IETF Logo Mail Archive

Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard

tom petch <daedulus@btconnect.com> Fri, 12 February 2021 12:01 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8B43A15D2; Fri, 12 Feb 2021 04:01:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvkXhUVK_h35; Fri, 12 Feb 2021 04:01:30 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80127.outbound.protection.outlook.com [40.107.8.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C10F3A15D1; Fri, 12 Feb 2021 04:01:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JYfQy2q262QiiFEmIvEoiuw0tiQ0UU2EeKk7D1BOVmTENPX6DUxREx2PAVbWJMn/i+QcSMhXE8ZydXwR4cPUC3MmvxdJ2ZQY6//FnDYuccUpl4DY95YB15cGQvD1pfOrHYBnbKnvzO/zKy2C+qrS/sEnr0+vzi1oaUQI7alNwiVfyenmSht9CHK+3HU+yjLRV9a+NxHAy/DKM2RgJRD/682G1Y7BaagZi4CWeamiV48cb1YAHxrU6I+/zBkQPLsD9aUwpFNvcFqj50tKa9I74rWT6OeyrxMNgQ9L+ggpG8lFgS94AMP2u312j1O5Dg3txrqho/RhwUTzulNSw3XhBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1zGAhthi8FHBtKBJAB3Ps7OZBFIY/Upt+n2KAU51YKY=; b=FONfxUGix8NpwORFfyxZOANz2/H7cpTXgrv8S5HQoExElbeN2dktWjVdhrdSEI3yzfckBnKm6/txujqPyGj+3nvJBjImMEudI2go8U0E3ANuErQ34Bzxkxm65tm7PenCy5O5DEmabdKcWJuNX+M67ZQIdw8/MWRXdOiOHjnUzVzvt4E7czbq2Z+8/IxtCeaMcAozyZGhSZciodOXm6YylEVkUjCybs/EOHPSbnoo27JtRO0OXoYFFNEse2+CJ0XVw1ydPfTeODFDl/LGaJhSXtlCbi5RNac9rrNz8on0NJJfO7Tp1ZbLtYWX3dDm1341lEIjlQUDw7SXIP6M7hAyJA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1zGAhthi8FHBtKBJAB3Ps7OZBFIY/Upt+n2KAU51YKY=; b=mUOPvQ5eeJjkpZL5S/MXuwUBNzL6nbmyLF7r7svoaJIg37DBPfZ37n0mfG6Q23jQI7q6XzbwGKuoCpBwaGWWwpRjIv35R/GQ32mdKVHQVfRiwYHpe/WZxbtZM7TWblCwaChwc9Iy4+MbnCZ2kF32btCovvprQN+I7pAk+PZj9ww=
Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2541.eurprd07.prod.outlook.com (2603:10a6:800:6c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.12; Fri, 12 Feb 2021 12:01:27 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::181c:709a:6f7a:b811%3]) with mapi id 15.20.3868.015; Fri, 12 Feb 2021 12:01:27 +0000
To: Dhruv Dhody <dhruv.ietf@gmail.com>
References: <161195994417.2651.6499166797756243533@ietfa.amsl.com> <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com>
Cc: NTP WG <ntp@ietf.org>, last-call@ietf.org, Ankit Kumar Sinha <ankit.ietf@gmail.com>, ntp-chairs@ietf.org, draft-ietf-ntp-yang-data-model@ietf.org, ek.ietf@gmail.com, Dieter Sibold <dsibold.ietf@gmail.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <60266E12.6070207@btconnect.com>
Date: Fri, 12 Feb 2021 12:01:22 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <CAB75xn5CQr2yg7wWZHj-sJM7WaaTJK5NF0pzzLhqmx5hHf8GiQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3825.20 via Frontend Transport; Fri, 12 Feb 2021 12:01:26 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a012f443-46ec-42d3-70f9-08d8cf4ded36
