Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
tom petch <daedulus@btconnect.com> Fri, 12 February 2021 12:01 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8B43A15D2; Fri, 12 Feb 2021 04:01:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvkXhUVK_h35; Fri, 12 Feb 2021 04:01:30 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80127.outbound.protection.outlook.com [40.107.8.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C10F3A15D1; Fri, 12 Feb 2021 04:01:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JYfQy2q262QiiFEmIvEoiuw0tiQ0UU2EeKk7D1BOVmTENPX6DUxREx2PAVbWJMn/i+QcSMhXE8ZydXwR4cPUC3MmvxdJ2ZQY6//FnDYuccUpl4DY95YB15cGQvD1pfOrHYBnbKnvzO/zKy2C+qrS/sEnr0+vzi1oaUQI7alNwiVfyenmSht9CHK+3HU+yjLRV9a+NxHAy/DKM2RgJRD/682G1Y7BaagZi4CWeamiV48cb1YAHxrU6I+/zBkQPLsD9aUwpFNvcFqj50tKa9I74rWT6OeyrxMNgQ9L+ggpG8lFgS94AMP2u312j1O5Dg3txrqho/RhwUTzulNSw3XhBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1zGAhthi8FHBtKBJAB3Ps7OZBFIY/Upt+n2KAU51YKY=; b=FONfxUGix8NpwORFfyxZOANz2/H7cpTXgrv8S5HQoExElbeN2dktWjVdhrdSEI3yzfckBnKm6/txujqPyGj+3nvJBjImMEudI2go8U0E3ANuErQ34Bzxkxm65tm7PenCy5O5DEmabdKcWJuNX+M67ZQIdw8/MWRXdOiOHjnUzVzvt4E7czbq2Z+8/IxtCeaMcAozyZGhSZciodOXm6YylEVkUjCybs/EOHPSbnoo27JtRO0OXoYFFNEse2+CJ0XVw1ydPfTeODFDl/LGaJhSXtlCbi5RNac9rrNz8on0NJJfO7Tp1ZbLtYWX3dDm1341lEIjlQUDw7SXIP6M7hAyJA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1zGAhthi8FHBtKBJAB3Ps7OZBFIY/Upt+n2KAU51YKY=; b=mUOPvQ5eeJjkpZL5S/MXuwUBNzL6nbmyLF7r7svoaJIg37DBPfZ37n0mfG6Q23jQI7q6XzbwGKuoCpBwaGWWwpRjIv35R/GQ32mdKVHQVfRiwYHpe/WZxbtZM7TWblCwaChwc9Iy4+MbnCZ2kF32btCovvprQN+I7pAk+PZj9ww=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2541.eurprd07.prod.outlook.com (2603:10a6:800:6c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.12; Fri, 12 Feb 2021 12:01:27 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811%3]) with mapi id 15.20.3868.015; Fri, 12 Feb 2021 12:01:27 +0000
To: Dhruv Dhody <dhruv.ietf@gmail.com>
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com>
Cc: NTP WG <ntp@ietf.org>, last-call@ietf.org, Ankit Kumar Sinha <ankit.ietf@gmail.com>, ntp-chairs@ietf.org, draft-ietf-ntp-yang-data-model@ietf.org, ek.ietf@gmail.com, Dieter Sibold <dsibold.ietf@gmail.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <60266E12.6070207@btconnect.com>
Date: Fri, 12 Feb 2021 12:01:22 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3825.20 via Frontend Transport; Fri, 12 Feb 2021 12:01:26 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a012f443-46ec-42d3-70f9-08d8cf4ded36
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2541:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB25413638737A1486CF7A93D2C68B9@VI1PR0701MB2541.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: E8pFyC3kaiqQBVlEOwbLG14MRiYIwwLHb1I8TFI46soI2i1WE9+3pPkJICHGL6rgtGFjkXYjdxviIppdt47K9gxUbG4cmXxh2aADUkBKpJmkvbiN2+kGbwxZmJyyAmBite22i1nNAt72le8CNFDLJegQ7mxy8aINE8S3fWlH7JZXyY+QIhotVa9i1aPJkRdHThotDBUCqzCIQMu0n8llJeWcdCPygyxZXv7sLov0XNVcgRsBVEAF9r0LjAAyXoMRDrtL0MUlkcnhmXJR8rVPM+E7x+Pw3EfnNHik5mqFxAuItJAT4wwg/5EIu5yFU6JQaD50H4OddSU2hvIHBsLic6C2+/06LaiVxugasqvwaiJtWj7i3hKby2izBuI1lyaY2tM5yTreC0tN6OgXBoDIB7pU9l6kjpW3lCPcjBeFEP87W9PQIBQByeEUr7QZCTsfnNwkiUgbONhQ1zzLlcfvAStU8fBTAqzPEkg4EX0VqAsrTzPGqqEOxvlJ3QPJsyO35/q2yPITr2YYQgUTRLjRcE9aaqp3SF3BCb3Zqq3suuFM5iJN/noGxpT5gQwaT/CH/Hy6wxn+moPsLjf0+5XRYBVk7yyUgExaNb4q+HKlgBl2lEq0Gk3BpjoKZBGTyrsvZYf6Hehteh8CmPzTpl4+qg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(376002)(136003)(346002)(366004)(396003)(45080400002)(33656002)(4326008)(6916009)(8676002)(36756003)(53546011)(26005)(316002)(54906003)(16576012)(186003)(8936002)(6666004)(16526019)(6486002)(2906002)(2616005)(956004)(52116002)(87266011)(30864003)(966005)(66556008)(86362001)(83380400001)(5660300002)(478600001)(66476007)(66946007)(21314003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: SFzgktjaeLzNAb8Cmek0G0H9B9q83yVXoQEqxLEa8bJTYZTObeHQVZTFg6z61NIGC1c1IdFv/rkdFXNJ4RYj5C6pFUtmAAtdRvPO6FbIYHgjFfWajptqhaT9Fb/6fAC2iZ18+i8sq43ZUvpvChH52IlPAvGfMLdrxHQ8KoWmhC6seFTC1WKwNOX+HtAC3RM32h/LFT4Ms8zL8bdY3qUJ8Q6Q41Z1wZgyGlWCSGKnaLixzsI5YCNwiiZTSYihmx5BnBpPlZRhjaNRVwSyMmqzcljYlw371dJR9EIq4AQp8uegX+t6+KFQKRk3JDi4sJliCfMDYLaiD0TFjHiIY/YZV4NkjnDPahX8LF0lNP14leqaDEQN6pqmbHrxiyFfvgRP69PSAC89D920lJFWbyh24ZsJTI3NmC+fVUMarybxVnyWfxenGMCw+NpntLqGLTBhzeAHlOj556qzhOOS43VqF8//FyfgFIGbeiPaP+NyCh6EpASyQZzkur38d4WAUzfYwAbwNnDyNeDJU/U/XNpx87cvf0dDi5Lo1+7pABOPI70e9ax+iw2LculOvjsTSNlPJjP9E/3D8NNMMqqKwbp/l1bu67SkzDZvVOPyvtmxGwcVhZZXw4BxJC6li8XVvgrvBtA7B7dtrrg4rOVqijuqPqfVVpACokgC7WSjzxJ2PlNe/ytZVAwAfKRV4HhVoGRbvoEm4yQQOf+BDSSlJU1ZZmjVowyfh32wj8GZANzKSwueBo15ljQTvHYyP5qMMXAbmZAJCzK5Ouxde3XiK7rPeixsWuWE0KiKnC0D/cZqe+Sksz69AEvayIF/75hlsWl1bIzYo9uVk1fPGkPxb9MVsz7NHUFRtwFkhjOUVLFH7LfBTWsLfky4z5+SLXmUHdLJVZS611RzJwqB5XHnAa7m3mrVMLOpIcFgBHH6DUM6rQW2UdETr3tqYbDIZdnr2pmc+Ktd34HtVYiRUZ8ow6WZlhMw29j1ZaW9KakEOUcwJkSt1oxaX+P1zwVpYuIReWGW1T1GgfyKnOL/17cD8434d29HtEC5o8n++rb0lNbG+CTUyMQHZ4apBgprk2+iKQm+VWlEMhxKsgL3kqMg7siqX+nn7pJxBqOpCWVfIS/91g0YHFIVN4xZg+7lgVlZt50dKge2vIpg+ohG5Lw7x6WUSs2E21gaZKllaqzxk0b4vXsSAt8AnP6cIjkWwA5Y7pEmhUHOmRe3IeqklTjGO7R68baRd81Nlj6bdNIuI8Q80jr7HWuELak8g+RrqL84cWjviPgtGemG0Ppg8Y8vlGGI/91oTkfw53VJJ7XzB15eVKX7ohU3Jouz53DqRfqxOMK3
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a012f443-46ec-42d3-70f9-08d8cf4ded36
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2021 12:01:27.8436 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: IFnLL4GvlAL6MrZl62JfWBS9XpnrbZ5BKDHME9347m2XEggrASeCVG1RPp7s8k6jbEXV53uyg45wrX0Bie3pnQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2541
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/MstLpkxVePB2UqoMcCXOO-aM5bI>
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 12:01:34 -0000
On 11/02/2021 09:39, Dhruv Dhody wrote: > Hi Tom, > > Thanks for your review. I have posted an updated version of the YANG. > > https://datatracker.ietf.org/doc/draft-ietf-ntp-yang-data-model/ > https://www.ietf.org/rfcdiff?url1=draft-ietf-ntp-yang-data-model-10&url2=draft-ietf-ntp-yang-data-model-12 That was quick! I have done a first pass but have yet to chase down the references and one at least looks odd to me. I expect to complete the process on Monday am GMT. Meanwhile, s.6 /For this reason, this YANG module allow/ For this reason, this YANG module allows/ s.7 This has lost its two character margin, needs insetting typedef refid I like, much clearer, but perhaps could do with a reference for MD5, RFC1321 /Discountinuities in the value/Discontinuities in the value/ in three places when 'false() = boolean(/sys:system/sys:ntp)' { I am sure that this is valid but is not something I am used to seeing. An aspect of YANG that I have never understood is when you have to spell things out and when they are implicit and I think that all you need here is when not <presence container> but would want to verify that with a YANG doctor The definition of each possible values:/ The definition of each possible value:/ leaf poll { type uint8; This seems wrong to me. Looking at s.7.3 Poll: 8-bit signed integer representing the maximum interval between successive messages, in log2 seconds. Suggested default limits for minimum and maximum poll intervals are 6 and 10, respectively. ie signed integer and not uint TTL good to have the reference - I was barking up the wrong tree I note #define TTLMAX 8 /* max ttl manycast */ I assume that this is a matter of choice - I see 255 in examples which is at the other end of the spectrum leaf beacon { type uint8; I cannot find a definition of this in the RFC (which I think a defect in the RFC). Reverse engineering the code I see beacon compared to unreach, which is defined, as unreach: integer representing the number of seconds the server has been unreachable which suggests that beacon is a number of seconds, and not a log base 2 value or a counter; is this right? (The RFC should say IMHO) s.8 /for illustration purporses./for illustration purposes./ Back on Monday, all being well I got a bounce message last time from Yi saying on holiday until 22nd February. Tom Petch. > Please find my consolidated response below - > > Email 1: > ======== > > On Mon, Feb 8, 2021 at 5:52 PM tom petch <daedulus@btconnect.com> wrote: >> >> I have two main problems and a lot of lesser ones with this I-D; given >> the number, about 50, I am not optimistic that a single cycle of >> revision will see them addressed. >> >> I see a potential loophole in the security which I will post separately >> since the audience is likely to be different. >> >> References are missing or not specific enough so when I try to compare >> values in the I-D with those of the protocol, either I cannot find them >> or they seem to be different. Giving values to enumerations is unusual >> in YANG, since NETCONF does not transmit them, and their presence >> suggests that they are protocol values, in which case I want to see what >> the protocol says. A reference to a 110 page I-D, with two updating >> I-D, is inadequate IMO - section numbers are needed in every case. >> > > I have added section numbers in most of the cases. > I have changed enums to identity. > >> Introduction >> should mention support, or lack thereof, for NMDA >> > > Its present in Section 1.1 already, I have added keyword NMDA as well now. > >> 1.4. Prefixes in Data Node Names >> | ianach | iana-crypt-hash | [RFC7317] | >> the reference is wrong; this is an IANA- maintained module so the >> reference must be to the IANA website >> > > No longer using ianach in this update. > >> 1.5. Refrences in the Model >> /Refrences/References/ >> /refrenced in /referenced in / >> > > Updated > >> 2. NTP data model >> >> I do not see the value of a condensed model followed immediately by a >> full model. Perhaps the full model should be an Appendix although at >> less than three pages, this is quite small and would be ok on its own >> IMHO. >> > > Updated > >> 4. Relationship with RFC 7317 >> /supports per-interface configurations / >> support per-interface configuration/ >> > > Updated > >> 5. Access Rules >> /refer access-mode) and attach different acl-rule/ >> see access-mode) and attach a different acl-rule/ >> > > Updated > >> 6. Key Management >> /32-bits unsigned /32-bit unsigned/ >> >> /this YANG modules/this YANG module/ >> > > Updated > >> NTP association (for example unicast-server), >> /specefied/specified/ >> > > Updated > >> 7. NTP YANG Module >> >> import iana-crypt-hash { >> reference "RFC 7317: A YANG Data Model for System >> Management"; >> wrong reference - this module is IANA-maintained so the reference must >> be to the IANA website >> > > Not using iana-crypt-hash anymore! > >> contact >> WG List: <mailto: ntpwg@lists.ntp.org >> this is not the address I see on the datatracker >> >> the I-D has five editors but there are only two here >> > > There are 2 co-authors marked as editors. RFC 8407 says the document > author or editor contact information needs to be present. > >> typedef access-mode { >> I cannot find this in RFC5905 >> > > Section 9.2 and Appendix A.5.4. I have added section number in reference. > >> typedef association-mode { >> this I can find but it ranges from 0 to 7 whereas the I-D has 0 to 4 - is >> this intended? >> > > Changed to identity. > >> typedef ntp-sync-state { >> this I cannot find; a search for 'spike' yields a value of 2 in the >> RFC, 5 here - is this intended? >> > > Instead of enum and values, changed to identity. > >> effect in XXX seconds."; >> for what value of XXX? >> > > Removed. > >> leaf packet-sent { >> leaf packet-received { >> leaf packet-dropped { >> discontinuities in the value of sysUpTime."; >> those who have been involved with network management for ten years or >> less will likely not recognise this object. You could add a reference >> but I suggest you replace it with a YANG-based approach; see for example >> how draft-ietf-ospf-yang handles discontinuities >> > > Updated as suggested. > > >> leaf access-mode { >> /defination/definition/ >> > > Updated > >> leaf clock-refid { >> ... reference clock of the peer to >> which clock is synchronized."; >> >> I do not understand this. Presumably this corresponds to >> type string { >> length "4"; >> from the three type union but what object is this? >> > > I created a typedef and cleaned it up. This is as described in Section > 7.3 of RFC5905 under Reference ID. > >> leaf clock-offset { >> examples could do with units to make it clear that it is '1.232mS' and >> not '1.232s' >> > > Updated > >> leaf address { >> type inet:host; >> this includes the domain name, which I see no mention of in the RFC >> > > Changed to inet:ip-address > >> list associations { >> /and isconfigured is required/and isconfigured are required/ >> >> leaf address { >> type inet:host; >> as above, the description seems to ignore the option of the domain name >> >> leaf refid { >> same union as for leaf clock-refid, but a completely different >> description, neither of which I understand. >> > > Updated (all of the above). > >> '20.1.1.1' >> this address would appear to be assigned to Microsoft, not an >> affiliation I see among the authors. Is the company ok with this? >> > > Updated to 203.0.113.1 > >> leaf reach { >> type uint8; >> is this the 8-bit p.reach shift register? reference needed (again:-) >> >> leaf unreach { >> ditto >> > > Added. > >> leaf poll { >> type uint8; >> units "seconds"; >> description >> "The polling interval for current association"; >> is there a useful default? 2s appears in the RFC in places >> > > No default in this case. > >> leaf offset { >> as above, the example values would be clearer with units >> > > Updated > >> leaf transmit-time { >> type yang:date-and-time; >> description >> "This is the local time, in timestamp format, >> at which the NTP packet departed the peer(T3). >> If the peer becomes unreachable the value is set to zero."; >> I think, but am not sure, that a yang:date-and-time can never be set to >> zero, the syntax does not allow it; the usual approach with YANG is a >> union with another type which can indicate a special condition - int, >> boolean, etc >> >> leaf input-time { >> type yang:date-and-time; >> ditto >> > > Thanks, updated as per your suggestion. > >> leaf ttl { >> type uint8; >> description >> "Specifies the time to live (TTL) >> TTL does not exist in IPv6 >> > > This TTL is not related to IP. See section 3.1 for manycast and > updated with reference. > >> uses common-attributes { >> description >> /attribute like/attributes such as/ >> > > Updated > >> leaf ttl { >> type uint8; >> description >> "Specifies the maximum time to live (TTL) for >> TTL does not exist in IPv6 >> > > As above. > >> uses common-attributes { >> /attributes like/attributes such as/ >> > > Updated > >> leaf beacon { >> what are the units and is there a default? Is there a maximum of 15? As >> ever, a reference could tell me. >> > > Added reference > >> 8. Usage Example >> lots of examples but none for IPv6 or JSON >> > > Added one IPv6. I dont think we need add one for JSON as well. > >> 8.1 >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> sys: is a defined prefix and must not be re-used >> > > Oops, updated here and all other instance! > >> <refid>20.1.1.1</refid> >> as above, is Microsoft ok with this? >> > > Updated to 203.0.113.1 > >> 8.2 >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> sys: is a defined prefix and must not be re-used >> >> 8.3 >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> sys: is a defined prefix and must not be re-used >> >> 8.4 >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> sys: is a defined prefix and must not be re-used >> >> 8.5 >> "224.1.1.1" >> would appear to be a reserved address. Other RFC used 224.0.1.1 >> > > Updated > >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> and again, twice >> >> <address>224.1.1.1</address> >> as above >> >> 8.6 >> "224.1.1.1" >> as above >> >> <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> as above, twice >> >> 8.7 >> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> as above >> >> 8.8 >> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> as above >> >> <refid>20.1.1.1</refid> >> as above >> >> 8.9 >> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> >> as above >> > > Updated in all cases. > >> 12.2 >> [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model >> wrong reference in the wrong place >> this is an IANA-maintained module and so the reference must be to the >> IANA website; and since the module is imported, the reference must be >> Normative. >> > > No longer using iana-crypt-hash. > >> Tom Petch >> >> >> ----- Original Message ----- >> From: "The IESG" <iesg-secretary@ietf.org> >> To: "IETF-Announce" <ietf-announce@ietf.org> >> Cc: <ek.ietf@gmail.com>; <ntp-chairs@ietf.org>; <ntp@ietf.org>; >> <dsibold.ietf@gmail.com>; <draft-ietf-ntp-yang-data-model@ietf.org> >> Sent: Friday, January 29, 2021 10:39 PM >> Subject: Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data >> Model for NTP) to Proposed Standard >> > > > Email 2: > ======== > > On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@btconnect.com> wrote: >> >> This is my second response to this Last Call, about a possible security >> issue. >> >> RFC8573 seems clear that MD5 must not be used to effect security for NTP >> but this I-D imports iana-crypt-hash which allows MD5 without any >> restriction, so is MD5 allowed or not? >> >> There are features defined which allow the hash in iana-crypt-hash to be >> restricted but this I-D does not use them. >> >> Probably iana-crypt-hash should be updated - I will raise that on the >> NETMOD WG list. >> > > No longer using iana-crypt-hash, instead made this change to allow all > sort of key formats - > > OLD: > | +--rw key? ianach:crypt-hash > NEW: > | +--rw key > | | +--rw (key-string-style)? > | | +--:(keystring) > | | | +--rw keystring? string > | | +--:(hexadecimal) {hex-key-string}? > | | +--rw hexadecimal-string? yang:hex-string > END > > The comment related to use of MD5 still applies. I have not yet added > a check for the algorithm. I have updated the description and security > consideration to highligh that MD5 is depricated as per RFC 8573. Lets > see what the IESG suggests... > >> The I-D also uses MD5 in a way that would appear not to be security >> related, to hash an IPv6 address. >> > > This is as per RFC 5905 - "If using the IPv6 address family, it is the > first four octets of the MD5 hash of the IPv6 address." > >> In passing, this I-D has three references to RFC7317. This is wrong - >> the module is IANA-maintained and so the references should be to the >> IANA website. >> > > No longer using iana-crypt-hash. > >> The secdir reviewer might be interested in my thoughts. >> >> Tom Petch > > > Email 3: > ======== > > On Tue, Feb 9, 2021 at 4:40 PM tom petch <daedulus@btconnect.com> wrote: >> >> A separate thought to my previous two. >> >> Section 4 is very keen that this I-D and the system module which >> configures ntp SHOULD NOT coexist but this is not enforced by the YANG. >> >> It could be. Import the system module and make the presence container >> in this I-D dependent on the absence of the presence container in >> /system/ntp. >> > > Updated as per your suggestion! > > ==== > > Thanks again for your detailed review. It has improved the YANG model > significantly! > > Thanks! > Dhruv & Ankit > > On Sat, Jan 30, 2021 at 4:09 AM The IESG <iesg-secretary@ietf.org> wrote: >> >
- [Ntp] Last Call: <draft-ietf-ntp-yang-data-model-… The IESG
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Harlan Stenn
- [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… Harlan Stenn
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Hal Murray
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Miroslav Lichvar
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] Antw: [EXT] Re: Last Call: <draft-ietf-… tom petch
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] Last Call: <draft-ietf-ntp-yang-data-mo… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Benjamin Kaduk
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Dhruv Dhody
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Hal Murray
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: … Harlan Stenn
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Danny Mayer
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… James Browning
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Christian Huitema
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Salz, Rich
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… Martin Burnicki
- [Ntp] Antw: [EXT] Re: [Last-Call] Last Call: <dra… Ulrich Windl
- Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-… tom petch