Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
tom petch <daedulus@btconnect.com> Mon, 15 February 2021 11:55 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9D383A11D3; Mon, 15 Feb 2021 03:55:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYFQpubCKXSx; Mon, 15 Feb 2021 03:55:20 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2092.outbound.protection.outlook.com [40.107.20.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 274B23A11D1; Mon, 15 Feb 2021 03:55:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jenxdCJGMrUrar5m8ccj423Eap4zl6l4y8M9TN5kv/T5XRLXDfBB/nm+Cqcgezy7E0jixK/GlBtT6F71C99UbF0ZacASH9AV2JXT1WNgia65zSFRGvbs331ostOlZ28ALpXx8Qh5fPmStJSZv6u5Uqjvhu3fSand9faSc+zeiaBENqK+WKRCiqHcewbIsuQhgPkmYhHMLwMdoeB8rOEZBcsPGK71U1w0eicOGT5fH29jX67rOTJHU7NAJ0RfxD6jv8aOwLr8/byYgv/md0T8W5/nEKOK1cQLMOd65DUlSSqYWOTn+q1mRDZuFB/uEHD9Y5EGlPbJnX8qaMrWZJ3hCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Po/954+3UbGtb2zsjRH6Rnc6RNxjNLnNjIrQ/DziVbA=; b=kUyf4a8ohv1jpRHmAbhHI1HmOErgil1ieoZUsw7ZhvxyUqkeL5VH77e8gEgIbQcJ7e5yw9B82K3RV2hNsBCmpEUyNyrNbvMNygabH8G/VIonnCI9jERnmc7EtmAiJYMcD3V55Vm3qdi/6DMTM1u+UiJxpKQuobh/EIr3SausMhdLmNpEOTKhaH45EA8K4Z9FBTozhLeVPkPkY1sxePfabVX/Inoy1Rb2L/VQugNIY98IfPZmpWbx4djW063AAnQQcc8VYcWU4Ypkcf3rW7WWpBqJw6z7sr5rJpnvNhbeXBCSOSJHTuEJPVlWfLpPiqQPmGBRcYbj9UKULGCrpRDYAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Po/954+3UbGtb2zsjRH6Rnc6RNxjNLnNjIrQ/DziVbA=; b=AZE5+9ywcn+YBR6pBDs1JDe/mNLoodNzomYtakyanKocWfz8euZuPVN4a/I3hHrPT3iRq/Xjx2bwHjsHVn5OXWEzD2UBICWuXxFBDPvX+AJxwZyTkFCmjSl5wQvuMTuFZViapdK6Y+8w+htTpCjGDfPUeh++CINXR/h3T+jMRxc=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0702MB3599.eurprd07.prod.outlook.com (2603:10a6:803:10::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.12; Mon, 15 Feb 2021 11:55:17 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811%3]) with mapi id 15.20.3868.022; Mon, 15 Feb 2021 11:55:17 +0000
To: Dhruv Dhody <dhruv.ietf@gmail.com>
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com> <60266E12.6070207@btconnect.com>
Cc: NTP WG <ntp@ietf.org>, last-call@ietf.org, Ankit Kumar Sinha <ankit.ietf@gmail.com>, ntp-chairs@ietf.org, draft-ietf-ntp-yang-data-model@ietf.org, ek.ietf@gmail.com, Dieter Sibold <dsibold.ietf@gmail.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <602A611E.4020306@btconnect.com>
Date: Mon, 15 Feb 2021 11:55:10 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <60266E12.6070207@btconnect.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0167.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9::35) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0167.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3846.38 via Frontend Transport; Mon, 15 Feb 2021 11:55:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 976fd05a-fe58-4928-1b1e-08d8d1a88fcd
X-MS-TrafficTypeDiagnostic: VI1PR0702MB3599:
X-Microsoft-Antispam-PRVS: <VI1PR0702MB35992F8C51CF66BD092E18C1C6889@VI1PR0702MB3599.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: J6V+evr4u3ZCiA4xap7mxl+h7FIHRHtJkP3zv//qXQvVEgE+NIzVbUJNbA91uFo6Nm1mWOQ2DLwyvhsqlAzsB31orWSRJkiD4o3kzxNKWPDXDsLSRVJ8Fgq9+MqB2J0VLLkD6umohwo9MYMOmdl9+pyXCxMTdL2D9O04X2e0KfUvfpbUp3UOg239YZOlMVOo0j1HXnbEl/mtfqCM+/yer0GQfRferCgeNqRUWgJJ2VwmnkdbxvoJp6hZNjx7L3HT1f/W3owJ4VPuYF5u16BjjhszbG3TQqHMAlMUXgRCSHeL7jiV43wO3A1DysvrVODofsEJtAGy0kxEK7R8h8PuOXs1KQTJqKlXLUf9bOhTR1c0XRRGh/2Rds5sWm1k35kZcirtyxvtDFl+PHvhyOss0uxNPuP3cZSoRLrbVpLXrg+QInvNIlDuL8+SK2p13+vux7Yj8WjT4K8WiPDiLnIHt/sd1l0H1XN0VBDlyqY3GvZnMCyx6Jkw+CVH3b+4q4q6EHYA16qRCrJv/a1gjzKLehKR/ekW09YY7BE6RiOahm06j9zUTCVu9yu43fmPfINo/aQLmkekKm2dIbV4t2qOdL0AfkJSyiG83qsLpjuUB8lVOphKTZLhpMsADrapUOkf8byqkUX+3kIWBcY59YhSoDvXisdzcysYgB9mPjVjm2E=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(366004)(396003)(39860400002)(136003)(87266011)(33656002)(6666004)(45080400002)(86362001)(36756003)(8676002)(66476007)(54906003)(66556008)(30864003)(2616005)(956004)(966005)(66946007)(6486002)(478600001)(16526019)(6916009)(83380400001)(53546011)(4326008)(186003)(316002)(16576012)(2906002)(8936002)(26005)(52116002)(5660300002)(3076002)(21314003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: 5ACJRuP8lTP0fKaT5If2YNFedcIFv0b2c4BiWqtWHwj8NR9FA+3n6kVhpKmJ1Kf05x/bjHMv/y/rFrkwJ9jpBUPKa0pGj86ofJ5V/o0jGaQTesC9R79xXOKC8Vq2pQkGBKPdQSZbVap+1aPgeeOA4rmDiBT+cqaSJSP67cykiubaXFE0usLvonp0mRwpa6OhBkYKEPtgdyDIVedR2HYMrpJCah/esRBtFiOK+BTfOYRNUslbGiP9UKTyWj3H5JW+qyB3jtTM2gKPkyVL1i5OnQuQcknFsmoGMuZFgwbsb4YgRUcHGJ/CCFeakNHW2qXGRjfGoUmDALhe+4PSu7eUx5t1fgHH2tflOPMMcXhQH4nCZLzPiFS8MYkobkisF6fpz840JLMF4xYWMKBtaIovL0Fdtg3xFoMLrED9AP0pLDwlhgcMahTGw8j70TF/okIvpBH6qDLbJuCpS3M4zCCuGzlK48bU8e9bx4Xc1Z6F3jKTWvnlNQb2bzuK8N2ebxFO/psEB/AjmnO+FtXDN0f+MDrAUvwvUVLqwDwA5OmIfwdA3KqoefcVYGdbX9EFQlAgHEQyWk2IA7DNa+nHybRFpDk9MnPLUu3Cw1VX4wPzNfseB6tZ+s7ziqA1SpbvXUSw6yDR/+7QuIekGLSbW+mWfo8GqrlIMo1OXEhBMkL2PLjrCkAnaIWUPDV/NiwDjR6yY+B6R25t/Keb4X8VrDI/yADUbyvV/vHGmcdLXGSSs1on2CJ0zsViOAfl3cjvJ+ZZtCa40J0RQ9hhZ4W4+COjmPWP/SIer+3W3Yj28gQS3ABMOJUQnIOa/Z1+yGZzH/1L53iisieKd3Iz9giW+1q+Rm14W0o4pa88b1EbnsLXb0Q8kwoOZVo+1EHN/KHirt2Q8VxTZWlCd455Gjag4vsvcOorIPuw6PMhLVL5SIMUS0wd9WdHckJrJS+AbQ3orOAeD3kg8Mw4PYuKCxGZ8kj0wIbkg2Y4RfTLXOWTnUakeijfH75iyHRO5f3qb26Ht+7RA/SbgRer/6yHPDGMXAGwPyfyztIr/ZVSxLqYD2QzlzpNzhR73twcwGVtfoc0d0t71RCht8HFkYY+5iuf6QDLzDV9d79cqe24ViKuuM49jayLrCSiD+w0y8aK87zy+Mj1QbmgwjvjP61MnEMUmsVNwPsOK7XFGta0YvMmFmCzs8FFr2D01zw/kWBsrTuFeNYRdD8ht9L+jdALIzMwQjtFm15m6oY8FZsD4RZF2m3wZsb6pahuOOZ1YxG3ExA/rTjMpmm58BgjD1YI/HrORtUiX6gNBI/Ctk8os6xCfSGMTkseRCtV+BmlbW4fxk90lBc7
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 976fd05a-fe58-4928-1b1e-08d8d1a88fcd
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2021 11:55:17.3644 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eTU5zOtVLr2lZTpPGxDUZPYa7cVqorOzhcyAhSqqsqhaa0yZYNqQDE5QkBqcuWWE82oBH7IShwi6u9Q7tF/ntQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0702MB3599
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/DiG6Ko5ktHkb8ab7eJ-PGs7uZ6Y>
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 11:55:24 -0000
On 12/02/2021 12:01, tom petch wrote: > On 11/02/2021 09:39, Dhruv Dhody wrote: >> Hi Tom, >> >> Thanks for your review. I have posted an updated version of the YANG. >> >> https://datatracker.ietf.org/doc/draft-ietf-ntp-yang-data-model/ >> https://www.ietf.org/rfcdiff?url1=draft-ietf-ntp-yang-data-model-10&url2=draft-ietf-ntp-yang-data-model-12 >> > > That was quick! I have done a first pass but have yet to chase down the > references and one at least looks odd to me. I expect to complete the > process on Monday am GMT. Ian I have run out of time but have made a second pass. Some aspects still confuse me, where I cannot be sure of the correlation between YANG and RFC, notable time and mode; I want the words to be identical and they are not! identity access-mode { I do not understand. The RFC has protocol, association and packet modes but not access mode. This is perhaps section 3, but I am uncertain, the terminology is not quite the same, which is perhaps ok for an NTP expert, which I am not, but not in a technical specification IMHO. Thus you derive identity query-access-mode { but searching the RFC only yields a match in Security. I want the terms to be identical! In contrast, association mode is in the RFC and so I can see identity broadcast-client { which lacks a value for mode - perhaps 6. But I would still like a reference to section 3 for these. identity ntp-sync-state { is again troublesome. The RFC has #define NSET 0 /* clock never set */ #define FSET 1 /* frequency set from file */ #define SPIK 2 /* spike detected */ #define FREQ 3 /* frequency mode */ #define SYNC 4 /* clock synchronized */ whereas the I-D has identity clock-not-set { identity freq-set-by-cfg { identity clock-set { identity freq-not-determined { identity clock-synchronized { identity spike { which is close but I want them to be identical or a note saying how they are different. Then what is the difference between this and identity clock-state { which has identity synchronized { identity unsynchronized { Why have both? Other thoughts I wonder about the role of identity aes-cmac { base key-chain:crypto-algorithm; What does it add that a direct reference to AES-CMAC does not have? Why import key-chain. I am not saying it has no value but am unclear of that value. And leaf algorithm { could do with a reference for AES-CMAC. Some authors include the prefix on the module in the list of prefix; seems logical. typedef refid MD5 could do with a reference. leaf clock-stratum { What is syspeer? I do not see it in the RFC:-) leaf clock-precision { should be signed not unsigned I think leaf poll is indeed poll in section 7.3 but I wonder why 13.1 uses hpoll? Probably a comment on the RFC and not on the I-D. With ones from my previous post, below, that is it! Tom Petch > Meanwhile, > > s.6 > /For this reason, this YANG module allow/ > For this reason, this YANG module allows/ > > s.7 > This has lost its two character margin, needs insetting > > typedef refid I like, much clearer, but perhaps could do with a > reference for MD5, RFC1321 > > /Discountinuities in the value/Discontinuities in the value/ > in three places > > when 'false() = boolean(/sys:system/sys:ntp)' { > I am sure that this is valid but is not something I am used to seeing. > An aspect of YANG that I have never understood is when you have to spell > things out and when they are implicit and I think that all you need here is > when not <presence container> > but would want to verify that with a YANG doctor > > The definition of each possible values:/ > The definition of each possible value:/ > > leaf poll { > type uint8; > This seems wrong to me. Looking at s.7.3 > Poll: 8-bit signed integer representing the maximum interval between > successive messages, in log2 seconds. Suggested default limits for > minimum and maximum poll intervals are 6 and 10, respectively. > ie signed integer and not uint > > TTL good to have the reference - I was barking up the wrong tree > > I note > #define TTLMAX 8 /* max ttl manycast */ > I assume that this is a matter of choice - I see 255 in examples which > is at the other end of the spectrum > > leaf beacon { > type uint8; > I cannot find a definition of this in the RFC (which I think a defect in > the RFC). Reverse engineering the code I see beacon compared to > unreach, which is defined, as > unreach: integer representing the number of seconds the server has > been unreachable > which suggests that beacon is a number of seconds, and not a log base 2 > value or a counter; is this right? (The RFC should say IMHO) > > s.8 > /for illustration purporses./for illustration purposes./ > > > Back on Monday, all being well > > I got a bounce message last time from Yi saying on holiday until 22nd > February. > > Tom Petch. > > >> Please find my consolidated response below - >> >> Email 1: >> ======== >> >> On Mon, Feb 8, 2021 at 5:52 PM tom petch <daedulus@btconnect.com> wrote: >>> >>> I have two main problems and a lot of lesser ones with this I-D; given >>> the number, about 50, I am not optimistic that a single cycle of >>> revision will see them addressed. >>> >>> I see a potential loophole in the security which I will post separately >>> since the audience is likely to be different. >>> >>> References are missing or not specific enough so when I try to compare >>> values in the I-D with those of the protocol, either I cannot find them >>> or they seem to be different. Giving values to enumerations is unusual >>> in YANG, since NETCONF does not transmit them, and their presence >>> suggests that they are protocol values, in which case I want to see what >>> the protocol says. A reference to a 110 page I-D, with two updating >>> I-D, is inadequate IMO - section numbers are needed in every case. >>> >> >> I have added section numbers in most of the cases. >> I have changed enums to identity. >> >>> Introduction >>> should mention support, or lack thereof, for NMDA >>> >> >> Its present in Section 1.1 already, I have added keyword NMDA as well >> now. >> >>> 1.4. Prefixes in Data Node Names >>> | ianach | iana-crypt-hash | [RFC7317] | >>> the reference is wrong; this is an IANA- maintained module so the >>> reference must be to the IANA website >>> >> >> No longer using ianach in this update. >> >>> 1.5. Refrences in the Model >>> /Refrences/References/ >>> /refrenced in /referenced in / >>> >> >> Updated >> >>> 2. NTP data model >>> >>> I do not see the value of a condensed model followed immediately by a >>> full model. Perhaps the full model should be an Appendix although at >>> less than three pages, this is quite small and would be ok on its own >>> IMHO. >>> >> >> Updated >> >>> 4. Relationship with RFC 7317 >>> /supports per-interface configurations / >>> support per-interface configuration/ >>> >> >> Updated >> >>> 5. Access Rules >>> /refer access-mode) and attach different acl-rule/ >>> see access-mode) and attach a different acl-rule/ >>> >> >> Updated >> >>> 6. Key Management >>> /32-bits unsigned /32-bit unsigned/ >>> >>> /this YANG modules/this YANG module/ >>> >> >> Updated >> >>> NTP association (for example unicast-server), >>> /specefied/specified/ >>> >> >> Updated >> >>> 7. NTP YANG Module >>> >>> import iana-crypt-hash { >>> reference "RFC 7317: A YANG Data Model for System >>> Management"; >>> wrong reference - this module is IANA-maintained so the reference must >>> be to the IANA website >>> >> >> Not using iana-crypt-hash anymore! >> >>> contact >>> WG List: <mailto: ntpwg@lists.ntp.org >>> this is not the address I see on the datatracker >>> >>> the I-D has five editors but there are only two here >>> >> >> There are 2 co-authors marked as editors. RFC 8407 says the document >> author or editor contact information needs to be present. >> >>> typedef access-mode { >>> I cannot find this in RFC5905 >>> >> >> Section 9.2 and Appendix A.5.4. I have added section number in reference. >> >>> typedef association-mode { >>> this I can find but it ranges from 0 to 7 whereas the I-D has 0 to 4 >>> - is >>> this intended? >>> >> >> Changed to identity. >> >>> typedef ntp-sync-state { >>> this I cannot find; a search for 'spike' yields a value of 2 in the >>> RFC, 5 here - is this intended? >>> >> >> Instead of enum and values, changed to identity. >> >>> effect in XXX seconds."; >>> for what value of XXX? >>> >> >> Removed. >> >>> leaf packet-sent { >>> leaf packet-received { >>> leaf packet-dropped { >>> discontinuities in the value of sysUpTime."; >>> those who have been involved with network management for ten years or >>> less will likely not recognise this object. You could add a reference >>> but I suggest you replace it with a YANG-based approach; see for example >>> how draft-ietf-ospf-yang handles discontinuities >>> >> >> Updated as suggested. >> >> >>> leaf access-mode { >>> /defination/definition/ >>> >> >> Updated >> >>> leaf clock-refid { >>> ... reference clock of the peer to >>> which clock is synchronized."; >>> >>> I do not understand this. Presumably this corresponds to >>> type string { >>> length "4"; >>> from the three type union but what object is this? >>> >> >> I created a typedef and cleaned it up. This is as described in Section >> 7.3 of RFC5905 under Reference ID. >> >>> leaf clock-offset { >>> examples could do with units to make it clear that it is '1.232mS' and >>> not '1.232s' >>> >> >> Updated >> >>> leaf address { >>> type inet:host; >>> this includes the domain name, which I see no mention of in the RFC >>> >> >> Changed to inet:ip-address >> >>> list associations { >>> /and isconfigured is required/and isconfigured are >>> required/ >>> >>> leaf address { >>> type inet:host; >>> as above, the description seems to ignore the option of the domain name >>> >>> leaf refid { >>> same union as for leaf clock-refid, but a completely different >>> description, neither of which I understand. >>> >> >> Updated (all of the above). >> >>> '20.1.1.1' >>> this address would appear to be assigned to Microsoft, not an >>> affiliation I see among the authors. Is the company ok with this? >>> >> >> Updated to 203.0.113.1 >> >>> leaf reach { >>> type uint8; >>> is this the 8-bit p.reach shift register? reference needed (again:-) >>> >>> leaf unreach { >>> ditto >>> >> >> Added. >> >>> leaf poll { >>> type uint8; >>> units "seconds"; >>> description >>> "The polling interval for current association"; >>> is there a useful default? 2s appears in the RFC in places >>> >> >> No default in this case. >> >>> leaf offset { >>> as above, the example values would be clearer with units >>> >> >> Updated >> >>> leaf transmit-time { >>> type yang:date-and-time; >>> description >>> "This is the local time, in timestamp format, >>> at which the NTP packet departed the peer(T3). >>> If the peer becomes unreachable the value is set to >>> zero."; >>> I think, but am not sure, that a yang:date-and-time can never be set to >>> zero, the syntax does not allow it; the usual approach with YANG is a >>> union with another type which can indicate a special condition - int, >>> boolean, etc >>> >>> leaf input-time { >>> type yang:date-and-time; >>> ditto >>> >> >> Thanks, updated as per your suggestion. >> >>> leaf ttl { >>> type uint8; >>> description >>> "Specifies the time to live (TTL) >>> TTL does not exist in IPv6 >>> >> >> This TTL is not related to IP. See section 3.1 for manycast and >> updated with reference. >> >>> uses common-attributes { >>> description >>> /attribute like/attributes such as/ >>> >> >> Updated >> >>> leaf ttl { >>> type uint8; >>> description >>> "Specifies the maximum time to live (TTL) for >>> TTL does not exist in IPv6 >>> >> >> As above. >> >>> uses common-attributes { >>> /attributes like/attributes such as/ >>> >> >> Updated >> >>> leaf beacon { >>> what are the units and is there a default? Is there a maximum of 15? As >>> ever, a reference could tell me. >>> >> >> Added reference >> >>> 8. Usage Example >>> lots of examples but none for IPv6 or JSON >>> >> >> Added one IPv6. I dont think we need add one for JSON as well. >> >>> 8.1 >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> sys: is a defined prefix and must not be re-used >>> >> >> Oops, updated here and all other instance! >> >>> <refid>20.1.1.1</refid> >>> as above, is Microsoft ok with this? >>> >> >> Updated to 203.0.113.1 >> >>> 8.2 >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> sys: is a defined prefix and must not be re-used >>> >>> 8.3 >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> sys: is a defined prefix and must not be re-used >>> >>> 8.4 >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> sys: is a defined prefix and must not be re-used >>> >>> 8.5 >>> "224.1.1.1" >>> would appear to be a reserved address. Other RFC used 224.0.1.1 >>> >> >> Updated >> >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> and again, twice >>> >>> <address>224.1.1.1</address> >>> as above >>> >>> 8.6 >>> "224.1.1.1" >>> as above >>> >>> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> as above, twice >>> >>> 8.7 >>> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> as above >>> >>> 8.8 >>> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> as above >>> >>> <refid>20.1.1.1</refid> >>> as above >>> >>> 8.9 >>> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >>> as above >>> >> >> Updated in all cases. >> >>> 12.2 >>> [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model >>> wrong reference in the wrong place >>> this is an IANA-maintained module and so the reference must be to the >>> IANA website; and since the module is imported, the reference must be >>> Normative. >>> >> >> No longer using iana-crypt-hash. >> >>> Tom Petch >>> >>> >>> ----- Original Message ----- >>> From: "The IESG" <iesg-secretary@ietf.org> >>> To: "IETF-Announce" <ietf-announce@ietf.org> >>> Cc: <ek.ietf@gmail.com>; <ntp-chairs@ietf.org>; <ntp@ietf.org>; >>> <dsibold.ietf@gmail.com>; <draft-ietf-ntp-yang-data-model@ietf.org> >>> Sent: Friday, January 29, 2021 10:39 PM >>> Subject: Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data >>> Model for NTP) to Proposed Standard >>> >> >> >> Email 2: >> ======== >> >> On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@btconnect.com> wrote: >>> >>> This is my second response to this Last Call, about a possible security >>> issue. >>> >>> RFC8573 seems clear that MD5 must not be used to effect security for NTP >>> but this I-D imports iana-crypt-hash which allows MD5 without any >>> restriction, so is MD5 allowed or not? >>> >>> There are features defined which allow the hash in iana-crypt-hash to be >>> restricted but this I-D does not use them. >>> >>> Probably iana-crypt-hash should be updated - I will raise that on the >>> NETMOD WG list. >>> >> >> No longer using iana-crypt-hash, instead made this change to allow all >> sort of key formats - >> >> OLD: >> | +--rw key? ianach:crypt-hash >> NEW: >> | +--rw key >> | | +--rw (key-string-style)? >> | | +--:(keystring) >> | | | +--rw keystring? string >> | | +--:(hexadecimal) {hex-key-string}? >> | | +--rw hexadecimal-string? yang:hex-string >> END >> >> The comment related to use of MD5 still applies. I have not yet added >> a check for the algorithm. I have updated the description and security >> consideration to highligh that MD5 is depricated as per RFC 8573. Lets >> see what the IESG suggests... >> >>> The I-D also uses MD5 in a way that would appear not to be security >>> related, to hash an IPv6 address. >>> >> >> This is as per RFC 5905 - "If using the IPv6 address family, it is the >> first four octets of the MD5 hash of the IPv6 address." >> >>> In passing, this I-D has three references to RFC7317. This is wrong - >>> the module is IANA-maintained and so the references should be to the >>> IANA website. >>> >> >> No longer using iana-crypt-hash. >> >>> The secdir reviewer might be interested in my thoughts. >>> >>> Tom Petch >> >> >> Email 3: >> ======== >> >> On Tue, Feb 9, 2021 at 4:40 PM tom petch <daedulus@btconnect.com> wrote: >>> >>> A separate thought to my previous two. >>> >>> Section 4 is very keen that this I-D and the system module which >>> configures ntp SHOULD NOT coexist but this is not enforced by the YANG. >>> >>> It could be. Import the system module and make the presence container >>> in this I-D dependent on the absence of the presence container in >>> /system/ntp. >>> >> >> Updated as per your suggestion! >> >> ==== >> >> Thanks again for your detailed review. It has improved the YANG model >> significantly! >> >> Thanks! >> Dhruv & Ankit >> >> On Sat, Jan 30, 2021 at 4:09 AM The IESG <iesg-secretary@ietf.org> wrote: >>> >>
- [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Hal Murray
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: … Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Danny Mayer
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… James Browning
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Christian Huitema
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Martin Burnicki
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch