[netmod] J. Sterne comments on draft-ietf-netmod-system-config-00

"Jason Sterne (Nokia)" <jason.sterne@nokia.com> Wed, 22 March 2023 23:54 UTC

Return-Path: <jason.sterne@nokia.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 331FBC15154C for <netmod@ietfa.amsl.com>; Wed, 22 Mar 2023 16:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbeHcfrjNvaD for <netmod@ietfa.amsl.com>; Wed, 22 Mar 2023 16:54:09 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2072e.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06152C14CF1B for <netmod@ietf.org>; Wed, 22 Mar 2023 16:54:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M4w4Bh1M0rSi46Xr3/rEfYlEubug3IfSrQ1f+xslNxOjQrCghfoHpyYUkdZf6VtWvpkN0K45rMXbpLwAgErEJxlq4m6HUk0iCKnKNxHtqMcWBbF4v0j7nxWMifO4cIFEXY2m1C8QgZrWPGGkcsIyL6MUht1YT6tdfgu+Cuyv3VIz8un6WYKUZpTgYO4Dosf/DVwHdF1h3nmF8pBanIBW3GQs758foyFtAQplQzCoCRZaGRuUPBmLPf11M0fiywuOC954e4Zj/NoE9Lvnk7H8sGOzujPv+DFheMkE2Qq39Xe9n9B2PHMuBP1PUZUxfUf2IAKtbwVJE4fM/qUuQe8AWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v22z+6PhBMyPjfgZmn/DTt3bQsbkCan2MWpD7V6vVaw=; b=eMB37iSJ57/xoAPJzkzlu3yvBT0DduV99w1gVALH0hjEWC2CJrnjO4RSpQ8xCWcxanHft3hdcL6uztMz+j5sHJ4n2IA99z/vNs7vmY5DfPJCs0GOYCpJt2DBfmUFF/okk7W4HmfVA9w4wXWMKu1j9WT7Yi8H3ycdUi8VUvahmTtzElyope8DKg8AjLa9Gi3+50I0ZXYibjkRmsOPuUSfWAs87fGx4r2lSx4OSUgcgUL8zhGs98FfHyXErLItk4R24lo2IIUmxwTbmqH7LKG/Ve2p6o+SlunnScGMU2RrEY5oge3T14jYRn5Tcc2/qWDL/r69NA914NS19RLFUmHqNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v22z+6PhBMyPjfgZmn/DTt3bQsbkCan2MWpD7V6vVaw=; b=SGs8713ewS1juX167GSI7nnaeXSNx36BxKor1lnK+MDNHCFu2sjrCDBbvLkaFioIRg0ftcQCVKUtqiUDVkuZRACBBy9RI5cWtZ69T2RdASsx+YWpbE8hgye6ojhvdg1laNcVwsRNFZGyIGIosaOlhfzyFqRlP8viV5dqxDxWt9NW7sKe3ZpL+sZYk32vx56tKKNpiQdPziKwCMj7Z3yDJj0sirZgrMVo+38nAYzaKrpYbiU5TDrrOrYiLKu4sPOsHujrodeZvzG8m/cXU5VOPnSFZS6L4dI5mj1eDTmpLis0LbAz2DJuExfTDgR8qbPy519oK3mq1l4DYg+D3+ctdQ==
Received: from DM6PR08MB5084.namprd08.prod.outlook.com (2603:10b6:5:41::29) by SJ0PR08MB8012.namprd08.prod.outlook.com (2603:10b6:a03:3eb::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.37; Wed, 22 Mar 2023 23:53:59 +0000
Received: from DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::2ee0:8018:7be:86ba]) by DM6PR08MB5084.namprd08.prod.outlook.com ([fe80::2ee0:8018:7be:86ba%3]) with mapi id 15.20.6178.037; Wed, 22 Mar 2023 23:53:58 +0000
From: "Jason Sterne (Nokia)" <jason.sterne@nokia.com>
To: "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: J. Sterne comments on draft-ietf-netmod-system-config-00
Thread-Index: Adlc/KnUjIiiY9pPTnS8UQ80tfE9vw==
Date: Wed, 22 Mar 2023 23:53:58 +0000
Message-ID: <DM6PR08MB5084F85F1F2575C8B03899E39B869@DM6PR08MB5084.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR08MB5084:EE_|SJ0PR08MB8012:EE_
x-ms-office365-filtering-correlation-id: 0721c4c4-f8bd-46f5-5d36-08db2b30b41b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FTHQxlsC1GNURHIdfwkIBIBFqL48Q9B96UlEyeBwiUTaKtLL8666ATpoevrOWX/Mhq+qwivXG65/R2CRx2iDM/eutrq5E7i99c5IbsROJSJ8ptpcGqPmcEsJg5I9niwJ9i0hPPefkf4aFGb0A/2PvCwm1Ey+808p45HMusEepABF8HPskr8i/I6CYI4ybSFRdgTHZ5yUaLf5MKufDoHUXekkK60zW6eQMZKFSbjJm6sYxZWU6oAJGX8nEN93854DM3bMHErKlTKDbVAY/e9E5ofWXfbL5Zky2ihv6VpEXi0phHKHcQ8ej0k9bZcnI7M8GJpnfTdcp7YsONQbEuZon7s7cHx9bffQvqyMr1J+HxY0KJztYzgTk3Xv7m0lsgnGNWVU33auHqj14TmLCEuX59Jaz+hsazuqv0XLJOmYnBwW9Br/SS4XDdBhvgsHq2CJJxfUThJDNTwZQSMloVookd/2kVM/dR8PfnlmE1x/kFo9YjLRU6furMy4qMk4FWPW1QPh4rG2IpflDyv/frbLcv9+RrL2qcTHTMucwZUYcroqrvNLJf7m1QCIvdq3pa6wXqL0fb8NAELHUec8GPQR7P7DEejJl7tMfCK5ScjAiFlKKC2NvI7uykBuMgJfAm41U3FKE3/0WPHdDw7dW5LKVyvknrSZurLjIUJ/8NroD+ASv10j2kIBrQsfI53uUn2PKCEY1x3kSAwsA5BrHyVj6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR08MB5084.