IETF Logo Mail Archive

Re: [netmod] Last Call: draft-schoenw-netmod-rfc6021-bis-01 (20130204)

Ladislav Lhotka <lhotka@nic.cz> Mon, 21 January 2013 14:51 UTC

Return-Path: <lhotka@nic.cz>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA0E21F8561 for <netmod@ietfa.amsl.com>; Mon, 21 Jan 2013 06:51:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.618
X-Spam-Level:
X-Spam-Status: No, score=-0.618 tagged_above=-999 required=5 tests=[AWL=1.381, BAYES_00=-2.599, J_CHICKENPOX_23=0.6]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nlfe1SByWkYa for <netmod@ietfa.amsl.com>; Mon, 21 Jan 2013 06:51:10 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id E865821F8475 for <netmod@ietf.org>; Mon, 21 Jan 2013 06:51:09 -0800 (PST)
Received: from [172.29.2.201] (nat-5.bravonet.cz [77.48.224.5]) by mail.nic.cz (Postfix) with ESMTPSA id B52CE13FC96; Mon, 21 Jan 2013 15:51:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1358779868; bh=L3/C8JM6ApcTsq4BRTPLvNu1DDE5yH/v/SR/CuZOVqc=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=CEYE8ztzf57qc9//WHOoKqY5Qn/XDtW9Whf/X1TiD7pI4paH+LX7PfvzM5IN4b/6N mYLego7DEqPjPw/bFn+9jql0QJpoZUHwt7PjmEIeOQOT6TKQt5LxZ9vL7ZGPIL7ZV8 QqIqhXnfu7FMObP3r4w3sNbEVE+nnHMkk/un0ILU=
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Ladislav Lhotka <lhotka@nic.cz>
In-Reply-To: <20130121133952.GA40864@elstar.local>
Date: Mon, 21 Jan 2013 15:51:06 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <0CE6FBBB-5019-4647-BC5F-58E6A6AE5CF5@nic.cz>
References: <20130119011641.GK11206@nsn.com> <m2622qk6lw.fsf@nic.cz> <20130121133952.GA40864@elstar.local>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.1499)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Cc: netmod@ietf.org
Subject: Re: [netmod] Last Call: draft-schoenw-netmod-rfc6021-bis-01 (20130204)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 14:51:11 -0000

On Jan 21, 2013, at 2:39 PM, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:

> On Mon, Jan 21, 2013 at 02:28:43PM +0100, Ladislav Lhotka wrote:
>> Hi,
>> 
>> I support moving this document forward, with two comments:
>> 
>> 1. The second pattern for "yang-identifier" type can be slightly optimized:
>> 
>> OLD
>> 
>>    pattern '.|..|[^xX].*|.[^mM].*|..[^lL].*';
>> 
>> NEW
>> 
>>    pattern '..?|[^xX].*|.[^mM].*|..[^lL].*';
> 
> Not sure what the metric is that is optimized here or how to choose
> between the two.

The metric is string length and the number of alternatives.

> 
>> 2. It would be safer to have types 'ipv[46]-address' (meaning no zone) and 'ipv[46]-address-with-zone' rather than 'ipv[46]-address' and 'ipv[46]-address-no-zone'. I know, it's an incompatible change, but I suspect that many implementers will not bother to look up the definition when seeing a type like 'ipv4-address' and assume a plain IPv4 address in that place. Such a mistake can easily create a security hole. The name 'ipv[46]-address-with-zone' makes the optional presence of a zone index explicit and eliminates this potential trap. Besides, it would also better fit the naming scheme of corresponding textual conventions in RFC 4001.
> 
> It is still an incompatible change. We can't change 'ipv[46]-address'.
> We can deprecate it and provide a replacement.

This is not an option in this case - we can't deprecate a typedef such as "ipv4-address" and introduce a new one with the same name. 

> 
> Personally, I do not think this is needed or desirable. The IPv6 WG
> just reached concensus to allow zone indexes in URIs and there was no
> a concern that this creates a security hole as far as I understand.

In URIs, IP addresses (with or without zone indices) are enclosed in brackets. In our case, the zone index is an arbitrarily long suffix without any delimiters.

> What might happen is that people forget to implement support for
> addresses including a zoneid. That said, for stuff sitting above the
> IP layer, having zones included 'by default' is in my view a feature
> and not a bug.

OK, let me just mention that both I and Martin already fell into that trap, and so did the authors of the dnsccm module, I think:

http://dnsccm.org/projects/dnsccm/repository/entry/trunk/dnsccm/modules/dnsccm/dnsccm.in.yang

Lada

> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

--
Ladislav Lhotka, CZ.NIC Labs
PGP Key ID: E74E8C0C

v2.23.0 | Report a Bug | By Email