Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt
tom petch <ietfc@btconnect.com> Mon, 06 April 2020 10:36 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978843A0DC5 for <opsawg@ietfa.amsl.com>; Mon, 6 Apr 2020 03:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghjux9W5iCdF for <opsawg@ietfa.amsl.com>; Mon, 6 Apr 2020 03:36:36 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60120.outbound.protection.outlook.com [40.107.6.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 963503A0DC0 for <opsawg@ietf.org>; Mon, 6 Apr 2020 03:36:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l1E/P/aaBVFsTulMk6TmIucSSwA3OlR/3pUFiMqcdnKnPL0ZyOqmWfNhayMXnyqYzJRc12R4fcuZskF60M15uIDG6qIxROwVsFvTj7LJcS7QLpZoY2bekkeVEtKc21x/Hc2HW2kB/2Qt0zQOi2RsnWDbqnsxqx88S9KoY09P9ICHPsQsucwcVekocdvvRKU+gi8lr4eVS+527u/cT2s+KCqNwzWYmVpwBOBYR5dMeKxCA3dl+pxkGrgB2gbCnfnd/KrD2t/bRgq83lIA+vND2i92kgeqDGV7KW0QOzq030o1oNUrJpR/F3MH8uIYBjp8OIRfVUDp1wzUkz+bFAsNVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zxLjS5mmuiBPgs4Lo6/l2xV86td8EosiiVBJA5qvw/g=; b=OUJxIuWIg4WOAR7D9UZt3XBczGxScNm1T7LqxP1UL1IlInt+V//+q5yOkmj2o72A3CMRAZa46U0i9N+k2+LzsRFSsTkO+XI4I0rbfzoaQ3phJIIuWt600lSZvBm1/lUE/o20p8Cg+JR4uM5s2C0/6hZYdOlw4ZjlAWZTf6a+Zni6N1Qj7QIPeXZFwxlLisaKw51AUH9f6Ai4y0c1/JQ2hhPg39fv79zH/b3nQnO1cIKCBTng3v/Cd6SO3ZQHQDq2SQRCKcLVuxLVe0LDbXdAbBTT1qJWq1YXsUyuiRKRGWvDL8QHUR5H4JYxHa39U1em2b9uOmq0MiusudX0SK0QGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zxLjS5mmuiBPgs4Lo6/l2xV86td8EosiiVBJA5qvw/g=; b=hTyNwwEooKDzUyJJ8+0SCwthuYxAYy+Q4ptCKjeb6jz//Ll68oT6wLY3ssaoJXgOoxsj3YjxWDwhpmgV3v9cSX8nw/5XZsiI9cbeqOxgMsK0LdsbQ8bM4EQa9frYNFIRABX08+4VuoeIPc7fkehpsOxhBTjSv5e63lw52uzR9+k=
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com (20.178.85.222) by DB7PR07MB6044.eurprd07.prod.outlook.com (20.178.106.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.14; Mon, 6 Apr 2020 10:36:34 +0000
Received: from DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::a438:bbc9:2ffe:33ee]) by DB7PR07MB5657.eurprd07.prod.outlook.com ([fe80::a438:bbc9:2ffe:33ee%5]) with mapi id 15.20.2900.012; Mon, 6 Apr 2020 10:36:34 +0000
From: tom petch <ietfc@btconnect.com>
To: "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt
Thread-Index: AQHWCfg7OICJyubiukuZB1JQVnMIPahr51s+
Date: Mon, 06 Apr 2020 10:36:34 +0000
Message-ID: <DB7PR07MB5657863B6A4D9948881C2DBCA0C20@DB7PR07MB5657.eurprd07.prod.outlook.com>
References: <158594643249.23574.16483224996635431528@ietfa.amsl.com>
In-Reply-To: <158594643249.23574.16483224996635431528@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-originating-ip: [81.131.229.19]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1b7f941-e2ea-4bab-04d6-08d7da1660de
x-ms-traffictypediagnostic: DB7PR07MB6044:
x-microsoft-antispam-prvs: <DB7PR07MB604491E434A853BFA5503810A0C20@DB7PR07MB6044.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0365C0E14B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR07MB5657.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(136003)(346002)(366004)(376002)(39860400002)(396003)(81156014)(81166006)(55016002)(5660300002)(66574012)(6506007)(53546011)(91956017)(71200400001)(478600001)(66946007)(2906002)(7696005)(26005)(86362001)(52536014)(76116006)(66476007)(66556008)(64756008)(66446008)(33656002)(8676002)(6916009)(186003)(316002)(966005)(8936002)(9686003); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kKzG7ynXWMt6q0YUryIFseGb+UuqMfPdxoQzjvLY3FdtBBPlPuEdqt6lS+mwYk3rm9ZLitw2dzNswpFtH51F7JSQst2Jea5gtbMLOugF0P1gPnVNf9SNZY1f+OOedQx0HmbwMTm0GR4+VVmi/UrcxLgWWO/e+PK9kMUG6pm3uE/RBj2XO8Dsi3QdzBRltR3fpych0VHt5B2Cvh0YFm9MhQzUrkB69vIJAZGRV47LewTMH6ETY/fftF6jYRpfj9RUKicmY8kUVP+qefmtJGAcBGyDb+qdCXw3cpQYPm2tWVn8/0VE86ZDVfGmkgewhsfi5PB2c8PxHM08fFH2lpZiO7lNLRrsjoc2/0XYKuAPShV3x0CoiHUgoyQYLLPENA7d+SSyHRvJ89m/Mal8hbUsrLu55PuG/EHZJERa0xl7KimktcWNUDlLue3cb4A8gRp0s+T6FR+2q/5NtdgFh6Q+fMCJUbluzdISxSCqrKGaCCJEbdrAtC3DITyVT0L7wJ4k
