Re: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02

"Joe Clarke (jclarke)" <jclarke@cisco.com> Tue, 11 February 2020 21:40 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C545120820; Tue, 11 Feb 2020 13:40:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=V+wUpmWJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=nXknhNMH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shYoXdrw08ik; Tue, 11 Feb 2020 13:40:06 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 141CD12081E; Tue, 11 Feb 2020 13:40:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40947; q=dns/txt; s=iport; t=1581457205; x=1582666805; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=eJFruBScD83SkLgng+Uxnt3qWZ0rDnAXatXWBE1BF+o=; b=V+wUpmWJWRp+t17LPqxBFslVlBtwxWT8sMBSQqAvcJjVLyIp6OJehSKZ 8q+ONFZeYVut6MNADRMYXIOyf/D5C8+OFeu0tUbB0cf+fghbIXs5EZ4to dJco0gYziyruC1KHbaMq/Ytq6FsbJju5JK3QipfzGgrDdUP/F7xoePPu8 E=;
IronPort-PHdr: =?us-ascii?q?9a23=3AY2cKDx/y/A1ykv9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZB7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcyODUThL/PCZC0hF8MEX1hgrDm2?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CiCwATHkNe/49dJa1cCh0BAQEJARE?= =?us-ascii?q?FBQGBe4ElL1AFgUQgBAsqCoQLg0YDiwOacYJSA1QJAQEBDAEBLQIBAYRAAhe?= =?us-ascii?q?CMCQ4EwIDDQEBBAEBAQIBBQRthTcMhWcCBBIRHQEBNwEPAgEGAjgBBgMCAgI?= =?us-ascii?q?wFBECBA4FIoMEgX5NAy4BkEOQZwKBOYhidYEygn8BAQWCRIJMGIIMCYE4jAY?= =?us-ascii?q?dGoFBP4E4IIJMPoQegz0ygiyOGIJDhWSZNwqCOpZMG4JIjFmLbqoJAgQCBAU?= =?us-ascii?q?CDgEBBYFpIoFYcBVlAYJBUBgNjh0JAxeDUIpTdIEpjC8BgQ8BAQ?=
X-IronPort-AV: E=Sophos;i="5.70,428,1574121600"; d="scan'208,217";a="713916396"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Feb 2020 21:40:04 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 01BLe4xM011074 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 11 Feb 2020 21:40:04 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 11 Feb 2020 15:40:04 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 11 Feb 2020 16:40:02 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 11 Feb 2020 16:40:02 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OgDUoAfXqRvua/O8t1Qsq23d38CAIIr6Z7iPnpz6o2t/5fOPZJt1M8jnGUGx/dqLiWa3cUG2dNPG2MuyOMtMdro9ujEHM9IVWmdvssp+gaoWhTFMbKxlo+TUpppfmp+61txZJRP4zpFI41fK8mrCAAKo6/q6611VcINe3JYSlxFqZYbsqJ/F93uum0JN/e/cPrZKAFS1MjPw46ZcaZq58yJmV1KT63cgXYPnEQrxyEbKva/Uq6qle22aTrrzmes8MsY+bg0KFeqQRi3rlDdwiAxXKPZfN3Rx2KOzXb8zSvSTItFp6ctxAMyGfnw40EobBPigw/GL7dDlmEQu3YiI/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eJFruBScD83SkLgng+Uxnt3qWZ0rDnAXatXWBE1BF+o=; b=U78i87OD8kUYxmlpQWUKritR7FquaWegsMj9QOXHUUJjMBk/OkbCRVT9stGExhAmS4DIwnZ05CAQR3sF4nukbtR/74nlbLnBTwYxaolb1ljFCn4R3MSICQOX7hp8bW/tLDljtFHkK20wVNJHGrKh6noSvIQtNcD9qsOzkVSH7NOAZiBOr7RDpZvu/RHIWjBuP3QHcfs211Gabvdq1HDRczjNntCcw3n8d6Cb8n0WxO8dmkr1AArqOtBz+Ppm18TCOB/Pzw3D7ixaArbHIOXg6njJN4VWFdiIlpwfwvwV180zTRyJnsnwmwtFsfy26H1LPs2Xh+diD+7GVDcQzaqsCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eJFruBScD83SkLgng+Uxnt3qWZ0rDnAXatXWBE1BF+o=; b=nXknhNMHdjjMscxKYVXvJbHOr3oihI1WKMRAeYbxL1krnpm9KqJ6UA3CVqJ/p8GbethubAbrgYEt4uAdOXKRHV54RFPmzpgCv2e9VQCnO+ppGpaok/Fose6Ur28fBXCet2jAxRHuompG1DaHbT6tmtYEPczBpLBY5yQBUbxMZ88=
Received: from BN6PR11MB1667.namprd11.prod.outlook.com (10.172.23.12) by BN6PR11MB1346.namprd11.prod.outlook.com (10.173.33.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.23; Tue, 11 Feb 2020 21:39:59 +0000
Received: from BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::940d:b6f2:6b9e:6ecb]) by BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::940d:b6f2:6b9e:6ecb%11]) with mapi id 15.20.2707.030; Tue, 11 Feb 2020 21:39:59 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Warren Kumari <warren@kumari.net>
CC: opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-sdi@ietf.org" <draft-ietf-opsawg-sdi@ietf.org>
Thread-Topic: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02
Thread-Index: AQHV24JMNL5WHjxfVE+YF2fF4/fty6gWJiqAgABaGACAABBWAA==
Date: Tue, 11 Feb 2020 21:39:59 +0000
Message-ID: <928C1D65-70D8-4AC2-9EEC-91E27655F87B@cisco.com>
References: <BE7A5042-266D-4E49-B528-34896063D7D1@cisco.com> <EDB29364-70AB-4287-8E76-8AA7A45D6698@cisco.com> <CAHw9_iJ--tAU5DBToFpmBVF3MgZShD=co=n6Pi9x+Chf4gYvGw@mail.gmail.com>
In-Reply-To: <CAHw9_iJ--tAU5DBToFpmBVF3MgZShD=co=n6Pi9x+Chf4gYvGw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jclarke@cisco.com;
x-originating-ip: [173.38.117.83]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6b29a33c-c32b-4f7f-47d4-08d7af3af1ae
x-ms-traffictypediagnostic: BN6PR11MB1346:
x-microsoft-antispam-prvs: <BN6PR11MB134654453F57E9043A61BF7AB8180@BN6PR11MB1346.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0310C78181
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(346002)(39860400002)(396003)(376002)(199004)(189003)(2616005)(26005)(8936002)(316002)(54906003)(478600001)(5660300002)(2906002)(186003)(6916009)(6506007)(86362001)(81166006)(53546011)(36756003)(4326008)(6486002)(81156014)(71200400001)(33656002)(8676002)(91956017)(66946007)(76116006)(66556008)(64756008)(66446008)(66476007)(6512007); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR11MB1346; H:BN6PR11MB1667.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c8XIcvH7CBlcpH+bUK/O0oKZoo88rTSDr1EMh6nWHe2ohBW2qYraqVlPSKb4vDt8C2+1CU156hXnp+w9QfhljJUKzzdq04g9MADcJwMjDZRp3BFm9PaK4A2jjhL8KNMN/YiTjtEYR6MlCk88uYgJlFU+/438+2PPLQlm2HHbza9VHuSt5dW1PymqqqEocQOcxeuCuBaef2CVgulduUfPewKumIjjxuO1WP3Hf+S4aTlsAbNoOrotrMsV2qMYkV7b9dhLY6LyDbEYMxnkc1fwTLS16hkUo738Cj0lFfmNGfgdHGOiODLQ/bzYNfqtFfDalWr7/0J9CR7nW476onk6Tso2u/8WWBwD7hZOm2fWlNhvqxBDVT0QU+Kn7NRlCGIFDN7hdnGkhE3xtib/YprsYYQuW5Rd0tEKQ63hv9xCtJCaQ0U4TqIWsSKd3zxAgkel
x-ms-exchange-antispam-messagedata: SIcb9/S8dzb648wo2UTjy6ZhE5j1LbwQdkYOpXalWO4YRhImX4WGs2fJE0V0Z44fNIHL2wBnt3/IW0iHi9/Wpyb1AK6uvjj00diryM+PsHxs7lNG+mx1m9JaLD35QPp7YHeFTNW0wy40640FSiqIBw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_928C1D6570D84AC29EEC91E27655F87Bciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6b29a33c-c32b-4f7f-47d4-08d7af3af1ae
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2020 21:39:59.3609 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 16OH6+vC3QPkn/94RJ0O+NjyFHaf8v3OdCocqCqDOkBQ9aeDwBRwqGnw8WlpgQme0C0YfUiUFSn9qinnYBb39g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1346
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/Lg7XJhD_P6f9kH2ff8dDl3JbNyg>
Subject: Re: [OPSAWG] WG LC for draft-ietf-opsawg-sdi-02
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 21:40:09 -0000


