Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt

john heasley <> Tue, 05 November 2019 17:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 73066120100 for <>; Tue, 5 Nov 2019 09:41:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6OoDgwC29Agp for <>; Tue, 5 Nov 2019 09:41:03 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id B6E50120104 for <>; Tue, 5 Nov 2019 09:41:03 -0800 (PST)
Received: by (Postfix, from userid 7053) id F277E21B71B; Tue, 5 Nov 2019 17:41:01 +0000 (UTC)
Date: Tue, 05 Nov 2019 17:41:01 +0000
From: john heasley <>
To: "Schönwälder, Jürgen" <>
Cc: john heasley <>, "" <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
X-note: live free, or die!
X-homer: i just want to have a beer while i am caring.
X-Claimation: an engineer needs a manager like a fish needs a bicycle
X-reality: only YOU can put an end to the embarrassment that is Tom Cruise
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Nov 2019 17:41:06 -0000

Tue, Nov 05, 2019 at 07:47:12AM +0000, Schönwälder, Jürgen:
> Yes to your point.
> But every time I read the phrase "setting some security data/passwords
> to the default value" I am feeling uneasy. The notion of 'default
> passwords' is scary and a knob to restore default passwords even more
> so. Perhaps the text should say instead 'removing security credentials
> and restoring default security settings'.

Yes, I'm suggesting that this "clearing" be a requirement, even if the
operator has the choice between clear "only the configuration" and
"everything."  "might" -> "MUST".

The fine line between too vague and too much detail must be found. >>>

In addition,the "factory-reset" RPC MUST
restore storage to factory condition, including
remove log files,
remove temporary files,
remove certificates, keys, etc
zero passwords,
<insert other things>

The process (SHOULD|MUST) zero/pattern-write then remove sensitive files
such as the TLS keys, configuration stores, etc.

The RPC MAY provide an option to limit the actions to factory reset of
the configuration.