IETF Logo Mail Archive

Re: [netmod] Client validation text [was RE: YANG Versioning Weekly Call Minutes - 2021-04-06]

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Thu, 08 April 2021 18:51 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874D03A172E for <netmod@ietfa.amsl.com>; Thu, 8 Apr 2021 11:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQSfzmoNqZ6f for <netmod@ietfa.amsl.com>; Thu, 8 Apr 2021 11:51:32 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2059.outbound.protection.outlook.com [40.107.21.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 590BF3A172B for <netmod@ietf.org>; Thu, 8 Apr 2021 11:51:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ONkCLr1GSTW9jnuVX4yN/lfhka8B2Zru38r8UJyV0Qt9h9HO3OCRc8eX6PUYjfHKU7zkVujLp6tMRt6KfFUsfqxUU7p4/ZMz9D0RUxJ6Aa4n2w0H9+DFs7crt/6HXXsBXpxxFTcv5KoWVY4LUYF6xpb7vhaur8F1oXuxSdoaCDgFjMwokI+28lCcwqJVz5T/FJieAPBVIV7Ti7k6hVwrsPTU/cz7XcUkiKhnkB61gL160u+mP7cmCPbi5DGG191n353S7UOyso3fNlWSdcowsF/uy1o7Tlmr7ZOwm2D119RLkJfup0tjZiw/fXerLMHns5c3z10t2Nl3kPI31NyGlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7eqhc4gtRN5taavIuz97U/9h89RznhkQroYdxH6LQNY=; b=HG0q7IAWnaoWND2fszjhLiyFVFKc5MsHCQSLpl7QDU6nnvWIlWqX/sh/mV8AV5brN421pu2uSF3UAV7GrFVzY6RYwTq7OFpjvZTQzF468gmfSUB6Ip5pjbE/P9h610nHcdfJAgXAc+cijjrtsCRyjWAsUzUDcNhO+KsnMa8tE924BQeDrgCXDdmb+J+fZTBIcBV4Mi6XUb0sbEJdXoHbJ31g5JgOjUBJTnYYRTagjlv0VC1nAFM4RvwIBLCc8/kRY50k2cOuCWl0RDDNoOfYCxjlaUhp2EkRC17aVtvyYbFt2Zg7hOn6dXUiBCn8ADSNteKSkPJk8gLmiprc6ZauQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7eqhc4gtRN5taavIuz97U/9h89RznhkQroYdxH6LQNY=; b=OGXm6gJ8WzxVy+XiDG2GrbqLc/sWLBR/KE4dYCKOKGijBplGUGTb8IoM/edfKS95qpw/f0zVLaY/TLTUWyoHjcrMSzSlTzNEo7dYYeqMo7EWYX4U/w+AeUGF8v6Ffhr5HwbyizAOw3i36Sp/ht/VJHg0YCuD35S6z6ALeit8K34=
Authentication-Results: nokia.com; dkim=none (message not signed) header.d=none;nokia.com; dmarc=none action=none header.from=jacobs-university.de;
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23) by AM0P190MB0611.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:19d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.20; Thu, 8 Apr 2021 18:51:28 +0000
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6]) by AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6%5]) with mapi id 15.20.4020.018; Thu, 8 Apr 2021 18:51:28 +0000
Date: Thu, 08 Apr 2021 20:51:27 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>
Cc: "Rob Wilton (rwilton)" <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Message-ID: <20210408185127.l7cafoeq6svs4ns4@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Sterne, Jason (Nokia - CA/Ottawa)" <jason.sterne@nokia.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
References: <MN2PR11MB4366255A77C76D9004360169B5759@MN2PR11MB4366.namprd11.prod.outlook.com> <DM6PR08MB5084935EDB6AB7718B695BAA9B749@DM6PR08MB5084.namprd08.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DM6PR08MB5084935EDB6AB7718B695BAA9B749@DM6PR08MB5084.namprd08.prod.outlook.com>
X-Originating-IP: [212.201.44.244]
X-ClientProxiedBy: AM0PR02CA0218.eurprd02.prod.outlook.com (2603:10a6:20b:28f::25) To AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (212.201.44.244) by AM0PR02CA0218.eurprd02.prod.outlook.com (2603:10a6:20b:28f::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.17 via Frontend Transport; Thu, 8 Apr 2021 18:51:28 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e51cd95d-801e-4814-766b-08d8fabf517e
X-MS-TrafficTypeDiagnostic: AM0P190MB0611:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM0P190MB06119CA0712C8BB77F68558BDE749@AM0P190MB0611.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: IAahPyKI/2NBpO2GUC/hkbge3g02kul0e5WTT2aKtAOygFIjQPv9ZY/5UnuPlAGfq2LRZ6Ve3+Blz+7pX16nvVQ1zZmNY1IFNs1NkIHIkpqi5kBivfzZv/lh0HKj+3QMgrTSdDQrQhQm4SwRQQyST27J1V5xNGJJBUsIqgqrBN2WudujjeDZ6Uh2piL5+t6Y4AE0LZ1BWKv/pVxn9b88tEAcb8dsAxugVM8H8lIkLOBZbGCxiaqzxXZS9tcl1Fl2uC5TZUTzD7ppf7uKSzpUAtUhmut4Xkyp5w1OnPwY+Y+p47ZINHjITK6QeNSC1bbyqZQ//qQdAYkATQzACGYimocmPVPWkDaapCU3x78n4d1h8lGQmz+Ky9Az6/82CZKQNmkKy82S1cOV7f4UNzwreZydEbOExShVfFBIW5k65tNrKIt0rzBSLZsLvUG5KzITrYnlfHyhI+85+uV5VX1fshuoX38oUALKrq8H04SHuheSARzLwiiGSddm0x2c1Kkxz8hCmrwc369Reb06KbyoSR8L4atDzOGjPXQnkDPbU+gv1EADrGSeMgN/FwoxqozdV0d7hXmB4aSmqCWC7o7mfH/D95WS5uequ5YSsdIqAVY4WpcCzHUVaP0Z1J9uMRDULWlSIOwPo0cGQqx/TP6ZL+41e/bAhYl48zpNA1g/pqV3Ap8F5WLxIEBBKTUYXEMgDDsgubbbQgqOWUS1VTVeGyjjHQWq7j3kMGW6dhZ23SqAe35APjMLA3pzWM5g0zxX
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(396003)(136003)(39850400004)(366004)(346002)(6916009)(54906003)(786003)(316002)(8936002)(6496006)(296002)(8676002)(53546011)(6486002)(52116002)(956004)(4326008)(66946007)(66476007)(1076003)(5660300002)(66556008)(38100700001)(38350700001)(83380400001)(16799955002)(478600001)(966005)(186003)(16526019)(26005)(2906002)(86362001)(3450700001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: YOSXjZd/mhq862STKAJyPtWxg0oOvMvIdRRbvMn7Dz0ymyvLTXU09JR/eJYN9wVVYMj9EOb70SNj8OnI0rtf7HH+3OJHfss9zjjy6pyX/Yx9PIqEhBWVrtiokK36ZskqfoCY12+PkGZEZhmFczwz+15D0VEC7dotq0MX7o3DuphJbshGhMt8OYumpwuUD40ZCeWuRwKbhUaio9bhMHtsXu2GTqgT5BIPvg9dyh7azCXKhCgAW9N45XtMv1FvGACoyWDYnCjx6aqWHCjcHXZxDh8aqKi4/5fykHP1EFyQVcAuzhEPZGsZDiR1/gAq/TgcbMr+xc2DvkmMuhacopP3bbPqRXJ9i0YFehPHzf1tviWO+VSbRxgxvZ6hIbTYNc/QNwAmDdFUY0EFSQ1XbqjBllLFcDCY2oaP+sp+H6dGkBfLfpTSUG98ke9uvRre2PVk+cHhQrfMX8hZsnto5PZjTPWx3yl/cVM6/GfqPADNePE0T+977AuyyoPqnuiflStG/f8HRzr+T3CSOxJbEYELPKJUbB8inqarx84nY53FlKoaH22CjPSmwFtboRKWho42XgIgjqax48WGgTc9TI7nNkhrtBcwA24PuWC+8CwheFxZ4sqJCUCKLkHfW7SRGhBM9bDEtPI1ig+2ciIC+5tcThpCijxsIay3jjlSwXVKCHR+FtpIVC3uNNNTjPqinRGa12K/Blf1k1UstQl9yrMhgBEAVTIILyoaLzylKJqeQuIVL8/M3c12vxVDLVsZiDEyS1i54BWWbPvY+AaEGjfH3HnkINvJrTURnK5UdXV53bgOScCqnepANFTG7O/VsfZXVUVbP0CEt5+thj8XZ+xtpiJmZq/inSjORRAlHzLxxkf86oVTdTiZrxwjRq/LhjSommX0HrFzhdveBO52zpIQoBi1lZV6ixE3JY8drE+ea583CzdhGuQ9gVWzpDKhFX96qvV7mMgNWh5IvWc4TMMM3SWQ9A9zHNM3uiUYXccWWoETbpxh3K/9XpOhXeuXJK+geLt+r1rey2elDk36CooLOw3BhDb5KEylfwjq0JW8C8x4aUuZORs31Y3MAKwPHbjtEMzyv3ccWyzcKGRxXIiHC/D4iXim6dYtNJCFNrSaQIQjQZUy0lxEaE+Q3Z6DNgMDP6+RFLAbrqvKeTnC5HtwkkOgz325VuNNvH8/8SPMAKASlAJ3p2YsaDLWr1tELFxwiQWqPxuIy3AyJChRtNT6oUKQh/V2bTGV7AAcWpEn4c0w303KodZdwYRxHraA+clHnA9xk1hfch/NjlDX2jp4H5T35Z+Pvbm5fvNSe6mBfp1VbjYyR3J+khF6ngu3AB+7
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: e51cd95d-801e-4814-766b-08d8fabf517e
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2021 18:51:28.7617 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5b7lTCLUZWEv6rtaz7KzDEOSm1Lf27ibfxQbYrTuPFYZmk6A8dtIOab/h7ryP+IN9/s7xPk5ckyGP93Kt58Yxq1naolziz4NqrBFAUjhvfY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P190MB0611
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/T26hMmAdq6pmjhXopMw1umv07OM>
Subject: Re: [netmod] Client validation text [was RE: YANG Versioning Weekly Call Minutes - 2021-04-06]
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 18:51:38 -0000

