IETF Logo Mail Archive

Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Balázs Lengyel <balazs.lengyel@ericsson.com> Wed, 23 March 2022 22:06 UTC

Return-Path: <balazs.lengyel@ericsson.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE733A07A5 for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvkDLOomZ_L7 for <netmod@ietfa.amsl.com>; Wed, 23 Mar 2022 15:06:07 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB953A07A3 for <netmod@ietf.org>; Wed, 23 Mar 2022 15:06:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DRSgIWKvdEJj4yL+6+sdWqTAi9xYCSDXdMRNmKO3MPvxV1jwA02lkRND0svdhZWcv07ravjsnshDKy8Gh25CjHMQKkmQQtDXU0ejiMQDQKKND6AqqyMx1UQtOgdo4tXUtFvpUosNi9ECbBacENIDZf2tYrQqDV/DTAGt9vhfziy4Xvmwk9LZREVKzUwnMHOr6X60fA2KgGFbpj/u4B+dJHeHwjEopl+hhtTl0HSOe+fcvaSOK/Y6Hkr1TLqNoQ983d1kwyDERJAatovMiwWHLFu0p4tglaAtfZgMvnAN6YHKngbqEQ3rW2iD9UCdkD6MYZlvN4t8x9RHaow90BqQUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+SxWSsBL/em2qp8b7QF6rjmL6DTm30YJiEr3/gsDpEc=; b=Suibqg48xB0Mr1EMvzRuHUffpeT+7udK89ze7ftnrmyqxyc5fmQumoM8x0vkQNY5DIMvUfI3ukvX6RJwFquGP1G96Z0LQv1bnLbUGRzo4ysN39f13FQlgQtpaoLoHKdFPLVraF+En8YUFGnHy1aWGyWfGXDMQ4cX5MgWjROdxqX2lxjUYhbzi+fYF0iFUf6375Jjbon+6052iuDg3+e/Qbpx0KINSdkdM5LPLCzi6GsVDtakjLNOAupnf7dZox0ZwWbmE2vkV4xJdSrKwuWYoHjR5hkPOCkofe50yrozs+afoHyDgI/NL+sr3aYj/xElDplo+3Gsme3I4VFacfdU0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SxWSsBL/em2qp8b7QF6rjmL6DTm30YJiEr3/gsDpEc=; b=LZky/nfkboUbhs/R5jdhT/ysHB3p3a19ByLPd6ws7ZvismhuLmg60hR9aPvYKcz7ZADBfa8ghSKyKfSuOxO6shL7KRl0/PL4YSBKi+A6uW+7o0LOjmlDhC7sfLcBmmYz//B32Y9bM8RD+7ss1gkZCAicl901nyN1JaogWInxKOM=
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com (2603:10a6:800:6b::18) by PR3PR07MB6826.eurprd07.prod.outlook.com (2603:10a6:102:7f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.15; Wed, 23 Mar 2022 22:05:59 +0000
Received: from VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2]) by VI1PR0701MB2351.eurprd07.prod.outlook.com ([fe80::c540:395c:7164:f9d2%6]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 22:05:59 +0000
From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= <balazs.lengyel@ericsson.com>
To: Andy Bierman <andy@yumaworks.com>
CC: NetMod WG <netmod@ietf.org>
Thread-Topic: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
Thread-Index: AQHYPvIQIDcZg301ck2evcS37rlEr6zNduPAgAAGLYCAAAfisA==
Date: Wed, 23 Mar 2022 22:05:58 +0000
Message-ID: <VI1PR0701MB23518B3F1FB9EE3EE32C9FDAF0189@VI1PR0701MB2351.eurprd07.prod.outlook.com>
References: <CABCOCHRqZgCfH0j5XnEt0aK0fwVCaxe_aSHCAZn3jb0QLrDuKw@mail.gmail.com> <VI1PR0701MB2351A430BA5F2EEFE96CE094F0189@VI1PR0701MB2351.eurprd07.prod.outlook.com> <CABCOCHSY6CN7Xf05RtTF0jm1S6gLd1umr5BtG3pkkeCBu47Jyw@mail.gmail.com>
In-Reply-To: <CABCOCHSY6CN7Xf05RtTF0jm1S6gLd1umr5BtG3pkkeCBu47Jyw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e9976524-a389-472b-9d92-08da0d194ff1
x-ms-traffictypediagnostic: PR3PR07MB6826:EE_
x-microsoft-antispam-prvs: <PR3PR07MB6826CB6E27296D4C4AEE15FBF0189@PR3PR07MB6826.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PTOVEhUUeXwDFU5VnH1CwWkPUa/J8gvBn+gKE5xJmokVnnoJVx8Jf6u97H9UHm1c8/FU3l6u1Ony/+WPkxClY1m77ZNJOHVS+uCWjKA+pnRrx2++qXv3H8CIEo6GyE+lPftqMe2hsiEfNyVoi67IMArM8LRT1RAXdx5WzAwaEpPlHJ2z0WapAX9ctrVcoT2E++yJ1+03bMWtFjLmhBEdHplOThsm9vbFJMamZSwAwuAlxcHttOZhwdk6GEwJYSsiGX0YfU0E4E35B8x9pgtiwzkQxmolkuzdwyUCMR5Lxz8ag/VPE+d2LBJBMR/RHbA6l2N8FaFI+CxkHo/LLvr61cexVLLa2V45clQomQvPLUGEXafHI/CzVFICilcy2UvNKydIa7Y26M7SiB9qGSMj7EAAeKdVC+bJp6/7ABfUYL/wu3jci8ks7lVqAHtyu4615d0eV6k8CEqqsFiT8+nQ+yyASG7IZgUkS8yTSBeEt3A5yx8ySry0xfTWcckVh93qCTHCAwJ/DTHkJS4G8y4Jvyu8UhOLkYUOC+2iN598M6b12bg6UGOC5pARHVV5M1HBj5sCzyhjxmP/1VN+58Mz+QpF3nd6xIokyzkcWijvI1jtUMQEHB9NG2Qw4b3TLY4GZz2KxtlwRfr/ueMitawfvIkjyuhmjcaN6dOxe3oLVTUJUzhdbdd7zHIp1T/UNpUB0rS7+VWndl2GFH7jXZPSweMCX9WNMSLpe3PyiwRgIsIZ+uTPKknt7awjFNi/fgH/Ob03HBZxK2tuCt5GvDo9HzuZgHSGe41nNntLkWcD1Xw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2351.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8936002)(33656002)(76116006)(66556008)(5660300002)(2906002)(8676002)(66446008)(64756008)(66476007)(66946007)(7696005)(4326008)(316002)(6916009)(85202003)(966005)(55016003)(85182001)(52536014)(71200400001)(508600001)(186003)(26005)(66574015)(38100700002)(9686003)(6506007)(86362001)(122000001)(82960400001)(53546011)(83380400001)(166002)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?SlgxQXNKU2dxVW5vallVTzdNdVRBVzRnOEhLRE8rMms3b09ZVE5BaWpyN2Fl?= =?utf-8?B?VzkvbWw1K0FaWFcrcUpZbmlza2drNVUxaUY1SFZKa1JyVUpXN1hGL1l4eXpZ?= =?utf-8?B?VTNJL2JGOEExK2F5U0QvL29XUWlsZmlvNnlQUDFvbVBscTZzZ3dDckY3YTd5?= =?utf-8?B?MitDdHRlVG0vR3hDL1VST3VoakhmKzlRQU5ra0FKUmwrS3MwUy9MR3I4eG5W?= =?utf-8?B?TXNqb0NsZGxnaUEyQm55UWpqaXV0emJKMENIU3FoM2RnNE1RZklPSjNUVFJo?= =?utf-8?B?RHdtQzUzcmJLbnMyNGRadXc3cUsrUVpSRzVpdmFxMGtWUkRIYmdTMXhUNDJi?= =?utf-8?B?ODFkNGhob2dyS3l3bVcyK3FScGpDVVpNV0VqU3VMVGQ1VThBbjF4UjN6bEsz?= =?utf-8?B?YkRuUENvUThKNW5IYXp6OHVjTFZid0Rxc2RZVi9TdEFleFArTGhudUpSclUr?= =?utf-8?B?ejNIZGZzeEhjRjhKZko5WWdnSTV0ZjRMK2srSDhWbmJ4eEF3V0czcHNpZXVp?= =?utf-8?B?YldFcW5XdEg2UzV0bmQzcFhpYkt0RDcrY0ZGQ1RuU1pHWlFJRUlVSWpUWWR4?= =?utf-8?B?d1QvenVIdjcwamx4S2xjQ3hvN0ovVlhINVVEcitydHpTaUFlZnVVbkZMajVC?= =?utf-8?B?SnVwbVYzbU5BeDdlaUI5azRFbDdHQVE4d0J6cFdrUHFCTVpvRUlmVkhIOHBt?= =?utf-8?B?SWphTnNDald2OFBqQmJLcTRQUTI0Q1pHQzhOZm0xdC9LSHdXbUZtQi9zT0M3?= =?utf-8?B?TDRQYVpXQnV0N2ViWE5hSmVqK0grRnNEZDZLcDB2b29BL0pxRWpSaDBXMDhx?= =?utf-8?B?cGlENUNVU0Vva3NrbmI5Yzhtdm83V0FMZ0UyQlg3Y3hGN0QybkMya05PQllu?= =?utf-8?B?b0VENkZXdGxGL1gzNGJPVWpUUWQvVVc4TkE0Tk9oK3VhdUQxTUpJSGVSWmxh?= =?utf-8?B?bFUvejlCd1AyNUx6eXhMU1BLbmxXeGVranhLV1FEMkVnTVFNMlU5S1Y3K3BX?= =?utf-8?B?K1dhUU5kUEtUYnJFK2x5NE94U3ViQmRNVG92ZFJwdWpaQVFraW1SbWZnVVVv?= =?utf-8?B?dUd2SmtMem40eVlqSW5XZzBvWHgvK0RsbzgxWHhiTU90UEtSYmlmYXpvZUFD?= =?utf-8?B?eUhIWVNTeFlDRzJMbTc1WWFtTFBuM05CbEVEaXB4R1poY05oVzhoRnFCWS9v?= =?utf-8?B?MlpVbDhOUE10ZjBscDdLbkorUFJhdTlnWE9FcjU4eEpxbEVLKzNuOE9sVXNL?= =?utf-8?B?N1NLTml4TFNuaWVtR0FKaUM5VjJqSUFTc0todU5lbm9ZUEtNODFOeU1vbHVw?= =?utf-8?B?bmlBOCtjSHhDMnBEY2hHb2l3OHhKVC9xanNCZ3lzemw5QTFhT2N2K3l6KzV0?= =?utf-8?B?L0FDUWJNTUJiM0QyMmh6MG1nMzFLY1hJcExVM25pK3Nna3lVeG16b2NTWVhs?= =?utf-8?B?Ui96dTlrNWl0dWoyck04Ym9QVGQrYm1VZnhaU28zcFc4WFkvYWZtZTdDMWZ6?= =?utf-8?B?U3MxVUdKWDlML2Z0V1kvSXNGaFFsdW5EM2xLWmJiZHpMOGl6VEVDWTBOV1Z1?= =?utf-8?B?TDR2SnVIMXMyQjBHZmEyaGszUGFVUkRvYTdKNjhLOFJZekJCSS8rMm1ybk5W?= =?utf-8?B?VE9TOWlMdWxNOHRiZmtwUlFhYkRvQjhxN1VoNXM4UWd4eUExK1JwL2FjTU1C?= =?utf-8?B?cmFwVlJxN1JBQWlwMFA1ZndIR2RQYUcyMDhGc2thQ2IvQXV1WnpiZVFpR0pa?= =?utf-8?B?OGxoeVZ0bUNLZlFZOTZGSmhXQWc0NjFCYlhheWE1ejBwK3QzREVSdDgxY2FW?= =?utf-8?B?TVY5RzYzaitIeHAxUFI2THdyWlQ0R2pGRHRZMklmZUhxNk50aEszYlJsUVFU?= =?utf-8?B?dnFoamVLSWlJTk5QYWNXcXp4eE5scE1VNFhuOTBvZUQ0WGV2b3liMEZJU1o0?= =?utf-8?B?emN6NEVCbjZ0OUMwUVFqa0xFVURaVUZHNURqcVBmZ0FmUnFPYUt0NkpHbWZO?= =?utf-8?B?TTVqeUhlWkZ3PT0=?=
Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB23518B3F1FB9EE3EE32C9FDAF0189VI1PR0701MB2351_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR0701MB2351.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e9976524-a389-472b-9d92-08da0d194ff1
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 22:05:58.9330 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hlByvDBJqv+emFdnTNVQgr87BOUb8pmji63sIaTu1jjLkYMYF9sotqSft6ahwWsun93M51r2pacN6gUTMul/KnI5Yep+oeZ3YCoND9PuEVI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6826
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/w8YrHXX159_rTRsTogySz8EK1ls>
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 22:06:23 -0000


From: Andy Bierman <andy@yumaworks.com>
Sent: Wednesday, 23 March, 2022 22:32
To: Balázs Lengyel <balazs.lengyel@ericsson.com>
Cc: NetMod WG <netmod@ietf.org>
Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00



On Wed, Mar 23, 2022 at 2:16 PM Balázs Lengyel <balazs.lengyel@ericsson.com<mailto:balazs.lengyel@ericsson.com>> wrote:
Hello Andy,
I also propose an extension. (see my mail Review of draft-ma-netmod-immutable-flag-00)
In Ericsson we saw no need for exceptions, but do see the need for applying it to descendant nodes. Typically we need to protect a full subtree.

Why do you need the exceptions? Could you provide some use-case examples ?

I think create/delete-only and modify-only access modes are used the most, after no-access.
BALAZS: How is a modify-only data-node different from a mandatory data-node? It must be there but can be changed. It get’s an initial value somehow.
BALAZS: Any examples when would a create/delete only data node be used?

Applying to descendant nodes may be better, or may require more work to
undo the extension used in an ancestor node. This impacts the extension usage within a grouping.

BALAZS2: I did not include it in my mail, but we actually have one more rule:
“Top level statements in augment or groupings do NOT inherit
       the static-data value from containing nodes, they default to
       static-data false.”


Regards Balazs

Andy


From: netmod <netmod-bounces@ietf.org<mailto:netmod-bounces@ietf.org>> On Behalf Of Andy Bierman
Sent: Wednesday, 23 March, 2022 21:10
To: NetMod WG <netmod@ietf.org<mailto:netmod@ietf.org>>
Subject: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00

Hi,

IMO the problem should be viewed as a refinement to the
access control policy of the device.  A standard mechanism
such as a YANG extension would be better than a growing
mix of proprietary solutions.

We have such a YANG extension called "user-write" that is widely deployed.
A simple boolean is not fine enough granularity, so a bits type is
needed instead to allow control of create, update, and delete access operations.


https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-876c03f0bc610d95&q=1&e=c875257e-41f5-45d6-a9e9-871e5ebb4243&u=https%3A%2F%2Fwww.yumaworks.com%2Fpub%2Flatest%2Fyangauto%2Fyumapro-yangauto-guide.html%23ncx-user-write>


Andy

v2.8.7 | Report a Bug | By Email