Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt

Martin Bjorklund <mbj@tail-f.com> Wed, 06 November 2019 07:36 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3692F120024 for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 23:36:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfwC0m4k1tPl for <netmod@ietfa.amsl.com>; Tue, 5 Nov 2019 23:36:01 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1A2120026 for <netmod@ietf.org>; Tue, 5 Nov 2019 23:36:01 -0800 (PST)
Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id A05531AE018B; Wed, 6 Nov 2019 08:35:59 +0100 (CET)
Date: Wed, 06 Nov 2019 08:35:30 +0100 (CET)
Message-Id: <20191106.083530.29371404693452077.mbj@tail-f.com>
To: bill.wu@huawei.com
Cc: kent+ietf@watsen.net, heas@shrubbery.net, netmod@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAA93EB7DD@dggeml531-mbs.china.huawei.com>
References: <B8F9A780D330094D99AF023C5877DABAA93EB7DD@dggeml531-mbs.china.huawei.com>
X-Mailer: Mew version 6.8 on Emacs 25.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=utf-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/uSU6oAf5JRR7YixVnltivtp0Cjc>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 07:36:03 -0000

Qin Wu <bill.wu@huawei.com>; wrote:
> 发件人: netmod [mailto:netmod-bounces@ietf.org] 代表 Kent Watsen
> 发送时间: 2019年11月6日 3:27
> 收件人: john heasley <heas@shrubbery.net>;
> 抄送: netmod@ietf.org
> 主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-04.txt
> 
> 
> 
> Yes, I'm suggesting that this "clearing" be a requirement, even if the
> operator has the choice between clear "only the configuration" and
> "everything."  "might" -> "MUST".
> 
> The fine line between too vague and too much detail must be found. >>>
> 
> In addition,the "factory-reset" RPC MUST
> restore storage to factory condition, including
> remove log files,
> remove temporary files,
> remove certificates, keys, etc
> zero passwords,
> <insert other things>
> 
> The process (SHOULD|MUST) zero/pattern-write then remove sensitive files
> such as the TLS keys, configuration stores, etc.
> 
> [Qin]: Okay, here is the my proposed change:
> OLD TEXT:
> “
> In addition, the "factory-reset" RPC might also be used to trigger
> some other restoring and resetting tasks such as files cleanup,
> restarting the node or some of the SW processes, or setting some
> security data/passwords to the default value, removing logs, removing
> any temporary data (from datastore or elsewhere) etc.  When and why
> these tasks are triggered is not the scope of this document.
> ”
> NEW TEXT:
> “
> In addition, the "factory-reset" RPC MUST restore storage to factory condition,
> including remove log files, remove temporary files (from datastore or elsewhere).
> It MUST also remove security credentials and restoring default security settings including
> remove certificates, keys, zero passwords, etc. The process invoked by the "factory-reset"
> RPC SHOULD zero/pattern-write than remove sensitive files such as the TLS keys, configuration
> stores, etc. The RPC MAY also be used to trigger some other resetting tasks such as restarting
> the node or some of the software processes, activating the factory-default config which in turn
> enables zero touch provision (ZTP).
> ”
> If you have better text, feel free to share.

I think your previously proposed text that didn't mention ZTP was
better.  Also, "MAY also be used to" sounds like it is the client's
decision, so I suggest changing the last sentence to:

  The RPC MAY also trigger some other resetting tasks such as
  restarting the node or some of the software processes.


/martin



> 
> The RPC MAY provide an option to limit the actions to factory reset of
> the configuration.
> [Qin]: we have add  nacm:default-deny-all on RPC we proposed. Security section will be enhanced
> Based on Andy’s comment in the separate email.
> 
> Strongly agree.
> 
> Kent // contributor
>