Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt

Qin Wu <bill.wu@huawei.com> Wed, 06 November 2019 02:21 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9524120C19 for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 18:21:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfROjhw-MMXD for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 18:21:22 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC4F7120828 for <netmod@ietf.org>; Tue, 5 Nov 2019 18:21:18 -0800 (PST)
Received: from LHREML714-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 816812B1F3F05A559786 for <netmod@ietf.org>; Wed, 6 Nov 2019 02:21:17 +0000 (GMT)
Received: from DGGEML406-HUB.china.huawei.com (10.3.17.50) by LHREML714-CAH.china.huawei.com (10.201.108.37) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 6 Nov 2019 02:21:17 +0000
Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.209]) by dggeml406-hub.china.huawei.com ([10.3.17.50]) with mapi id 14.03.0439.000; Wed, 6 Nov 2019 10:20:59 +0800
From: Qin Wu <bill.wu@huawei.com>
To: Kent Watsen <kent+ietf@watsen.net>, john heasley <heas@shrubbery.net>
CC: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
Thread-Index: AdWUR59Z/n3hF6/TQ9WWBzFYs4wvjQ==
Date: Wed, 6 Nov 2019 02:20:59 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAA93EB7DD@dggeml531-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.31.203]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA93EB7DDdggeml531mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/O_pjZI3Qf7HZI0kVx-ccRShAWjM>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 02:21:28 -0000

发件人: netmod [mailto:netmod-bounces@ietf.org] 代表 Kent Watsen
发送时间: 2019年11月6日 3:27
收件人: john heasley <heas@shrubbery.net>;
抄送: netmod@ietf.org
主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt



Yes, I'm suggesting that this "clearing" be a requirement, even if the
operator has the choice between clear "only the configuration" and
"everything."  "might" -> "MUST".

The fine line between too vague and too much detail must be found. >>>

In addition,the "factory-reset" RPC MUST
restore storage to factory condition, including
remove log files,
remove temporary files,
remove certificates, keys, etc
zero passwords,
<insert other things>

The process (SHOULD|MUST) zero/pattern-write then remove sensitive files
such as the TLS keys, configuration stores, etc.

[Qin]: Okay, here is the my proposed change:
OLD TEXT:
“
In addition, the "factory-reset" RPC might also be used to trigger
some other restoring and resetting tasks such as files cleanup,
restarting the node or some of the SW processes, or setting some
security data/passwords to the default value, removing logs, removing
any temporary data (from datastore or elsewhere) etc.  When and why
these tasks are triggered is not the scope of this document.
”
NEW TEXT:
“
In addition, the "factory-reset" RPC MUST restore storage to factory condition,
including remove log files, remove temporary files (from datastore or elsewhere).
It MUST also remove security credentials and restoring default security settings including
remove certificates, keys, zero passwords, etc. The process invoked by the "factory-reset"
RPC SHOULD zero/pattern-write than remove sensitive files such as the TLS keys, configuration
stores, etc. The RPC MAY also be used to trigger some other resetting tasks such as restarting
the node or some of the software processes, activating the factory-default config which in turn
enables zero touch provision (ZTP).
”
If you have better text, feel free to share.

The RPC MAY provide an option to limit the actions to factory reset of
the configuration.
[Qin]: we have add  nacm:default-deny-all on RPC we proposed. Security section will be enhanced
Based on Andy’s comment in the separate email.

Strongly agree.

Kent // contributor