Re: [netmod] [Incoming] AD review of draft-ietf-netmod-factory-default-12

"Rob Wilton (rwilton)" <rwilton@cisco.com> Tue, 25 February 2020 10:23 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3A503A089D; Tue, 25 Feb 2020 02:23:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FAOtnvDV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ZVQ/5pAg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmcmu0ySaa73; Tue, 25 Feb 2020 02:23:12 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3C253A088F; Tue, 25 Feb 2020 02:23:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=39718; q=dns/txt; s=iport; t=1582626191; x=1583835791; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=tpH3lYxnPXnvWbMjC1IgKxcTkJb4uPCpNyAgp4uzHzM=; b=FAOtnvDVOYDQlXEFXTz6miiVqPXvE4zSU0BX8kk3+sKDLLur57PmO8bF Fjq1Rq8KUu9JonvGM8joZlswOMrzjBdr00nIGrVZObl5xih+aWdQS2qYg XHbjNcEWzclSbiszEU7MPcZLHq2uH7OMC1Tl6eLDGSBVa+SRT142w700u Q=;
IronPort-PHdr: 9a23:uODIaBVeC0L62Htrz0Gopcjreh3V8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtankgA8VGSFhj13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArEwB/9FRe/5RdJa1lGwEBAQEBAQEFAQEBEQEBAwMBAQGBe4ElLyQFJwVsWCAECyoKhAqDRgOKcjOCLJgUgUKBEANUCQEBAQwBAR8OAgQBAYRAAhc1AQSBLCQ4EwIDDQEBBQEBAQIBBQRthTcMgimDOgEBAQEDEhEKEwEBNwEPAgEGAg4DAQMBASEBBgMCAgIwFAMGCAEBBAENBQgagwWBfU0DLgEOkTqQZwKBOYhidYEygn8BAQWFAhiCDAMGgTiLfiYagUE/gRFHgU5+PoJkAQEDgUkBAhgrCYJbMoIskGWFcJlFCoI8h1GPMIJJiBuETot8jnCBTYcvkksCBAIEBQIOAQEFgWkiKoEFCx5wFRohgmxQGA2OHYEnAQmCQoUUhUF0gSmLSQEnBIEHATBfAQE
X-IronPort-AV: E=Sophos;i="5.70,483,1574121600"; d="scan'208,217";a="459561206"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Feb 2020 10:23:09 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 01PAN5vu030143 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 25 Feb 2020 10:23:09 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Feb 2020 04:23:08 -0600
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 25 Feb 2020 04:23:08 -0600
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 25 Feb 2020 05:23:08 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AFnrf8b9Y5akGgoSR5GmSH2rhpf6q4qvBKE0DpXwfgAW0kyhRk/IX6KoQelyGYQB1edzJ2wRzIaqBSCTjQKaUQR/4WHX4ZaeMZioS6290xVSO4qel6DG6pVMYRhT5QUmhzLIKQOzWctkuJ2Z+3NDubvjS88hkLSulFXoD2YXzwhZW+oO6cIPDoq+5L3ezK11S2quk0t3cIpu5lzFnxwrW5Er5N4qrqytoVvCqbHz15Ovz6hi5btUpy1EEU5vEyMCMB5cZT311H+NZ8O46suXCt25RYopt/felE34QN8LQ51kRbKhRGM6Hh43k+9+Cc79IWWni6a+RW8AG9cXD1UdIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tpH3lYxnPXnvWbMjC1IgKxcTkJb4uPCpNyAgp4uzHzM=; b=cax4qDKzZJ7NKYZSB56WxhP34AXagkkr9CleoJ0ljHzWT5ztHJEqzlKgOutOzhXwzlUK8lgdSpEVoRkxIqjX4Rm8jEiRb+gVL4kCXd1LhLU3kM23Tv2Z/6I0uRMB9NDbAO52AfYFoEapVE7tftHfE/cfucz8LOZvV0r01mCDqOkcukR2CvJAJfmcDTcgs2XQ2NxobRVApcMNw0IFfR1Dz1GGs/N9RZ6Rl7RfjPRz1JqHgCMHLZNc6RSASK1nDYTgur9gZewYoWMqRkUajuNqsC4TTDKdHp/IhVOm+oVlCF2ml4VzvttINS13n74kavY/QPZ9+TMPI9YaFaLij1VYGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tpH3lYxnPXnvWbMjC1IgKxcTkJb4uPCpNyAgp4uzHzM=; b=ZVQ/5pAgs6235vxE7VVjVYvWoUwHW+CqEZGV9wbeqfOgQ7KLgTL1WCCPjOQ0fFyWCtpBrhXgw/UJEybJ3uuOMVu5wwi5SylyBMI9mXWddWeotZ6uVaMOn4OJZFK9UmanpT0BqGNDsZmUoa+WZylGucLEaiCvaH3LyU1S8WgTilA=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4461.namprd11.prod.outlook.com (2603:10b6:208:192::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Tue, 25 Feb 2020 10:23:06 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::b9ce:1058:5fa6:44a1]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::b9ce:1058:5fa6:44a1%7]) with mapi id 15.20.2750.021; Tue, 25 Feb 2020 10:23:06 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Qin Wu <bill.wu@huawei.com>, "draft-ietf-netmod-factory-default@ietf.org" <draft-ietf-netmod-factory-default@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
CC: Warren Kumari <warren@kumari.net>
Thread-Topic: [Incoming] AD review of draft-ietf-netmod-factory-default-12
Thread-Index: AdXrgaJW15GUCIJxTyeJn+VVC6Y7WQAQuEsA
Date: Tue, 25 Feb 2020 10:23:05 +0000
Message-ID: <MN2PR11MB4366648110251DD62D24CAC2B5ED0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <B8F9A780D330094D99AF023C5877DABAAD4E1E1D@dggeml511-mbx.china.huawei.com>
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAAD4E1E1D@dggeml511-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [173.38.220.55]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e945a0bc-8109-4787-ebf4-08d7b9dcb40e
x-ms-traffictypediagnostic: MN2PR11MB4461:
x-microsoft-antispam-prvs: <MN2PR11MB44612FB2CC71D57534CE8951B5ED0@MN2PR11MB4461.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0324C2C0E2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(366004)(396003)(346002)(189003)(199004)(55016002)(5660300002)(86362001)(9686003)(6506007)(53546011)(8936002)(316002)(7696005)(4326008)(110136005)(9326002)(52536014)(81156014)(33656002)(2906002)(8676002)(26005)(71200400001)(478600001)(186003)(76116006)(66946007)(81166006)(66556008)(66446008)(66476007)(64756008)(21314003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4461; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DWCfsF3xRVSDs0bU2KiQmsbhCFTcEmqdBeftIEn8odrBnck5wwBMG1lUhEOLoriAe+T73ab64qelB0FcnJORg9GDpTefOMSuNg1ORrotJXWcq2L8/klBTzTklWqxZ7FcwK7Uf8gFkKGZeGvFaWfmonJL+JIEnJU6sCN7rWXbOmdBYSsYWyHHw/vzgFJezd9DNBwMWo+mk89cENzeNrK6SpX1GneWIOP7DlCZ+Baz5BUjUYOnIzcms12TIdb4OUxXDuIgSqti5zM6wCERSQFfarZ8oBT2eCFGP86LB41cdMZ6xfRihlb69yfZmK6+W/nw2/vKWt6n2Zsg2fmBRqTQ8xoTSSVvVUnr0Jz8QHXg/FMQPhwXBCA8LK+8h7NRb5NM1xRWaQPJRMBtqaRNNWqAj/WbEoMZ4pdYkGO01lw+SZM1cNb8vSfxkcDQzNUWtDaoEbVAVbhcOR+OAP3tNCAQTBsRl/ef3vLnnq14M9m2yUqHyYNfrXq8p/GV6VE6QhWtNFCoOnu9ydVtsGMqKDC8Bwd1whLdgPwMU68miQbBKaQ/fbdlAEePlQ+TUZr74EB/
x-ms-exchange-antispam-messagedata: v2z+ikqs5humA4OGFT9t6f4a0dTSVMyqZzcndl6teptvf1cThw2vfYCLorBIoZtBATIuZ+njVUz+l7HTo5LMCJ/zJnPwgRikciDTKyi6Nemc9NmMvO7m7i12T8Tv4jGGiTZ4vR65Fx7vpq61OVS2Ig==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366648110251DD62D24CAC2B5ED0MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e945a0bc-8109-4787-ebf4-08d7b9dcb40e
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2020 10:23:05.7996 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aNYFiJGDHNCzbcKUdw6NGi9uxG7+gM9BeoaeAF2nW7GLR0InzwLP/BNlYTbnQELDU2lTFQtaHT4nA9IgL2098g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4461
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/rHrsXmVQF3-m9u9ZI-Cf8ycO7i4>
Subject: Re: [netmod] [Incoming] AD review of draft-ietf-netmod-factory-default-12
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2020 10:23:15 -0000

