Re: [netmod] Murray Kucherawy's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)

Qin Wu <bill.wu@huawei.com> Sat, 18 April 2020 09:18 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B02F3A044F; Sat, 18 Apr 2020 02:18:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1hYgVcI_T4nA; Sat, 18 Apr 2020 02:18:58 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F33613A044D; Sat, 18 Apr 2020 02:18:57 -0700 (PDT)
Received: from lhreml709-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 6E77A366156F012DB556; Sat, 18 Apr 2020 10:18:53 +0100 (IST)
Received: from lhreml709-chm.china.huawei.com (10.201.108.58) by lhreml709-chm.china.huawei.com (10.201.108.58) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Sat, 18 Apr 2020 10:18:53 +0100
Received: from DGGEML402-HUB.china.huawei.com (10.3.17.38) by lhreml709-chm.china.huawei.com (10.201.108.58) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1913.5 via Frontend Transport; Sat, 18 Apr 2020 10:18:52 +0100
Received: from DGGEML531-MBS.china.huawei.com ([169.254.5.134]) by DGGEML402-HUB.china.huawei.com ([fe80::fca6:7568:4ee3:c776%31]) with mapi id 14.03.0487.000; Sat, 18 Apr 2020 17:18:48 +0800
From: Qin Wu <bill.wu@huawei.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-netmod-factory-default@ietf.org" <draft-ietf-netmod-factory-default@ietf.org>, "netmod-chairs@ietf.org" <netmod-chairs@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: Murray Kucherawy's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)
Thread-Index: AdYVYjLUePLKaZjcTZG/tG8KOZXIcQ==
Date: Sat, 18 Apr 2020 09:18:47 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAAD5FBEFD@dggeml531-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.123]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAAD5FBEFDdggeml531mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/nOsfzw3nRLRcYObvrverEGA7fIs>
Subject: Re: [netmod] Murray Kucherawy's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2020 09:19:00 -0000

Thanks for your suggestion, will consider them as a whole.
发件人: Murray S. Kucherawy [mailto:superuser@gmail.com]
发送时间: 2020年4月14日 0:39
收件人: Qin Wu <bill.wu@huawei.com>
抄送: The IESG <iesg@ietf.org>; draft-ietf-netmod-factory-default@ietf.org; netmod-chairs@ietf.org; netmod@ietf.org; Kent Watsen <kent+ietf@watsen.net>
主题: Re: Murray Kucherawy's No Objection on draft-ietf-netmod-factory-default-14: (with COMMENT)

Hi Qin,

On Sun, Apr 12, 2020 at 8:12 PM Qin Wu <bill.wu@huawei.com<mailto:bill.wu@huawei.com>> wrote:
Section 2:
* "All security sensitive data (i.e., private keys, passwords, etc.)  SHOULD be overwritten ..." presents a choice.  Why would an implementer not do this? *
[Qin]: This was outcome of the discussion, see the following link:
https://mailarchive.ietf.org/arch/msg/netmod/qrU_71AkP42lnkR6KnfaMsoSgCs/
i.e., folks concerned to restore security data and password to default value, that's we introduce clean requirements to address this concern.
"Implementors SHOULD reboot the device or otherwise restart processes needed to bootstrap it." leads me to the same question.
[Qin]: To make default configuration take effect, the device reboot is recommended, but in some case, the IP address reachability of the device may be lost, therefore bootstrapping may be needed.

For both of these I suggest mentioning in the document the reason it's a SHOULD and not a MUST, i.e., describe a situation when it might be okay to do something other than what it says.

(Reminder: These are not blocking comments, just suggestions.)

Thanks for considering these suggestions.

-MSK