Some of these make no sense to me and I wonder whether we really need
to define these.

On Thu, Apr 08, 2021 at 05:58:58PM +0000, Sterne, Jason (Nokia - CA/Ottawa) wrote:
> Hi Rob,
> I like the reformulation of this.
> Jason
> 
> From: Rob Wilton (rwilton) <rwilton@cisco.com>
> Sent: Wednesday, April 7, 2021 5:19 AM
> To: Sterne, Jason (Nokia - CA/Ottawa) <jason.sterne@nokia.com>; netmod@ietf.org
> Subject: Client validation text [was RE: YANG Versioning Weekly Call Minutes - 2021-04-06]
> 
> // As a contributor
> 
> Hi Jason, all,
> 
> In yesterday's meeting there was a discussion on this text, and Joe pointed out that any sensible client must validate its input.
> 
>    While incoming configuration data is checked according to YANG
>    constraints, constraints on state data sent by the server MAY or MAY
>    NOT be enforced.  The following guidelines are provided for client
>    application designers to allow a smooth interworking with servers.
> 
>    o  A client MUST tolerate any data received (or not received) without
>       crashing.

What is 'tolerate', what is 'without crashing'? Are we talking about
buggy parsers or buggy backend logic or backend logic fooled by
inconsistent values?

>    o  A client MUST be able to discard any data that is not part of the
>       model but is sent by the server additionally (e.g.  XML elements
>       or attributes, JSON properties).
> 
>    o  A client SHOULD be able to handle valid parts of a received data
>       set even if it discards other parts as invalid.

In all cases?

>    o  A client SHOULD be able to handle data that is outside the
>       valuespace defined, as long as it is of the same basic type.

Really? What does 'handle' mean? If a value makes no sense at all,
what should the client do other than discarding the value (and logging
an error)? Or is this 'handling'?