Hi Qin,

Thanks for getting back to be me quickly.  Please see [RW] inline …

From: Qin Wu <bill.wu@huawei.com>
Sent: 25 February 2020 02:22
To: Rob Wilton (rwilton) <rwilton@cisco.com>; draft-ietf-netmod-factory-default@ietf.org; netmod@ietf.org
Cc: Warren Kumari <warren@kumari.net>
Subject: RE: [Incoming] AD review of draft-ietf-netmod-factory-default-12

Thanks Rob for good review and proposed text, I will incorporate them in v-13, the only comment I am not sure is comment 3, I have nothing to add for instruction for RFC editor besides
RFC Editor note in the YANG data model code to remind the RFC Editor to replace RFC xxx and related date to actual RFC number and publication date respectively.
[RW]
I think that’s fine, it just means the instructions for the RFC editor can be very short.

But there a couple of other considerations for the RFC editor:

-        Do we expect that the date of the YANG module to also be updated to when it is published?

-        There is also a request to the RFC editor that appendix A be deleted before publication.

Thanks,
Rob


-Qin
发件人: Rob Wilton (rwilton) [mailto:rwilton@cisco.com]
发送时间: 2020年2月25日 0:05
收件人: draft-ietf-netmod-factory-default@ietf.org<mailto:draft-ietf-netmod-factory-default@ietf.org>; netmod@ietf.org<mailto:netmod@ietf.org>
抄送: Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>>
主题: [Incoming] AD review of draft-ietf-netmod-factory-default-12

Hi,

Thanks for writing this document.  I found this document to be well written, clear and understandable.  However, there are a few issues which I think could be addressed before kicking off IETF LC.

I have the following comments:


  1.  Title: The title of the document may be clearer as: “A YANG Data Model for Factory Default Settings”.


  1.  Abstract: I would suggest condensing the abstract, which is currently very similar to the introduction, perhaps to the following text:



 “This document defines a YANG data model to allow clients to

  reset a server back to its factory default condition.  It

  also defines a “factory-default” datastore to allow clients

  to read the factory default configuration for the device.



  The YANG data model in this document conforms to the Network

  Management Datastore Architecture (NMDA) defined in RFC 8342<https://tools.ietf.org/html/rfc8342>.
   ”


  1.  Introduction: It might be useful to include instructions for the RFC editor at the beginning of the introduction to summarize what actions are required before publication.



  1.  Terminology (section 1.1).   For the definition of the factory-default datastore, I would add the sentence “This datastore is referred to as "<factory-default>.”



  1.  Terminology (section 1.1).  I propose that you also important the term “datastore schema” from RFC 8342, for use with a proposed update to section 3.



  1.  Section 2, third bullet.  It might be better to replace “ephemeral datastores” with “dynamic configuration datastores”, since that is the reference is RFC 8342.



  1.  Section 3, first paragraph.  I suggest removing the word minimal, i.e. “preconfigured minimal initial configuration” => “preconfigured initial configuration”, since it isn’t required that the factory default configuration is minimal, although it would normally be so.


  1.  Section 3. I think that the document must define what the schema is for the “factory-default”.  Hence, rather than “YANG modules: all”, perhaps “YANG modules: The factory default datastore schema MUST either be the same as the conventional configuration datastores, or a subset of the datastore schema for the conventional configuration datastores.”


  1.  Section 3. Probably add the following sentence to the end of section 3: “If supported, the factory-default datastore MUST be included in the list of datastores in YANG library [RFC 8525].”  This would probably also add RFC 8525 as a normative reference.


  1.  YANG module, rpc factory-reset description.  I suggest changing the description to



“The server resets all datastores to their factory default content and any non-volatile storage back to factory condition, deleting all dynamically generated files, including those containing keys, certificates, logs, and other temporary files.



Depending on the factory default configuration, after being reset, the device may become unreachable on the network.”


  1.  I think that the security section needs to explicitly mention that non volatile storage is expected to be wiped clean and reset back to the factory default state, but that there is no guarantee that the data is wiped to any particular data cleansing particular standard, and the owner of the device MUST NOT rely on any temporary data (e.g., including private keys) being unrecoverable after the factory-reset RPC has been invoked.


Nits:

Section 2:
“are all reset to” => “are reset to”
“datastores(e.g. “ => “datastores (e.g., “

Section 3:
“with <operational> => “with the <operational>”.

Section 7: “, Susan Hares to review this draft and provide important input to this document” => “, and Susan Hares for reviewing this document and providing important input”.

Regards,
Rob