3xmDK5i0MCDHRc/YCBkMFBmjrlaJyN3dDQ/w2cQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+lp/+VspV+TKMA6mCmo86Wj7KdYbq9QVaDe4E5md+5I=; b=m7+pMzwLpNWgmg/WBJVXrrEfnyFcdSZ1Bn3feD/d+zL0g8yH7P/BI9l7dSz7GffG5SgkuZuo6hpE/PPGGR/ZGQ6WK8HHaQ3w9RKRuRHqM4hrwux14YvdVsxzatscZWmgiFu2g+tW7+rUz0VF93N4e1i2S72VIxVxx8knn3yyxnhR17/zwQFxxti5WSIST8aBJvub0tTvFRv9fgR5GVt/ArsNWxtzwTu6GPfnpdnEytJTC7JMBBtNVCpXlUpug+blszPDyEcIWyfR+y0izLC7YHjYVJAZUbhoft4Vf7WLzckS9e/rzwqOgeQIRN7wppN/rpXJiDJcUnOaXeOVeQOQQg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+lp/+VspV+TKMA6mCmo86Wj7KdYbq9QVaDe4E5md+5I=; b=YIsnM6wNAZxBKbZlaurJ9VnF/AdDDjx/XvCOfuL8I2a9L2Viv9tW0tBdar5ZOahyItk8KjE1g+87vcdTyQ73+tI2KuUs/uzmGeKF0ie7j7712nhZwUcfIpS/nnovQQHcGApNLAe3ltLYC+EWg36ncrK78kl/24N4a33YElYj2Og=
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com (2603:10a6:800:6b::18) by AS8PR07MB7973.eurprd07.prod.outlook.com (2603:10a6:20b:396::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.6; Tue, 19 Apr 2022 09:04:00 +0000
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::4090:1564:a0f5:7e6]) by VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::4090:1564:a0f5:7e6%3]) with mapi id 15.20.5186.013; Tue, 19 Apr 2022 09:04:00 +0000
From: Balázs Lengyel <balazs.lengyel@ericsson.com>
To: Jan Lindblad <janl@tail-f.com>, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org>
CC: "netmod@ietf.org" <netmod@ietf.org>, Qin Wu <bill.wu=40huawei.com@dmarc.ietf.org>
Thread-Topic: [netmod] WGLC on draft-ietf-netmod-node-tags-06
Thread-Index: AdhOeZP04e9PXI39QhupbtajNNaLzgFSStowAAEXvgAAAPeSUA==
Date: Tue, 19 Apr 2022 09:04:00 +0000
Message-ID: <VI1PR0701MB2351416C09F2399C1C6B056DF0F29@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <7bacf3e79dce46579ab6318de8f1f502@huawei.com> <VI1PR0701MB23519C369E1D4346F13FCD70F0F29@VI1PR0701MB2351.eurprd07.prod.outlook.com> <04EABC0C-09B5-4F5D-B63B-3D3FE5812C19@tail-f.com>
In-Reply-To: <04EABC0C-09B5-4F5D-B63B-3D3FE5812C19@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d0c487bc-a140-47a9-a16e-08da21e38b40
x-ms-traffictypediagnostic: AS8PR07MB7973:EE_
x-microsoft-antispam-prvs: <AS8PR07MB797353026F4A37A94DCBC345F0F29@AS8PR07MB7973.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: f+BrYnsF5eBM2axRDgdUlTLU2N5HNVjmGJCovorpuVDrIpycnJK+5gW3/njIaWpMDsCn6jSdMXD3xZbl+1pZWVH2PodukcbaMNOTvLDATO+LDj3bn4snI8XCghb7nrbZfx/vHnMQVXP9rIGhgBIjj4zXK+m7qtihQtz2juGW2iux+wZV5207RnD0IfkbThLf6IVhyoQEhrdQ2TOBV1+8nFAqocivO4FurCJ0PumhSRVJI6JkkJuSx8W4mBt1onnctlN14Pxv4dBVCLmFNKZGRHoci+QJC6bdk/OdxLirzP8Dwyqe/Y6HpyEPMV4paWyGOGJmrtlp7VFlzBE4ZUawkFRVfL1NpTKMSNjETKdSVrgHLL3/11jehVMMQ0rcSro5axBZckG2fhayUTgpSaKBclSq+NyxRupiwVBqWFWFVGPTVmbFLeE3guXP37Z1o4ncziI4nsWVdk1kJ9beBHa1X++nxqJCDGoN0BAmQJG/ZKpTQtLAWFXAZyTc0H8y5JK/mN79ypoCZxNIa3QXhsUOfA47RkRwI+PutlvdPxm30cDE+56GCFO8hp294XhyJ7mAgI34wX5g2doHBAMv8i7AW5CuzX/OZnNSwAQVkAkUfDRBCDdL9bnoQc8QenbyY3Vl5vuz5rTrvsjRbW3YgkKZUBjxtAaa7eMqlcycW7IDOtRjzkHoJmz7ZfLoSLuIyTfXMYbXvlUL+vq5A8Ag/TOFG55BrgYcgNCbD7C3OSMLpRhn5WZ5lo6aHYKHhZw8L8aHIGg6WHS/qx02OvOHab9Iasg3qcoxK6UJU51geG36kQ8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2351.