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(136003)(366004)(39860400002)(346002)(396003)(376002)(451199018)(8936002)(30864003)(122000001)(52536014)(41300700001)(5660300002)(55016003)(33656002)(38070700005)(86362001)(38100700002)(82960400001)(2906002)(83380400001)(478600001)(71200400001)(6506007)(7696005)(26005)(64756008)(9686003)(6916009)(186003)(76116006)(66446008)(66946007)(8676002)(316002)(66476007)(66556008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /nYUERjE1iRIE3eNqR7sVEqEM9pvzQ5zcTRA8MdvqBUVFJSel+g5DUOIfg4zCgmiDXS3qcpD05hYqwsy0+TY2CgEsQrvADtrXOHu/UsTG/Nm9+35BBa9+1WSl0h51hOni/az6MoOD8uN5ZUpDrqYeV5ZwFQNPTz03aWjwzPXMfifMK0uNz2R3VcGyda8Z3dJl6qfBVT9ex6F2qW9B4ZTHM/zy2PrTYny9t/NcX1HmB7c3z30JrYULQoAP6rRFBrkWkR+H/WvKOcMqPMuGTFVv14FZznmhsr8Ut3TEo4GLl3MurGBCKMYCDqZzYxc7DKtldK4rkilVsAqJLMhWPzE4KX9AcfACWrU0tiCEyTMZXSu8xBJvzEKYp2mN+L/NMk2XtHZ2KVwyWcz5ps9yetWKZFZVtiKw18aj9Gih6uVgoOLaGPAh9tLPJU5DNTitTRDXb+cjUXyY4pDBlMXu0Xk4KrfCq3IcqxX64Mk6pKSILEU0GsljhSEvzvoFGCfvyKsCiXXMKHhdthsNfZiGFIczmQVbi+yJxfERNCtMpI64LWCfvBBuHuesvbE05LyV476HJkfmzKfTzPyUgE6u16oqklZ+xShvRJFT16BuIcqbKoQydHGsQw7Wf7Vvv0e3WsCFGn5UYmdoIKxOtGqJ4dRU/jeaVrX2P0n58QP8Cs8w4niV68wAGX3s8vYR81ryGrXOP/WapyYUQjZwfO1BqQcuWgWXXtE4GdwoomCxWqpso8EPAqq3tdwjb7GE7XDF/l1LPpevB+GchbSh9qmUzNpIbnOznF/Xk3eqLeij5ig7sJmNDgZ22UAp4U3ZUYUPnqyHpaI6jZgNTmGDHHzmo+fYNo9I7AsoLFE6F6j6/FPkn3gFS1cqvUviYR4vWsYS4+3EyuFrBD4/K5HjTI52oV10IybeBvQicTsdSu5TNL6fi0YrI6faO1R6WF7enKp5v6Jx7gbMF+gGXxzUh3JlViIBceoxt1U5RQXiUu1FuXrbjiGcZ38vtPaKycMRAm+FJnIVbKL0YWhdlumf19MZADGx7QRL/qDKMgPVnSbez1sFXwsqqc3RpGqKUErTowViXmi/SRObcTWYkJnVh6qIhKCs4Oc2yF8U0sP5clHhPmiQSEbbFQVmm9CpubXf+zsP0uOEeUYPJzn5KPZNTr4lVACrtAKYwdaiyVuiaRMYvsbvVyU6Oh/6LrjDf7NGXFsAP3PsGlcUfjzTUzNWS+HeeJPmdu5Z08SnH6LcJvz6atDQV3TJXmPHtqh3eRi7V/iA3eLjZf4SmVPVLfW6gQOvksmyvgSpIOjCi+NV1tucgndSiKv0+M4pve/mWTJ8ZOz4oDPjuSO6DHjyXnzsnQtpY/JAJGHz0I76AEnw+WisU5RFltKa1gwek11AW7+c/jFYr5Ht8twsncQP1TJKXzj3tmXCBUyaST0nDWUg+V/feB+U4g/UoH9hkxlzHL9kJBZFAPNTGaSOd2LwCwH84MkzCgFBtIQ0VMcxge0jQuZY+Uft8eIFM6nJHc8BGUXInl+I9WGaZ5ZVrf6EaRxia86Sjl9F3eGDd4fA24M/qpERza062PQ9DexbXhdSGg9DGkJtmEy
Content-Type: multipart/alternative; boundary="_000_DM6PR08MB5084F85F1F2575C8B03899E39B869DM6PR08MB5084namp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR08MB5084.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0721c4c4-f8bd-46f5-5d36-08db2b30b41b
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2023 23:53:58.2548 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qJ8DkM9tL3AE79ZuixD7IADdyb+rmxTxr0p1Oo14WZ5gj+Z9LkLBnt5CbdWM+xWRsxpZUaADQCjWf13gIHsdVQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR08MB8012
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/XwgmNiHrOaK7IYjiEC0mno1FzAY>
Subject: [netmod] J. Sterne comments on draft-ietf-netmod-system-config-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 23:54:13 -0000