x-ms-exchange-antispam-messagedata: AMLGdjGOr4KliS5LN8iAcXaJXsJ6V/nIKY8RkWwAX3EPD294UM+24KhShRTna62YgiyjtogOPhz2sfsGvI7DvODd9V/bm3qvNlzY3AtG6okMe3dSEqnBLAn5GLpIPiKmnmx2JervbKtoOMn/SwaAaA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1b7f941-e2ea-4bab-04d6-08d7da1660de
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 10:36:34.4733 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a5xcCLXN2c2G6nz/gEgLlaeAufysP3fJwUDJDKTl5NQ3s8D+B4yegVzgnR/ibl1/i1QrT9eXo5KSBddyLWx4Ig==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB6044
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/shMu93Ck_tWBsEMyhxhuO0P_gcI>
Subject: Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 10:36:39 -0000
Warren Where I think I get confused with this is its context. Abstract talks of travelling to a datacentre and elsewhere there are references to a POP, both of which to me have a flavour of a well-staffed high in technical expertise locations where this sort of work is little needed. I think more of enterprise, where an organisation may have two well equipped data centres and dozens or hundreds of locations with little or no support staff where this issue is paramount. I think that this is more a question of language than of changing the technical details but it does keep jarring with me. In the same vein, the references to routers jars with me since while that may be an issue in an operator POP, I see the need to configure other kinds of servers as more pressing. The other more technical issue is TFTP which yes, I expect will be widely used but which, IMHO, is only ever used over a LAN and so, short of VLAN, which indeed some enterprise do use, implies that the device and config server are on the same LAN, ie in the same building or at least campus. Again, it is a question of context, is it assumed that device and server are proximal? I would like to see these two points nailed down more after which I could propose some refinement to the language. Tom Petch ________________________________________ From: OPSAWG <opsawg-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: 03 April 2020 21:40 To: i-d-announce@ietf.org Cc: opsawg@ietf.org Subject: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operations and Management Area Working Group WG of the IETF. Title : Secure Device Install Authors : Warren Kumari Colin Doyle Filename : draft-ietf-opsawg-sdi-06.txt Pages : 18 Date : 2020-04-03 Abstract: Deploying a new network device often requires that an employee physically travel to a datacenter to perform the initial install and configuration, even in shared datacenters with "smart-hands" type support. In many cases, this could be avoided if there were a standard, secure way to initially provision the devices. This document extends existing auto-install / Zero-Touch Provisioning mechanisms to make the process more secure. [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication. This document is being collaborated on in Github at: https://github.com/wkumari/draft- wkumari-opsawg-sdi. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. ] [ Ed note: This document introduces concepts and serves as the basic for discussion - because of this, it is conversational, and would need to be firmed up before being published ] The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsawg-sdi/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-opsawg-sdi-06 https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-sdi-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-sdi-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06.txt internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Warren Kumari
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Michael Richardson
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Michael Richardson
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… tom petch
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Warren Kumari
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-sdi-06… Joe Clarke (jclarke)