>    o  A client SHOULD be prepared to handle more items for a list or
>       leaf-list than what is defined by the model.

Again, what does 'handle' mean???

> Based on Joe's comments, I suggest that this text could potentially be written as something like:
> 
> 
> 
> 
>    Client applications are expected to perform sanity checking of data
> 
>    received from a server and to handle unexpected or missing data
> 
>    gracefully, e.g., this could include ignoring unexpected data, or
> 
>    logging unexpected values for further analysis.  Clients SHOULD NOT
> 
>    discard an entire response from a server because some data contained
> 
>    within the response is not expected.  Examples of well-encoded but
> 
>    unexpected data received from a server may include:
> 
> 
> 
>    o  Values that are outside the value space of a data node defined
> 
>       in the YANG schema, but that are within the value space of the
> 
>       underlying base type, e.g., if the value represents an unexpected
> 
>       error condition on the server.
> 
> 
> 
>    o  Additional data nodes, e.g., if the server implements a
> 
>       different, but compatible, version of a YANG module.
> 
> 
> 
>    o  A greater or lesser number of list or leaf-list items than the
> 
>       permitted range defined in the YANG module.
> 
> 
> 
>    o  Non mandatory data nodes that are sometimes missing from the
> 
>       response.  Noting that the server is expected to deviate any data
> 
>       nodes for which it will never return values for.
> 
> 
> 
>    o  Values that do not conform to the semantic constraints of the schema.
> 
> 
> 
>    o  Additional YANG meta data in the encoding (e.g., XML elements or
> 
>       attributes, JSON properties).
> 
> 
> 
>    NMDA [RFC 8342], section 5.3, provides additional constraints on the
> 
>    data that a server can return from the operational state datastore.

It might be necessary to write the security considerations text for
this.  From a security perspective, being lenient is often a
mistake. For example, if a leaf is of type inet-address, I rather not
have clients accepting any garbage strings as IP addresses.

I am not sure why we go into this. Which problem are we solving by
requiring clients to accept any garbage?

/js

> Thanks,
> Rob
> 
> 
> 
> From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> On Behalf Of Sterne, Jason (Nokia - CA/Ottawa)
> Sent: 06 April 2021 15:10
> To: netmod@ietf.org<mailto:netmod@ietf.org>
> Subject: [netmod] YANG Versioning Weekly Call Minutes - 2021-04-06
> 
> YANG Versioning Weekly Call Minutes - 2021-04-06
> 
> Focus for this meeting was going through Jason's review comments for section "3.1.2 Backwards-compatibility rules for config false and output data" of https://tools.ietf.org/html/draft-ietf-netmod-yang-module-versioning-02.
> 
> (A)
> Valuespace:
> - value space (with a space between the words): use 7950 meaning/definition (remove the definition in our draft)
> - make "must" its own bullet
> - don't particularly address "description"
> - Balazs propose updated text
> 
> (B)
> replace this:
> 
> "an additional state leaf can easily be discarded"
> 
> with this:
> 
> "the presence of an unexpected state leaf is not typically a problem and may be ignored by the client"
> 
> (C)
> replace "config=false data" in the 1st paragraph with the following (and keep the quotes - that is how RFC8342 presents it):
>                 "config false" data
> 
> (D)
> Lots of debate about the "client" bullets in 3.1.2.  Didn't conclude.  Perhaps just summarize and say clients need to sanitize data (give examples of data they might get, values outside range)
> 
> ACTION: focus on reviewing section 3.1.2
> 
> ----------------------------------------------
> Weekly webex call details:
> Meeting number (access code): 171 069 0374
> Meeting password: semver?
> Occurs every Tuesday effective Tuesday, September 1, 2020 until Tuesday, August 24, 2021 from 9:00 AM to 10:00 AM, (UTC-04:00) Eastern Time (US & Canada)
> 9:00 am  |  (UTC-04:00) Eastern Time (US & Canada)  |  1 hr
> https://ietf.webex.com/ietf/j.php?MTID=ma7627a2ae7b770537cff5f5b89293c70
> Tap to join from a mobile device (attendees only)
> +1-650-479-3208,,1710690374## Call-in toll number (US/Canada)

> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email