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2541:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB25413638737A1486CF7A93D2C68B9@VI1PR0701MB2541.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:4941;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: E8pFyC3kaiqQBVlEOwbLG14MRiYIwwLHb1I8TFI46soI2i1WE9+3pPkJICHGL6rgtGFjkXYjdxviIppdt47K9gxUbG4cmXxh2aADUkBKpJmkvbiN2+kGbwxZmJyyAmBite22i1nNAt72le8CNFDLJegQ7mxy8aINE8S3fWlH7JZXyY+QIhotVa9i1aPJkRdHThotDBUCqzCIQMu0n8llJeWcdCPygyxZXv7sLov0XNVcgRsBVEAF9r0LjAAyXoMRDrtL0MUlkcnhmXJR8rVPM+E7x+Pw3EfnNHik5mqFxAuItJAT4wwg/5EIu5yFU6JQaD50H4OddSU2hvIHBsLic6C2+/06LaiVxugasqvwaiJtWj7i3hKby2izBuI1lyaY2tM5yTreC0tN6OgXBoDIB7pU9l6kjpW3lCPcjBeFEP87W9PQIBQByeEUr7QZCTsfnNwkiUgbONhQ1zzLlcfvAStU8fBTAqzPEkg4EX0VqAsrTzPGqqEOxvlJ3QPJsyO35/q2yPITr2YYQgUTRLjRcE9aaqp3SF3BCb3Zqq3suuFM5iJN/noGxpT5gQwaT/CH/Hy6wxn+moPsLjf0+5XRYBVk7yyUgExaNb4q+HKlgBl2lEq0Gk3BpjoKZBGTyrsvZYf6Hehteh8CmPzTpl4+qg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(376002)(136003)(346002)(366004)(396003)(45080400002)(33656002)(4326008)(6916009)(8676002)(36756003)(53546011)(26005)(316002)(54906003)(16576012)(186003)(8936002)(6666004)(16526019)(6486002)(2906002)(2616005)(956004)(52116002)(87266011)(30864003)(966005)(66556008)(86362001)(83380400001)(5660300002)(478600001)(66476007)(66946007)(21314003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: SFzgktjaeLzNAb8Cmek0G0H9B9q83yVXoQEqxLEa8bJTYZTObeHQVZTFg6z61NIGC1c1IdFv/rkdFXNJ4RYj5C6pFUtmAAtdRvPO6FbIYHgjFfWajptqhaT9Fb/6fAC2iZ18+i8sq43ZUvpvChH52IlPAvGfMLdrxHQ8KoWmhC6seFTC1WKwNOX+HtAC3RM32h/LFT4Ms8zL8bdY3qUJ8Q6Q41Z1wZgyGlWCSGKnaLixzsI5YCNwiiZTSYihmx5BnBpPlZRhjaNRVwSyMmqzcljYlw371dJR9EIq4AQp8uegX+t6+KFQKRk3JDi4sJliCfMDYLaiD0TFjHiIY/YZV4NkjnDPahX8LF0lNP14leqaDEQN6pqmbHrxiyFfvgRP69PSAC89D920lJFWbyh24ZsJTI3NmC+fVUMarybxVnyWfxenGMCw+NpntLqGLTBhzeAHlOj556qzhOOS43VqF8//FyfgFIGbeiPaP+NyCh6EpASyQZzkur38d4WAUzfYwAbwNnDyNeDJU/U/XNpx87cvf0dDi5Lo1+7pABOPI70e9ax+iw2LculOvjsTSNlPJjP9E/3D8NNMMqqKwbp/l1bu67SkzDZvVOPyvtmxGwcVhZZXw4BxJC6li8XVvgrvBtA7B7dtrrg4rOVqijuqPqfVVpACokgC7WSjzxJ2PlNe/ytZVAwAfKRV4HhVoGRbvoEm4yQQOf+BDSSlJU1ZZmjVowyfh32wj8GZANzKSwueBo15ljQTvHYyP5qMMXAbmZAJCzK5Ouxde3XiK7rPeixsWuWE0KiKnC0D/cZqe+Sksz69AEvayIF/75hlsWl1bIzYo9uVk1fPGkPxb9MVsz7NHUFRtwFkhjOUVLFH7LfBTWsLfky4z5+SLXmUHdLJVZS611RzJwqB5XHnAa7m3mrVMLOpIcFgBHH6DUM6rQW2UdETr3tqYbDIZdnr2pmc+Ktd34HtVYiRUZ8ow6WZlhMw29j1ZaW9KakEOUcwJkSt1oxaX+P1zwVpYuIReWGW1T1GgfyKnOL/17cD8434d29HtEC5o8n++rb0lNbG+CTUyMQHZ4apBgprk2+iKQm+VWlEMhxKsgL3kqMg7siqX+nn7pJxBqOpCWVfIS/91g0YHFIVN4xZg+7lgVlZt50dKge2vIpg+ohG5Lw7x6WUSs2E21gaZKllaqzxk0b4vXsSAt8AnP6cIjkWwA5Y7pEmhUHOmRe3IeqklTjGO7R68baRd81Nlj6bdNIuI8Q80jr7HWuELak8g+RrqL84cWjviPgtGemG0Ppg8Y8vlGGI/91oTkfw53VJJ7XzB15eVKX7ohU3Jouz53DqRfqxOMK3
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a012f443-46ec-42d3-70f9-08d8cf4ded36
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2021 12:01:27.8436 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: IFnLL4GvlAL6MrZl62JfWBS9XpnrbZ5BKDHME9347m2XEggrASeCVG1RPp7s8k6jbEXV53uyg45wrX0Bie3pnQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2541
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/MstLpkxVePB2UqoMcCXOO-aM5bI>
Subject: Re: [Ntp] [Last-Call] Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data Model for NTP) to Proposed Standard
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 12:01:34 -0000

On 11/02/2021 09:39, Dhruv Dhody wrote:
> Hi Tom,
>
> Thanks for your review. I have posted an updated version of the YANG.
>
> https://datatracker.ietf.org/doc/draft-ietf-ntp-yang-data-model/
> https://www.ietf.org/rfcdiff?url1=draft-ietf-ntp-yang-data-model-10&url2=draft-ietf-ntp-yang-data-model-12

That was quick!  I have done a first pass but have yet to chase down the 
references and one at least looks odd to me. I expect to complete the 
process on Monday am GMT.

Meanwhile,

s.6
/For this reason, this YANG module allow/
For this reason, this YANG module allows/

s.7
This has lost its two character margin, needs insetting

typedef refid I like, much clearer, but perhaps could do with a 
reference for MD5, RFC1321

/Discountinuities in the value/Discontinuities in the value/
in three places

when 'false() = boolean(/sys:system/sys:ntp)' {
I am sure that this is valid but is not something I am used to seeing. 
An aspect of YANG that I have never understood is when you have to spell 
things out and when they are implicit and I think that all you need here is
when not <presence container>
but would want to verify that with a YANG doctor

The definition of each possible values:/
The definition of each possible value:/

       leaf poll {
         type uint8;
This seems wrong to me.  Looking at s.7.3
    Poll: 8-bit signed integer representing the maximum interval between
    successive messages, in log2 seconds.  Suggested default limits for
    minimum and maximum poll intervals are 6 and 10, respectively.
ie signed integer and not uint

TTL good to have the reference - I was barking up the wrong tree

I note
#define TTLMAX          8       /* max ttl manycast */
I assume that this is a matter of choice - I see 255 in examples which 
is at the other end of the spectrum

           leaf beacon {
             type uint8;
I cannot find a definition of this in the RFC (which I think a defect in 
the RFC).  Reverse engineering the code I see beacon compared to 
unreach, which is defined, as
    unreach: integer representing the number of seconds the server has
    been unreachable
which suggests that beacon is a number of seconds, and not a log base 2 
value or a counter; is this right? (The RFC should say IMHO)

s.8
/for illustration purporses./for illustration purposes./


Back on Monday, all being well

I got a bounce message last time from Yi saying on holiday until 22nd 
February.

Tom Petch.


> Please find my consolidated response below -
>
> Email 1:
> ========
>
> On Mon, Feb 8, 2021 at 5:52 PM tom petch <daedulus@btconnect.com> wrote:
>>
>> I have two main problems and a lot of lesser ones with this I-D; given
>> the number, about 50, I am not optimistic that a single cycle of
>> revision will see them addressed.
>>
>> I see a potential loophole in the security which I will post separately
>> since the audience is likely to be different.
>>
>> References are missing or not specific enough so when I try to compare
>> values in the I-D with those of the protocol, either I cannot find them
>> or they seem to be different. Giving values to enumerations is unusual
>> in YANG, since NETCONF does not transmit them, and their presence
>> suggests that they are protocol values, in which case I want to see what
>> the protocol says.  A reference to a 110 page I-D, with two updating
>> I-D, is inadequate IMO - section numbers are needed in every case.
>>
>
> I have added section numbers in most of the cases.
> I have changed enums to identity.
>
>> Introduction
>> should mention support, or lack thereof, for NMDA
>>
>
> Its present in Section 1.1 already, I have added keyword NMDA as well now.
>
>> 1.4.  Prefixes in Data Node Names
>>              | ianach    | iana-crypt-hash          | [RFC7317] |
>> the reference is wrong; this is an IANA- maintained module so the
>> reference must be to the IANA website
>>
>
> No longer using ianach in this update.
>
>> 1.5.  Refrences in the Model
>> /Refrences/References/
>> /refrenced in /referenced in /
>>
>
> Updated
>
>> 2.  NTP data model
>>
>> I do not see the value of a condensed model followed immediately by a
>> full model. Perhaps the full model should be an Appendix although at
>> less than three pages, this is quite small and would be ok on its own
>> IMHO.
>>
>
> Updated
>
>> 4.  Relationship with RFC 7317
>> /supports per-interface configurations /
>> support per-interface configuration/
>>
>
> Updated
>
>> 5.  Access Rules
>> /refer access-mode) and attach different acl-rule/
>> see access-mode) and attach a different acl-rule/
>>
>
> Updated
>
>> 6.  Key Management
>> /32-bits unsigned /32-bit unsigned/
>>
>> /this YANG modules/this YANG module/
>>
>
> Updated
>
>> NTP association (for example unicast-server),
>> /specefied/specified/
>>
>
> Updated
>
>> 7.  NTP YANG Module
>>
>>       import iana-crypt-hash {
>>        reference         "RFC 7317: A YANG Data Model for System
>> Management";
>> wrong reference - this module is IANA-maintained so the reference must
>> be to the IANA website
>>
>
> Not using iana-crypt-hash anymore!
>
>>       contact
>>          WG List:  <mailto: ntpwg@lists.ntp.org
>> this is not the address I see on the datatracker
>>
>> the I-D has five editors but there are only two here
>>
>
> There are 2 co-authors marked as editors. RFC 8407 says the document
> author or editor contact information needs to be present.
>
>>       typedef access-mode {
>> I cannot find this in RFC5905
>>
>
> Section 9.2 and Appendix A.5.4. I have added section number in reference.
>
>>       typedef association-mode {
>> this I can find but it ranges from 0 to 7 whereas the I-D has 0 to 4 - is
>> this intended?
>>
>
> Changed to identity.
>
>>       typedef ntp-sync-state {
>> this I cannot find; a search for 'spike' yields a value of 2 in the
>> RFC, 5 here - is this intended?
>>
>
> Instead of enum and values, changed to identity.
>
>>                effect in XXX seconds.";
>> for what value of XXX?
>>
>
> Removed.
>
>>         leaf packet-sent {
>>         leaf packet-received {
>>         leaf packet-dropped {
>>              discontinuities in the value of sysUpTime.";
>> those who have been involved with network management for ten years or
>> less will likely not recognise this object.  You could add a reference
>> but I suggest you replace it with a YANG-based approach; see for example
>> how draft-ietf-ospf-yang handles discontinuities
>>
>
> Updated as suggested.
>
>
>>             leaf access-mode {
>> /defination/definition/
>>
>
> Updated
>
>>             leaf clock-refid {
>> ...                         reference clock of the peer to
>>                  which clock is synchronized.";
>>
>> I do not understand this.  Presumably this corresponds to
>>                 type string {
>>                   length "4";
>> from the three type union but what object is this?
>>
>
> I created a typedef and cleaned it up. This is as described in Section
> 7.3 of RFC5905 under Reference ID.
>
>>             leaf clock-offset {
>> examples could do with units to make it clear that it is '1.232mS' and
>> not '1.232s'
>>
>
> Updated
>
>>           leaf address {
>>             type inet:host;
>> this includes the domain name, which I see no mention of in the RFC
>>
>
> Changed to inet:ip-address
>
>>         list associations {
>>              /and isconfigured is required/and isconfigured are required/
>>
>>           leaf address {
>>             type inet:host;
>> as above, the description seems to ignore the option of the domain name
>>
>>           leaf refid {
>> same union as for leaf clock-refid, but a completely different
>> description, neither of which I understand.
>>
>
> Updated (all of the above).
>
>>                  '20.1.1.1'
>> this address would appear to be assigned to Microsoft, not an
>> affiliation I see among the authors.  Is the company ok with this?
>>
>
> Updated to 203.0.113.1
>
>>           leaf reach {
>>             type uint8;
>> is this the 8-bit p.reach shift register? reference needed (again:-)
>>
>>           leaf unreach {
>> ditto
>>
>
> Added.
>
>>           leaf poll {
>>             type uint8;
>>             units "seconds";
>>             description
>>               "The polling interval for current association";
>> is there a useful default?  2s appears in the RFC in places
>>
>
> No default in this case.
>
>>           leaf offset {
>> as above, the example values would be clearer with units
>>
>
> Updated
>
>>           leaf transmit-time {
>>             type yang:date-and-time;
>>             description
>>               "This is the local time, in timestamp format,
>>                at which the NTP packet departed the peer(T3).
>>                If the peer becomes unreachable the value is set to zero.";
>> I think, but am not sure, that a yang:date-and-time can never be set to
>> zero, the syntax does not allow it; the usual approach with YANG is a
>> union with another type which can indicate a special condition - int,
>> boolean, etc
>>
>>           leaf input-time {
>>             type yang:date-and-time;
>> ditto
>>
>
> Thanks, updated as per your suggestion.
>
>>               leaf ttl {
>>                 type uint8;
>>                 description
>>                   "Specifies the time to live (TTL)
>> TTL does not exist in IPv6
>>
>
> This TTL is not related to IP. See section 3.1 for manycast and
> updated with reference.
>
>>               uses common-attributes {
>>                 description
>> /attribute like/attributes such as/
>>
>
> Updated
>
>>               leaf ttl {
>>                 type uint8;
>>                 description
>>                   "Specifies the maximum time to live (TTL) for
>> TTL does not exist in IPv6
>>
>
> As above.
>
>>               uses common-attributes {
>> /attributes like/attributes such as/
>>
>
> Updated
>
>>               leaf beacon {
>> what are the units and is there a default? Is there a maximum of 15?  As
>> ever, a reference could tell me.
>>
>
> Added reference
>
>> 8.  Usage Example
>> lots of examples but none for IPv6 or JSON
>>
>
> Added one IPv6. I dont think we need add one for JSON as well.
>
>> 8.1
>>        <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> sys: is a defined prefix and must not be re-used
>>
>
> Oops, updated here and all other instance!
>
>>            <refid>20.1.1.1</refid>
>> as above, is Microsoft ok with this?
>>
>
> Updated to 203.0.113.1
>
>> 8.2
>>          <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> sys: is a defined prefix and must not be re-used
>>
>> 8.3
>>          <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> sys: is a defined prefix and must not be re-used
>>
>> 8.4
>>          <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> sys: is a defined prefix and must not be re-used
>>
>> 8.5
>>    "224.1.1.1"
>> would appear to be a reserved address.  Other RFC used 224.0.1.1
>>
>
> Updated
>
>>          <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> and again, twice
>>
>>                <address>224.1.1.1</address>
>> as above
>>
>> 8.6
>>    "224.1.1.1"
>> as above
>>
>>           <sys:ntp xmlns:sys="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> as above, twice
>>
>> 8.7
>>        <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> as above
>>
>> 8.8
>>        <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> as above
>>
>>            <refid>20.1.1.1</refid>
>> as above
>>
>> 8.9
>>        <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
>> as above
>>
>
> Updated in all cases.
>
>> 12.2
>>      [RFC7317]  Bierman, A. and M. Bjorklund, "A YANG Data Model
>> wrong reference in the wrong place
>> this is an IANA-maintained module and so the reference must be to the
>> IANA website; and since the module is imported, the reference must be
>> Normative.
>>
>
> No longer using iana-crypt-hash.
>
>> Tom Petch
>>
>>
>> ----- Original Message -----
>> From: "The IESG" <iesg-secretary@ietf.org>
>> To: "IETF-Announce" <ietf-announce@ietf.org>
>> Cc: <ek.ietf@gmail.com>; <ntp-chairs@ietf.org>; <ntp@ietf.org>;
>> <dsibold.ietf@gmail.com>; <draft-ietf-ntp-yang-data-model@ietf.org>
>> Sent: Friday, January 29, 2021 10:39 PM
>> Subject: Last Call: <draft-ietf-ntp-yang-data-model-10.txt> (A YANG Data
>> Model for NTP) to Proposed Standard
>>
>
>
> Email 2:
> ========
>
> On Mon, Feb 8, 2021 at 6:07 PM tom petch <daedulus@btconnect.com> wrote:
>>
>> This is my second response to this Last Call, about a possible security
>> issue.
>>
>> RFC8573 seems clear that MD5 must not be used to effect security for NTP
>> but this I-D imports iana-crypt-hash which allows MD5 without any
>> restriction, so is MD5 allowed or not?
>>
>> There are features defined which allow the hash in iana-crypt-hash to be
>> restricted but this I-D does not use them.
>>
>> Probably iana-crypt-hash should be updated - I will raise that on the
>> NETMOD WG list.
>>
>
> No longer using iana-crypt-hash, instead made this change to allow all
> sort of key formats -
>
> OLD:
> |     +--rw key?         ianach:crypt-hash
> NEW:
> |     +--rw key
> |     |  +--rw (key-string-style)?
> |     |     +--:(keystring)
> |     |     |  +--rw keystring?            string
> |     |     +--:(hexadecimal) {hex-key-string}?
> |     |        +--rw hexadecimal-string?   yang:hex-string
> END
>
> The comment related to use of MD5 still applies. I have not yet added
> a check for the algorithm. I have updated the description and security
> consideration to highligh that MD5 is depricated as per RFC 8573. Lets
> see what the IESG suggests...
>
>> The I-D also uses MD5 in a way that would appear not to be security
>> related, to hash an IPv6 address.
>>
>
> This is as per RFC 5905 - "If using the IPv6 address family, it is the
> first four octets of the MD5 hash of the IPv6 address."
>
>> In passing, this I-D has three references to RFC7317.  This is wrong -
>> the module is IANA-maintained and so the references should be to the
>> IANA website.
>>
>
> No longer using iana-crypt-hash.
>
>> The secdir reviewer might be interested in my thoughts.
>>
>> Tom Petch
>
>
> Email 3:
> ========
>
> On Tue, Feb 9, 2021 at 4:40 PM tom petch <daedulus@btconnect.com> wrote:
>>
>> A separate thought to my previous two.
>>
>> Section 4 is very keen that this I-D and the system module which
>> configures ntp SHOULD NOT coexist but this is not enforced by the YANG.
>>
>> It could be.  Import the system module and make the presence container
>> in this I-D dependent on the absence of the presence container in
>> /system/ntp.
>>
>
> Updated as per your suggestion!
>
> ====
>
> Thanks again for your detailed review. It has improved the YANG model
> significantly!
>
> Thanks!
> Dhruv & Ankit
>
> On Sat, Jan 30, 2021 at 4:09 AM The IESG <iesg-secretary@ietf.org> wrote:
>>
>

v2.23.0 | Report a Bug | By Email