Hello authors and WG,

Here are a few comments and questions on draft-ietf-netmod-system-config-00. I've labelled them for easier reference/separation.

The first few are general items. The rest are from specific sections of the doc.

##################
(J1)
General

We may need to have a more detailed discussion (virtual interim call?) about the concept of resolve-system (i.e. the automatic copying). It may get complicated to make it fully usable for an operator.

  *   If resolve-system is used to have some objects copied into the <running>, is a client/user allowed to delete it?
  *   What happens to the system object running when all references to it are deleted by the client/user? Does the system remove it?
  *   What happens if some system config that was auto-copied disappears from the system DS (e.g. conditionally active, i.e. turning off the qos function)? It may be odd that it stays around in running.
  *   What is copied? Only the referenced leafs (e.g. the list key), or also the other siblings (other descendants of the list entry that aren't directly referenced)?
  *   What if a must statement refers to a leaf in the system DS, and the presence of that leaf is required in running to make the running valid. Is that copied as well? (We've mostly been talking about objects, aka list entries, and their keys being the target of a leafref)
  *   Section 3.2 mentions that config auto-copied into running isn't updated when that same config in system changes (during s/w upgrade). I think maybe servers that convert configuration during upgrade (a common approach) would want to convert/upgrade system config as well as any copied system config that exists in running.
  *   When a client deletes an override (e.g. of a mandatory leaf), does "resolve-system" populate the copy of the leaf again from system?

##################
(J2)
General

The terms 'active' and 'applied' (NMDA term) are used in a number of places in the document. We should probably clarify how those concepts differ, and define 'active' precisely (and if they don't differ, then just use one term). They feel like they don't always mean the same thing as NMDA 'applied' in this doc.