On Feb 11, 2020, at 15:41, Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>> wrote:

On Tue, Feb 11, 2020 at 10:19 AM Joe Clarke (jclarke) <jclarke@cisco.com<mailto:jclarke@cisco.com>> wrote:

As a contributor, I think this document is mostly ready (and as previously stated, I like and support the work).  That said, after another read I found a few spelling nits and some comments:

In Section 2, you paint the picture of a scenario, but “break the fourth wall” to explain what is existing and what is new functionality as well as state that the document prescribes using the SN as the unique identifier.  In the spirit of a scenario with additional context, I think you should clarify that the DHCP boot of an out-of-the-box device is _typically_ existing functionality.  Some vendors’ devices may not do this.

Good point. I have just submitted a new version which I think
addresses this (and your other comments below) -- I broke section 2
("Overview / Example Scenario") into 2 sections, "Overview" and
"Example Scenario". This required moving some text around, but I think
addresses your concern (and improves the document).

Thanks.  I like these changes.

Yes -- unfortunately there doesn't seem to be any sort of standard way
to add a comment device configs - these all work on different devices:
# I'm a comment
! I'm also a comment
; Yet another comment format
: This is getting silly
' Ugh, who thought apostrophes was a sane comment character?!

I was actually thinking about the opposite.  Could your encrypted blob have a header?  Like a PEM encoded certificate has "-----BEGIN CERTIFICATE——“.  This way if you have that, you try to decrypt, else you assume a regular config.


How about some text along the lines of: "Unfortunately there is no
standard way to identify if a config file has been successfully
decrypted, as different vendors use different configuration languages,
with different forms of comments, etc.
It is recommended that each vendor documents a standard header or
magic which devices can use to determine if the configuration seems
largely correct.
As an example, Cisco IOS configuration files use the '!' character as
a comment, and so Cisco IOS files could be expected to start with
something like '! This is a Cisco IOS configuration file'. Juniper
Network's JunOS uses '#' as a comment character, and so Juniper could
adopt the convention of using '## JunOS device configuration file' (or
some other string, to be chosen and documented by the vendor)."

Note that I have *not* included this is the newly posted version yet,
as I think it needs some polishing...

Sure.  This text works as a means to know if decryption works.  But (and I haven’t tried this), if I point IOS to just some random bytes via option 150, I think it will try to load it (I know that some file extensions like .tcl and .py will be considered).  So you might not need to worry so much about what if decryption works as to know what should be attempted to be decrypted.

Joe