Re: [Rats] do not address yang warnings by making nodes writable

"Eric Voit (evoit)" <evoit@cisco.com> Fri, 19 February 2021 16:36 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A7D3A121E for <rats@ietfa.amsl.com>; Fri, 19 Feb 2021 08:36:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.602
X-Spam-Level:
X-Spam-Status: No, score=-9.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=mmyprHDD; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=xXY3nqpq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sCARr7VeNRNJ for <rats@ietfa.amsl.com>; Fri, 19 Feb 2021 08:36:04 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA523A131C for <rats@ietf.org>; Fri, 19 Feb 2021 08:35:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9408; q=dns/txt; s=iport; t=1613752546; x=1614962146; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=nwHr6okfeV67R6TfJqoN1UKorPZxymUcaN/yls/VaYw=; b=mmyprHDDNy4qL3JK81ig8xmWVVhUP0NHTF4ooJh1/Kmhii1EiAvcPn3k b74z7srGIsUn7oBrpVHQKUGTccBlIFfVypk9IH7F2ZxLwUlDnP+hR+lrx CJ6Oe8eRRii0yceFFnvJCRnfboCtDVNcwEM9JobsttWOjHRNyJex1Vrou o=;
X-Files: smime.p7s : 3975
X-IPAS-Result: =?us-ascii?q?A0BaAwA46C9gmIkNJK1fA4EJgyJRfSwuNjEKh38Djg4Dm?= =?us-ascii?q?R6CUwNUBAcBAQEKAwEBHQsKAgQBAYFYgnUCggwCJTgTAgMBAQEDAgMBAQEBB?= =?us-ascii?q?QEBAQIBBgQUAQEBAQEBAQGGNg2GRAEBAQMBAQE+AQEsBAcBBAkCAgEIDgIFA?= =?us-ascii?q?y4CGQwLJQIEAQ0FCAYNglABgX5XAw4RDwEOo3ACiiV0gTSDBAEBBoUbGIILB?= =?us-ascii?q?wMGBYEzgVOBI4pLJhyBQUGBEUOCKS4+gl0BAYFhFQomgwOCK4FZawYCYjMkF?= =?us-ascii?q?0SBJwIUXJBEjBGBc5pdCoJ7gRuDTYJqlGCDMZBDj0yUR4IJoAACBAIEBQIOA?= =?us-ascii?q?QEGgWshgVlwFTuCaVAXAg2OKw0Jg00zhGGFRXM3AgYBCQEBAwl8iFUtgQYBg?= =?us-ascii?q?Q4BAQ?=
IronPort-PHdr: =?us-ascii?q?9a23=3AaWrtyhMAcG2yrY0IPdIl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEvK493l3AVoLR8LdZjevIvrr7WHARp5qM4zgOc51JAh?= =?us-ascii?q?kCj8he3wktG9WMBkCzKvn2Jzc7E8JPWB4AnTm7PEFZFdy4awjUpXu/vjwbER?= =?us-ascii?q?L1Lk9oIOXrF5TJjtimkey/qNXfZgxSj2+7ZrV/ZBy9sQTWsJwQho1vT8R5yh?= =?us-ascii?q?bArnZSPepMwmY9LlOIlBG67cC1r5M=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,189,1610409600"; d="p7s'?scan'208";a="650027105"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Feb 2021 16:35:44 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 11JGZirn010234 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 19 Feb 2021 16:35:44 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 19 Feb 2021 10:35:42 -0600
Received: from xfe-aln-001.cisco.com (173.37.135.121) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 19 Feb 2021 11:35:33 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Fri, 19 Feb 2021 10:35:33 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eVFF19lN1Uk9uOHirL0w2WGL9FJnPG39J8w3tn2BNO37ZpRZ7icCR+euw+Ng2QXEaMOcaiBjbyMjWD9oxbPFtuLgsgRwtbMEKlabcat7iJzalnRVtTCqqPgakFtF1yd6f5N7ExFh3ynzlV4EkJ/ekGaU4SW7VktrkH+FEROtksC31GBSKSjHqu/Qy0GoGAAWIw2DoBmAa/Ge4e2FUvj6x1dGYyUgTJgPkpr8jisH6DoXxk9b0MJy+wXuEHkOGOqVnQwF8g+W+K1owQypWlid3mPIpT43fGF1vKbJA6IZrc7J+N2tRqF9Bo+sdtNFfyiD4Ri5s+Tzm3xFaG62dypi+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TbFqFaEu4RFT+n0RNsRYN9RrWK2lYuwLABg+dK3QGeI=; b=NY3ldg23zmNeHcmLCubci7l2sZ6zqm1Sc5mftVpvE1vUZqKGs7Y5jUgNmwc/bO6z98JKZ7RpkWMMTv5qMXvF3efKwHnPXXoGV87KuzpNpZsqCm9zKZvmm3970DqyQbz6W+AtvlDZexsW1OPoXEu9ZMfyOP4xaPxmuqjBy3mfZFrQmtF4TAWQPQFOOQ+vOyV6jfzfW9X88JYofr+foViybbXJMdew+TlfzkzGhzVhBBj2qkiQC5EaRJbALfzVQT9KFUbNxBj6fq9AHoH0u/TcojFOYB5y9e+ixwG3IfOdiQjgaNQWk4YB+RVfJTqoUEgmCGoYocZbbv3dX2ETB+cUwg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TbFqFaEu4RFT+n0RNsRYN9RrWK2lYuwLABg+dK3QGeI=; b=xXY3nqpqSaLkthh4mALVUo8DBhzMVdLlXP13osaxMAfaUhfB/3PUUqJI8hJ8RE32fZF3jhCFXtSUma5106G3sORQ6h2DlM8Z/AW2AU1riv9MyDB/r3X7AHRSEnm4DDmLXBfFWXM505w9tdsn/RNZ4MC9cVInrYPQX/7aAMN20Jg=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4758.namprd11.prod.outlook.com (2603:10b6:208:260::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Fri, 19 Feb 2021 16:35:32 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::88f5:c7e1:3338:cecf]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::88f5:c7e1:3338:cecf%3]) with mapi id 15.20.3846.042; Fri, 19 Feb 2021 16:35:32 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "Michael Richardson" <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] do not address yang warnings by making nodes writable
Thread-Index: AQHXBtiPzfKDgDt1JUWIk0bm075RU6pfpH2Q