Some example uses in the doc:

  *   When the device is powered on, immediately-active system configuration will be generated in <system> and applied immediately but inactive-until-referenced system configuration only becomes active if it is referenced by client-defined configuration
  *   Configuration defined in <system> is merged into <intended>, and present in <operational> if it is actively in use by the device

##################
(J3)
General

It feels like the key concepts of the draft are:

  *   A get-config of <running> returns a config that is considered valid by the client or offline tools (i.e. the referenced config needs to be in <running>)
  *   System config shows up in intended and operational
  *   System config can be overridden

But I'm not sure if the availability of the <system> DS is a key critical piece. Should we consider making that part optional? (perhaps a SHOULD)

Note that Section 5 has the following sentence so others may have been thinking along these lines at some point as well:

A device MAY implement the mechanism defined in this document without implementing the "system" datastore.

(although this contradicts other statements in the current draft, e.g the statement in section 4 about it being mandatory).

##################
(J4)
General

Today in the industry there are several server implementations that consider their <running> DS valid even though referenced system config isn't present in the <running> DS.  In this draft, section 4 makes it clear that the referenced system config MUST appear in <running>. So a server that claims support of (conformance to?) this system-config specification would consider <running> as invalid without referenced system config present.

But what about servers that don't claim to support this system-config spec. Are they OK to continue treating their <running> as valid event though referenced system config isn't present in <running>? Maybe that's out of scope but I wasn't sure whether this is worth a discussion within the WG.

##################
(J5)
General

Should we drop/keep the <> brackets around DS names like <system>, <running>, etc? Those imply it is a leaf or other element but in NMDA it is a *value* (an identity) so you would never see it in XML brackets like that.

Note that the NMDA RFC does use brackets around the DS names.  They are a useful separator. Alternatively we could use single or double quotes but I'm not sure we do that much in other NETMOD docs for DS names.

In pre-NMDA, the DSes *do* have angle brackets around their use in get-config, copy-config, etc. (which is probably why we see it used a lot still).

##################
(J6)
Abstract

I'd suggest we use this sentence to introduce the key subject of this work first, then talk about some of the mechanisms second. Proposal: add this sentence before the rest of the Abstract:

This  document describes how a management client and server handle YANG-based configuration data that is created, modified or deleted by the server itself. The system created configuration elements can be referenced (e.g. leafref) by user controlled configuration.

Here are also a few suggested edits in the next part of the abstract. Replace this:

This document updates NMDA to define a read-only conventional configuration datastore called "system" to hold system-defined configurations. To avoid clients' explicit copy/paste of referenced system-defined configuration into the target configuration datastore (e.g., <running>), a "resolve-system" parameter has been defined to allow the server acting as a "system client" to copy referenced system-defined nodes automatically.

with this:

The NMDA [RFC8342] is updated with a read-only conventional configuration datastore called "system" to hold system-defined configuration. As an alternative to clients explicitly copying referenced system-defined configuration into the target configuration datastore (e.g., <running>) so that the datastore is valid, a "resolve-system" parameter has been defined to allow the server acting as a "system client" to copy referenced system-defined nodes automatically.


##################
(J7)
Abstract

The last part of the abstract uses the term "overlay". Is isn't clear what that term means. I think we probably need a sentence or two instead of just that word to describe the concept.

Note this "overlay" term is also used in the Introduction.

##################
(J8)
1. Introduction

Add "The" in front of "NMDA" in both places in the Intro (that's how rfc8526 for example refers to it).

##################
(J9)
1. Introduction

Here are some proposed edits for the 3rd paragraph. Replace this:

In some cases, the client references a system configuration which isn't present in the target datastore (e.g., <running>). Having to copy the entire contents of the system configuration into the target datastore should be avoided or reduced when possible while ensuring that all referential integrity constraints are satisfied.

with this:

Some servers allow the client-defined configuration to reference a system configuration object which isn't present in the target datastore (e.g., <running>). The absence of the system configuration object in the datastore can render the datastore invalid from the perspective of a client or offline tools (e.g. missing leafref targets). This document describes several approaches to bring the datastore to a valid state and ensuring that all referential integrity constraints are satisfied.

##################
(J10)
1. Introduction

Here are some proposed edits for the 4rd paragraph. Replace this:

In some other cases, configuration of descendant nodes of system-defined configuration needs to be supported. For example, the system configuration contains

with this:

Some servers allow the descendant nodes of system-defined configuration to be configured or modified.  For example, the system configuration may contain

##################
(J11)
1. Introduction

Here is a proposed edit for the second last paragraph (to match an edit proposed for the Abstract above). Replace this:

To avoid clients' explicit copy/paste of referenced system-defined configuration into the target configuration datastore (e.g., <running>), a "resolve-system"

with this:

As an alternative to clients explicitly copying referenced system-defined configuration into the target configuration datastore (e.g., <running>) so that the datastore is valid, a "resolve-system"

##################
(J12)
1.1 Terminology

Here is a proposed edit for the definition of "System configuration". Instead of this:

Configuration that is provided by the system itself. System configuration is present in <system> once it's created (regardless of being applied by the device), and appears in <intended> which is subject to validation. Applied system configuration also appears in <operational> with origin="system"

I'd propose this:

Configuration that is provided by the system itself.  System configuration is present in the system datastore (regardless of being applied by the device or referenced by other configuration nodes), and appears in the intended datastore. System configuration that is considered applied (according to the NMDA RFC8342) appears in <operational> with origin="system", regardless of whether that system configuration is referenced by user created configuration or not.

Note that I dropped the concept of "once it is created". The term "created" gives the impression that the user takes some action. We can explain later in the doc the details of how config may appear and disappear from the system DS.

I also dropped the part about validity. Let's keep the details of validity to the main body of the document. It feels odd to call this out here (and it highlights the validity of intended) without mentioning the validity of running (which is a key issue in this doc).

I'd propose we also remove "the complete" from the definition of "System configuration datastore".

##################
(J13)
1.1 Terminology

We do clarify later (section 3.1) that "System configuration" is different than RFC 8088 factory config. But it might be worth mentioning that right up front in the definition. Perhaps add this sentence to the end of the "System configuration" definition?

System configuration is a different and separate concept from RFC 8808 factory default configuration (which is all considered "conventional" origin, and is populated into the running only at startup time).

##################
(J14)
3.1. Read-only to Clients

I'd propose we break this sentence up to be clear that it is in intended even if not actively in use:
Configuration defined in <system> is merged into <intended>, and present in <operational> if it is actively in use by the device.

New sentences:
Configuration defined in <system> is merged into <intended>. It is also present in <operational> if it is actively in use by the device.

##################
(J15)
3.1. Read-only to Clients

Some proposal additional text about the RFC 8088 sentence. Replace this:

Any deletable system-provided configuration must be defined in <factory-default> [RFC8808], which is used to initialize <running> when the device is first-time powered on or reset to its factory default condition.

with this:

Any deletable system-provided configuration that is placed into <running> by the system at bootup, without being part of the contents of a <startup> datastore, must be defined in <factory-default> [RFC8808], which is used to initialize <running> when the device is first-time powered on or reset to its factory default condition.

##################
(J16)
4.3.  Servers Auto-configuring Referenced System Configuration

I'd propose to add the following sentence just before "RFC 7317 enables a client...":

An example of this type of opt-in behavior can be found in RFC7317

##################
(J17)
4.4.  Modifying (overriding) System Configuration

We should probably expand on this sentence:

But the leaf could not be deleted.

How about this instead?

The leaf (override value) can be deleted from <running>, but it can't be deleted from <system>

If deleting the leaf from <running>, while using "resolve-system", causes the system to copy the leaf again from <system> into <running>, we should perhaps mention that here.

##################
(J18)
4.5.1.  Server Configuring of <running> Automatically

About 10 lines up from the very end of the section, part of the response shows this:
          <application or:origin="or:system ">
            <name>ftp</name>
            <protocol>tcp</protocol>
            <destination-port>21</destination-port>
          </application>

But once the config has been copied into running, and can be read from running using <get-config>, isn't the origin really 'intended' now?

I'd propose to add a few words to the very last sentence like this:

Since the configuration of application "smtp" is not referenced by the client, and this server treats smtp as 'inactive-until-referenced', it does not appear in <operational> but only in <system>.

Jason (he/him)