IETF Logo Mail Archive

Re: [netmod] draft-bjorklund-netmod-structural-mount: Namespace issues

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Thu, 24 March 2016 14:05 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A1C712DC06 for <netmod@ietfa.amsl.com>; Thu, 24 Mar 2016 07:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEh1SHu6EaqM for <netmod@ietfa.amsl.com>; Thu, 24 Mar 2016 07:05:36 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6FD012DC09 for <netmod@ietf.org>; Thu, 24 Mar 2016 06:59:06 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id 9C65A1027; Thu, 24 Mar 2016 14:59:05 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id gnbo6Z__DL8V; Thu, 24 Mar 2016 14:58:47 +0100 (CET)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Thu, 24 Mar 2016 14:59:04 +0100 (CET)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id 8805720044; Thu, 24 Mar 2016 14:59:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 2rWf2NdbcO97; Thu, 24 Mar 2016 14:59:03 +0100 (CET)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id CB24620045; Thu, 24 Mar 2016 14:59:02 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 7DC003A5111A; Thu, 24 Mar 2016 14:59:01 +0100 (CET)
Date: Thu, 24 Mar 2016 14:59:00 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Ladislav Lhotka <lhotka@nic.cz>
Message-ID: <20160324135859.GB69205@elstar.local>
Mail-Followup-To: Ladislav Lhotka <lhotka@nic.cz>, Martin Björklund <mbj@tail-f.com>, netmod@ietf.org
References: <1458566013189.55874@pantheon.tech> <m2h9fxmd0i.fsf@birdie.labs.nic.cz> <20160323.220116.2259282208531577772.mbj@tail-f.com> <m2k2kst7gn.fsf@birdie.labs.nic.cz> <20160324131300.GA69205@elstar.local> <56CC98F5-63FF-4ED8-8B8C-C3C8C305DC8C@nic.cz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <56CC98F5-63FF-4ED8-8B8C-C3C8C305DC8C@nic.cz>
User-Agent: Mutt/1.4.2.3i
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/aFGqudTsljIAeczUsBsO60qX8L4>
Cc: netmod@ietf.org
Subject: Re: [netmod] draft-bjorklund-netmod-structural-mount: Namespace issues
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 14:05:39 -0000

On Thu, Mar 24, 2016 at 02:47:33PM +0100, Ladislav Lhotka wrote:
> 
> > On 24 Mar 2016, at 14:13, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> > 
> > On Thu, Mar 24, 2016 at 12:56:40PM +0100, Ladislav Lhotka wrote:
> >> Martin Bjorklund <mbj@tail-f.com> writes:
> >> 
> >>> The fact that anydata can represent "really anything" does not mean
> >>> that every server MUST allow the client to create "really anything"
> >>> for all anydata config nodes.  It will depend on the semantics of each
> >>> particular anydata node.
> >> 
> >> Schema validation is effectively disabled for anydata nodes. This may be
> >> a problem especially for implementations that perform validation as a
> >> separate step, perhaps automatically from the data model.
> >> 
> >> And with schema validation out of the way, it is easier to exploit
> >> potential bugs in the server.
> >> 
> > 
> > Lada, as far as I recall you wrote an I-D that proposed to mount data
> > anywhere. So what did change your mind that you now want strict schema
> > validation?
> 
> With YSDL, the schema validation is absolutely strict: The server provides a list of modules and revisions in yang-library, and a recipe how the modules are combined. Everything is fixed and static, as it is without YSDL, only some of the schema subtrees are attached to non-root locations. As I said in the interim, YSDL is just an externally specified augment.  
>

But the same applies here. This discussion is about how to arrange
things such that _old_ clients that do not understand mounts break.
At least that is what I thought.

> Take the rtgyangdt model, for example. If a mounting mechanism is in place, a client that doesn't understand it will only see a void top-level structure, which is hardly useful.

Yes, but it does not _break_ an old client (which likely is not
interested at all in the stuff it does not understand).
 
> > understand which schema is 'loosened'? Can you give me an example of
> 
> Loosened means exactly that anydata is used. For example, a rogue client may use it to send data that test the robustness of the server's Unicode implementation.

We have been there. Since the server understands the model, the server
will reject bad input.
 
> For instance, a server implementor can place a rock-solid off-the-shelf RELAX NG validator in front of the backend and rely on it to catch everything that violates the schema. If anydata is involved, the RELAX NG validator will, well, relax, and pass everything to the backend.
>

Again, the server understands the data model, it will not implement
anydata.

> > 'partial' compatibility and 'loosened' schema? Do you have a counter
> > proposal that avoids these issues?
> 
> Sure: avoid anydata, and forget about supporting clients that don't understand mounts.

So you propose a flag day from which on all clients must support
mounts? Not very realistic I think.

I believe not breaking existing clients is a key requirement in order
to allow incremental deployment of new features.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email