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(64756008)(66476007)(66446008)(186003)(316002)(76116006)(66556008)(83380400001)(7696005)(4326008)(2906002)(86362001)(66946007)(55016003)(8676002)(122000001)(66574015)(53546011)(6506007)(82960400001)(966005)(5660300002)(8936002)(71200400001)(85182001)(52536014)(85202003)(38070700005)(33656002)(110136005)(38100700002)(54906003)(508600001)(9686003)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AFCJ1K1PS4hUbVK+33eJzyiy8fqJ9iLDftdIfHgB5WmQeoFiy8xV4otY/OtceBBmXl5oV2UuazVqcy3zvKA/xYQ/43zg4kDqBGuYP710AxvgCyscd6HK3sZBcZx7F7bIWxkjnEfpNv9jUO+nuSxqwkfUePUfH7aGRied2TqLbG5hS/kmVIQqK0hLg3KtgovT1O0sw7q/eUDoKzaPNAuBCX+RzWD6BWh+O0TyOHjq3MJKQnE+3XLOTI+mInLc/BLaSVUReL4FuY78XMkSH6W7Ng1XcDAIh5Sc/GYqEouHlaDieLnnY1pfnRuIAiwXUnz3OkjYCROZoMGneej31W8UMdK4TNK8/gRJVcspgSYhLgky+NZdwk99JxiHg4oea8KXPEuN8s8bm7HLkFGXjk5yDbVu33uemUsouG0XLusshVc5wMBDAxb+qVYQ/gyBti0p4MNwSnDYTYDTDesQbt4u9J3UTPev2RBTQnlQHsxoEgjSzpwY328lBrJ2xo8TBQEtUR/Mx5zBWuqXx/DvyaPkPKepSRRhsB3xJBengs2meQ9T3t81FBB/Jtmu5LJrvA5hRAm0fzJJ26OzUU2FcZndkVcz0TF9Z3DAjxxRHeIh5OEhVIsdjZ4upzIm20qU9I1RVQJuwrm1c6nfZck7t5mMSYNhJiTcNf+WIfiYY1dBCJPH63XwsoiN5JXzCioNsGWfZtuJ8jFcAjje3V1hYHTTzabqLY7IzHMGNQA/E8klj5tt3aF/eOQDh/SCFPrmSUZA5CEs8u3bcTUYCS4nF2Ar9mHwKy/D22YJ0ua7/I9nrHR06oixDixDIVWUcNC4/KW6jOMJeeQpFAItbvtveHXphMQKqK+i4J43lBgxyLyiL7MU87mhegngBkCh+9Sfq2R5gQ7wtfOQ7Eav1fLjEcuM6eQWZPyK7xrP4cLBHFAXv6fe8SU/sKMv3bvcu+Y7410B5+TglmGI05bct/Sx9FzMrzzAEd0RMIMWaVvK7yWMz/PyDWfaEPo6XmUmWxUFucipuBLUeoto846GpPPeYGZ+r+E58ictxex3kpVHLaKxMtjBxOGu835jy7PfSCexeoypa+qR5FN3FR0HzAdtnjS6E88kNVCDxDVTycQGdOo1uMT/xXjaWedLtDY1PwIa4DXJWmAXy6So0OQmBvXIlDMk1ks/dnyR2vGu5IVeXlszjtN0xSQukTV7CTxBtb+HTpYYtFoT3SPdWcjgD9D0cS/5g/pvPVZSsjBKblYAjFkkj4UxxW8hWo8JEVcWLY97ZFfsYx9mPPg0kQw81jpvni+EnZlLJKYX/CXOMuBbvdTnNZp0dggJKd6f9qN/Uv/cun5sYgFdYhjPA/D4MQUP3Yvuln/YBLfL9jp5vlCtzQH/cGtS+/L8pzjszrT3DNSz6jvOc12DkMUI03TGA14O/er3Aki0nUipVacFijdHRF1Jf/CWgJB6NNMQWN2UsicgGch4m5owLdUrSn/CZ9W4KrTnY+d1jjsFiDdlaWyxSJrg6uz6i7ZFI1nhBbpvLftO5iaKxt4mfwibyqfErmbHzTDQddpDsOcu20C04BXs+xcZbIuE6KNxIIBQ14QHLnutJlU3e7LZ96ZhmeU5NEG3x1SXYv//6R3/pGoj0PHercklVxruw76mirSkS0Bfs3yZCccnbFxOXBQXx35Heoi5Rdv8r796MgJB3rRSpNrXifTjnGM4ryZaWxNr9yNX+0SbsU7AOHMiY4kxxCYEBKVvPh/Ln1c/uzJhd3iyd7X3jPsnR+k=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR0701MB2351.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d0c487bc-a140-47a9-a16e-08da21e38b40
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2022 09:04:00.3595 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yzUgyVsmEaBMhtnQ69tSOkswO1JjzQbWNSf8qapt48ZYXWK3xskmlH7Z+WAZbxY3svo6l2241wwQQaHeLVygLYW8tpelRSuJ0VE5Ep8bq7Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7973
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/JF4W4BOIFWddpp5qmVvlKw6nupM>
Subject: Re: [netmod] WGLC on draft-ietf-netmod-node-tags-06
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 09:04:11 -0000


-----Original Message-----
From: netmod <netmod-bounces@ietf.org> On Behalf Of Jan Lindblad
Sent: Tuesday, 19 April, 2022 10:26
To: Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org>
Cc: netmod@ietf.org; Qin Wu <bill.wu=40huawei.com@dmarc.ietf.org>
Subject: Re: [netmod] WGLC on draft-ietf-netmod-node-tags-06

Balázs, Qin, WG,

>> - for each extension statement the following should be described  + 
>> Changing this extension statement is a backwards-compatible change 
>> yes/no/editorial-only
> [Qin Wu] Can you provide an example for this issue or reference document, I can not find any guideline in RFC7950.
> 
> BALAZS: It is the first question you get from a customer at any model update/upgrade: are the changes backwards compatible?
> The modeler and the customer needs to understand whether a change in the extension statements is backwards compatible or not. 
> The new YANG versioning drafts also require this knowledge.
> E.g. 
> Removing the nacm:default-deny-all extension from a leaf is backwards 
> compatible as all earlier operations will still work Adding the nacm:default-deny-all extension to a leaf is not  backwards compatible as writing to the leaf might not work anymore.

This is a great example of why backwards compatibility is a really hard subject.

A manager relying on nacm:default-deny-all might not be injecting the right NACM rules to make the managed system secure after the version change. While all management operations will succeed, the change opens up a security hole for managers unaware of the change. I believe such a change should not be described as backwards compatible.

My point is that while in the YANG versioning design team are working to define hard and fast rules for what constitutes backwards compatibility, reality is a few magnitudes more complex than any viable rule set.

Best Regards,
/jan

BALAZS2: Practically any change can cause operational problems if  a client depends on it, still not saying anything about it will be a problem. Even if we only consider RFC7950  terminology: Is it allowed to change this extension: yes, no, in what manner? This should be stated.
IMHO this is a great example of why we cannot consider all secondary effects of a change when considering compatibility. If we do, no change will be compatible. We should say allowed (compatible) changes are the ones that allow existing operations to succeed.

_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod