Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-15
Kent Watsen <kwatsen@juniper.net> Mon, 21 August 2017 14:18 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD6DF13247A for <netmod@ietfa.amsl.com>; Mon, 21 Aug 2017 07:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.011
X-Spam-Level:
X-Spam-Status: No, score=-3.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 480QZHUStwNq for <netmod@ietfa.amsl.com>; Mon, 21 Aug 2017 07:18:19 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0114.outbound.protection.outlook.com [104.47.40.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110471321A8 for <netmod@ietf.org>; Mon, 21 Aug 2017 07:18:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=w36q/Swrr150hH/5RwsW8J5MfLQth5kexyO2KqMelLc=; b=QWFJcSBIipnP6SRz0TqPiqG/9YRF3vGSREUbSNHxgmL+6uSd2cbpLf7Mb5F+7/HEKl8aSm6L1aQEdcyKe6INHYDGLoR/ABBZM/vAUi4tUWzsBotPsrgSvCpyNo72WDyVB70p+t+MP6cNP/x051VOufj9C5GJoMHVIpxPPrGoYyY=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1106.namprd05.prod.outlook.com (10.160.113.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1385.4; Mon, 21 Aug 2017 14:18:16 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1385.008; Mon, 21 Aug 2017 14:18:16 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "Clyde Wildes (cwildes)" <cwildes@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-15
Thread-Index: AQHS+qgfFNU1WyBT406RudsboUthDKKD0SUAgAAwdQCACta0gA==
Date: Mon, 21 Aug 2017 14:18:16 +0000
Message-ID: <6AF622E8-1CDE-45B2-ADB3-241BA6F0F610@juniper.net>
References: <A9577A53-2B74-49E5-B87A-118C4AC4E2ED@juniper.net> <0558E64E-2CE7-4C3E-94C8-1CA7CE78171E@cisco.com> <A4CCB5EA-263B-480A-905D-B4D1992BF32A@juniper.net> <3660A72B-4169-4577-8AE3-F9DB6EADC0CF@cisco.com>
In-Reply-To: <3660A72B-4169-4577-8AE3-F9DB6EADC0CF@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1106; 6:sGL3lrOX9YSY5VQQMUQguUU4hE9DB4bLHWH5miabMg3roxk8TaOddkeKkIFw0PiCXtFtup06E6H4oLeoqTYw7ECUgJuPFL/9S2Ed5Y+i7BLqIuhUIrDM++51jbhiDBtmEYOZtCWih/Toufr1qYIefyDsfwfoMB6kl1CGIKcMD+k04TVdvnmzcqDMt6FMY+K8Gb5JpBigFwrsp9AbYm20sgS9waTPMheLeDOGZX3bhdIqkqjdlUfdb9/LJgXyUk7cwrdrvnz0z70zKRPsKKwayU1mBDauKG/xiJS9AOZWQ1Ct3IhbAktOHX7Tj+aC89+d+F+PpGjcXoKgGnGq0nmTYA==; 5:VazLC/rJFvKEi+CQrW8hJ/AcPvharUGJ/ihmht/1sfUYDZVBv+mEC3UPmx6MXT3J2Ilatw8RwQ49FT+DJP+w75W4mHhiAsuyeaRvodAlYeEHKM/NfbaEY/x1MxG/sdlH8NmhozP2VWR8dcO++tHmow==; 24:Gf41TTEA1wYAReZ82xSI/IPaSVWigmc8DHfWzCtdsu+Z/2zpmcLUYLWj0GMonhmwD5UK4kjzmZVS9W7WeIwimztVGIRNyPO0SSryNoQzIQg=; 7:9RhqsQMvYoHQ7oBTbrMDbJ7K55l1CVbo8HZYSoD1m5d/K2h2jQNXdnDDdIFGEVU8xOk9KZDYGOrNZ/ceXxmyp53dLLWGDyC/SxQX6AmdzKObGHWdAjC9jNVH4hdnMKh7/cEeDzkcx8eV3Xhq3dTixFibKwfaIwxaSmwPt+07P9szrZf6fU+mcW4tReFea6qDmMnt40Ce/G7NntIsFCsPozhw9cdoIEYUiKWJGtbhJ08=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 6d31a15f-9b83-44ca-0ae6-08d4e89f7753
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1106;
x-ms-traffictypediagnostic: BN3PR0501MB1106:
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-microsoft-antispam-prvs: <BN3PR0501MB110674B8FDF1600A3C88A907A5870@BN3PR0501MB1106.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123558100)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1106; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1106;
x-forefront-prvs: 040655413E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(189002)(76104003)(199003)(54356999)(76176999)(50986999)(82746002)(230783001)(6436002)(97736004)(189998001)(81156014)(81166006)(8676002)(229853002)(3846002)(7736002)(83716003)(36756003)(83506001)(6116002)(305945005)(102836003)(93886005)(2950100002)(66066001)(5660300001)(8936002)(2900100001)(3660700001)(105586002)(77096006)(6486002)(2501003)(3280700002)(33656002)(86362001)(6506006)(25786009)(6512007)(68736007)(99286003)(106356001)(53936002)(14454004)(478600001)(4001350100001)(2906002)(6246003)(101416001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1106; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <5E8CD69CDEB06D499E11086FBD4D7F5D@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2017 14:18:16.4676 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1106
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/bfLZ8nAljBLT2wxCbWzF1qElcmc>
Subject: Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-15
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2017 14:18:22 -0000
Hi Clyde,
Trimming down to just the active discussion points.
> 12. S3, P8: I'm having trouble understanding the pseudocode. What
> happens if S and/or F are not present? Can S or F ever not be
> present? - looking at the tree diagram, it seems like they might
> always be set to something in the model.
>
> [clyde] S or F might not be present.
In the YANG module, facility-list is keyed by [facility severity], which
means the values are always present, right?
[clyde] There are two paths specifying a facility-filter in which case S or F are present, or specifying a pattern-match in which case they might not be present if facility-filter is not specified.
<KENT> if this is what you're trying to say, then your pseudocode isn't right.
Regardless if you agree with me or not, you need to somehow make this section clearer.
> 14. S3.1: is /syslog/actions/remote/destination/tls/ missing an
> 'address' leaf?
>
> [clyde] not as far as I know
>
Looking at the tree-diagram, the 'tls' case doesn't seem to have the
address or port fields. FWIW, the ietf-tls-client module doesn't
provide these fields so that consuming modules can configure a normal
client versus a client listening for call-home connections...
+--:(tcp)
| +--rw tcp
| +--rw address? inet:host
| +--rw port? inet:port-number
+--:(udp)
+--rw udp
+--rw address? inet:host
+--rw port? inet:port-number
+--:(tls)
+--rw tls
<address/port missing here, right?>
+--rw server-auth
<more ietf-tls-client grouping here>
[clyde] Here is what the tree looks like in the latest draft…
| +--:(tls)
| +--rw tls
| +--rw server-auth
| | +--rw trusted-ca-certs? -> /ks:keystore/trusted-certificates/name
| | +--rw trusted-server-certs? -> /ks:keystore/trusted-certificates/name
| +--rw client-auth
| | +--rw (auth-type)?
| | +--:(certificate)
| | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
| +--rw hello-params {tls-client-hello-params-config}?
| | +--rw tls-versions
| | | +--rw tls-version* identityref
| | +--rw cipher-suites
| | +--rw cipher-suite* identityref
| +--rw address? inet:host
| +--rw port? inet:port-number
Address and port are there. Please clarify on what you think is missing.
This is what it looks like in the model:
case tls {
container tls {
description
"This container describes the TLS transport options.";
reference
"RFC 5425: Transport Layer Security (TLS) Transport
Mapping for Syslog ";
uses tlsc:tls-client-grouping;
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must be
specified: an ipv4 address, an ipv6 address,
or a host name.";
}
leaf port {
type inet:port-number;
default 6514;
description
"TCP port 6514 has been allocated as the default
port for syslog over TLS.";
}
}
}
<KENT> Sorry, it didn't see them way down at the bottom. In all my drafts, I have these leafs before the tls-client-grouping. Can you please switch the order around?
> 19. S4.1, in the 'severity-filter' grouping, why does leaf 'severity'
> have values set for enums 'none' and 'all'? When would these values
> be used, as opposed to the enum's name string? If you do need values,
> then shouldn't 'none' be 2147483647 (so nothing can be greater than it)
> and 'all' be -2147483648 (so everything is greater than it)?
>
> [clyde] ‘none’ and ‘all’ are set to values that are not defined in
> RFC 5424. These values were previously suggested by Martin Björklund
Fine, but let's re-evaluate the values now. Image having a variable x
and stepping through the selector list:
if x >= facility-list/severity then foo.
Now imagine it read:
if x >= 'all' then foo.
What integer value for 'all' would always ensure True? MIN-INT
Likewise, you can see that MAX-INT is the best value for 'none'.
[clyde] I will be change these to:
'none' 2147483647 (so nothing can be greater than it)
'all' -2147483648 (so everything is greater than it)?
<KENT> I think so, but we should get Martin's confirmation.
K.
- [netmod] WG Last Call for draft-ietf-netmod-syslo… Kent Watsen
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Kent Watsen
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Alex Campbell
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Juergen Schoenwaelder
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Clyde Wildes (cwildes)
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Clyde Wildes (cwildes)
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… t.petch
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Clyde Wildes (cwildes)
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Kent Watsen
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Kent Watsen
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… t.petch
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Clyde Wildes (cwildes)
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Kent Watsen
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Clyde Wildes (cwildes)
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… t.petch
- Re: [netmod] WG Last Call for draft-ietf-netmod-s… Kent Watsen