Date: Fri, 19 Feb 2021 16:35:32 +0000
Message-ID: <BL0PR11MB312290AB0F53053548E1D43DA1849@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <20210219131122.4b3qt7kgapmgv3ax@anna.jacobs.jacobs-university.de> <17694.1613745400@localhost> <20210219160103.26mds5wtenqtfbct@anna.jacobs.jacobs-university.de>
In-Reply-To: <20210219160103.26mds5wtenqtfbct@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: jacobs-university.de; dkim=none (message not signed) header.d=none;jacobs-university.de; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [108.18.141.61]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3785c63d-002d-4f9b-39a9-08d8d4f46018
x-ms-traffictypediagnostic: MN2PR11MB4758:
x-microsoft-antispam-prvs: <MN2PR11MB4758AE238F09977E3E1B39E1A1849@MN2PR11MB4758.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cRgzBFDFCGBYa1GggdwQJ9BC6e8LknES4MkY+43cFRJRR7CTl4jan3+9At7aEI7UrbrvSPKuVLzZaTQs6yjRk+QlJ5wDJ3QxPpl46tN71zcgf8rplohPQV5npAN3ue/ELoAyeHCRGGGf9yjxCUjASLoOhyVKP8Ja1XS5Euj1U2W/cw5QPIVJHl1QjJNEJUc8RfYFg1GsZ2AShQEudg3ArsPMO0oo2K3c0ZYlJ6Dbiu6LUlhPYA3rXTkZ+K0gM8qnQY+PqYXbAx3mWwzqwh0BEkxL9+vX/mW8AdboEM70WE98w2xBZQCKxXUmW4s7Bl/OvsGsIOv+3fELqepY5s28UVKd2wOKKaeO+UrnOxtrl8S5UK1toLeDGSxpbObxfXnUNOIF4qsAPQkHdDY2jAw8KuOlFKpu0+GRbYZ8fn4r771lneoAnwmrfD3aAlYNRpmJq0DgBauR2BuBV0lYhgqTIX6LTuFe4//b1Hskqn+lVmiVicD3YRuBieNtSKq9Sz5gKtvUXHk9u7Uln0wUpZU7a9AmBLVUTW6LD5wJaOUlp3fElyc0PUP7dTv8giiEJY3CUjfJq8WedkdstOkATJJkU/7S2bGuMCMcUlzEfUweh1wZMK6+lgMDUE0dEW+qv1/PJo4q1xeqQzYDR8U5zttk1w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(366004)(376002)(346002)(39860400002)(7696005)(110136005)(316002)(83080400002)(83380400001)(66574015)(99936003)(6506007)(33656002)(66476007)(66446008)(66616009)(76116006)(55016002)(64756008)(9686003)(66556008)(5660300002)(52536014)(4326008)(71200400001)(8676002)(478600001)(86362001)(26005)(966005)(66946007)(2906002)(8936002)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?4bw3rYt3nPEI19EDwOejR3PInellUTqjYzfOugzfShVtP5d+K/O9LSPKC9?= =?iso-8859-1?Q?39JhAIy/CG/ihHACb+Y2Pv9+a2fjv5xiDFTD90AlRfzsPbMsoz52OhTwh/?= =?iso-8859-1?Q?1Vcw1c9D2H8HvZzqIISTyOxGi1WbuJ97ZcydWBhcQ7j6tuBLmjp4TyPjea?= =?iso-8859-1?Q?hL8cRdOkDgtlQ9Hp87tscLqTx8LmdpAc+lnRBE56b9ZdNdutXBZibS2Pi4?= =?iso-8859-1?Q?tZkDR1MTGTUgEU90UryyhrTKHs298xmMPabT0/xt0vrdMZd9dhnMmhVg5V?= =?iso-8859-1?Q?JUwa9DD80AvY/P0INbnRkFdq3QtFyfxmJo9pso4UguCDjoJSs44H1AzmT3?= =?iso-8859-1?Q?9ejC+x0LoSxA/mMGlsAb9q57+AsFK7iFqWvXq4y6IHdwDU10MoN+2JoaLA?= =?iso-8859-1?Q?e6kU42AGU8eqCxJeNSg+HYJnTy3KwTfHZ2EKG5Ww2+dGmmBsNO1TTCnRjO?= =?iso-8859-1?Q?7clt0dqLlpfiayi2FymLoAiFKGd2LBUuRgU+zk1mkYaO4NwVk/if7b8w8+?= =?iso-8859-1?Q?wU1yWglXQwhNJ3vyQnQMpfiKPUf53MmDkCNNhji2UO30GdefsiO9KKQgvZ?= =?iso-8859-1?Q?SQK3swj4x6GrBe9iGZY92102oAPsTsIncq8J7TcEsYpIuOZChUyJFuhoR8?= =?iso-8859-1?Q?MzRluu1emmK/CeOSEGDFCAm4IZ3yBrsvy8YsSPQ1RI9haQkk7oc8L6Gf4c?= =?iso-8859-1?Q?Rh/4q1dBGw8TDu1MgN805d8twymkUBEyDdLweEQdBpZiCo6GpUmp+jyYgv?= =?iso-8859-1?Q?1GCS2pylD77VksyhUBfCIb7QvEFZCjdB+DySZvlKhyboHTw37rClgDp51D?= =?iso-8859-1?Q?uMllVcARDVmEsVKj8wt1k0OjQ6FuytGKy7OgaEOGwpv9ex8IZ5PP/NJSLH?= =?iso-8859-1?Q?6YwReasxH4zvTBakGaLeSgW1a9OlOoPqBCbZb7CDXzvl6zdSkf01KtgN8t?= =?iso-8859-1?Q?eT18y/5hQi8XntEJ+EP2S7rzFwFmWZeCJ5spu6uR5NUA+LWjLRCrVqE3Z9?= =?iso-8859-1?Q?M5dfd7BzP/r1ovFuWhrbPeNdEVY34v9IjfJdkqLJCmxyK5/b7j9/qMDHL1?= =?iso-8859-1?Q?oTUcHFs71x69TQP+a3awkAzmUCEHIrjWV9Q43wfSP0Xjf65+98LG0QfZ70?= =?iso-8859-1?Q?jHJ7AtR21s8U/jT06FUs6bG4FGAOp5LstJ2xWq1VURAEQbmAnn6zAKW8Th?= =?iso-8859-1?Q?vS8+Ys329S5Izo5oSS5t/LMgLuHTcUQjKbSaZJiJYf3u7C57LHdmg+hW5D?= =?iso-8859-1?Q?iYwW/WnqCeyEUk7+Rr899tofsY258QZSI6Iag/T5GIl3erCTClso/7fuDL?= =?iso-8859-1?Q?y6HQXVW+/T7y9xNI4eYZOTs7MjzGeYYEeDpOIZiBGGAuN6NJ6RJAeJYL3c?= =?iso-8859-1?Q?4HjUmJkUBw?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0243_01D706B3.539BA1A0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3785c63d-002d-4f9b-39a9-08d8d4f46018
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Feb 2021 16:35:32.1174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5w2++o33SHrS2jUNT8al6y6g4tPGQbFfVjU193b0JReq5qp2cUGhQ+AfoqKWFpUu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4758
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fT0dAlnDwiqUS_BEoZ0q_5updAg>
Subject: Re: [Rats] do not address yang warnings by making nodes writable
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2021 16:36:07 -0000

Hi Juergen, 

> From: Juergen Schoenwaelder, February 19, 2021 11:01 AM
> 
> I do not know what the purpose of the MUST statements is since I did not
dig
> deeper but it could be that config is only applied to TPMs where the
configured
> version matches the version of the TPM. This would then require to
configure
> the version, much like we allow to provision interface configs even if
there is
> (currently) no matching interfaces.
>
> It could also be that the WG does not want to allow something to be
configured
> for a TPM version that does (currently) not exist. Even in that case, you
would
> have to convey the TPM version as part of the config and then have logic
> defined in description statements that such config snippets are to be
rejected
> (instead of being not applied).

This is closer to the purpose.  

The TPM is a hardware device* which will follow an API defined in another
standards body.   The TPM has firmware which will not be configured through
YANG model.  It is conceivable that new TPM firmware versions will be
exposed, so ENUMs cannot be used.   It is this firmware version which will
allow other relevant configuration operations to be applied.

So you cannot change the configuration datastore for this object (as it is
read internally).   But you also can't make the object as "config false", as
other configurable items depend on it.  If there is a proper way to document
such a relationship, it would be great to update the model so that the
relationship does not require the text currently in the description.   Any
suggestions?

* There are also such things as Virtual TPMs.  This model is intending to
frame YANG structures which can be reused should others want to build for
these as well.   But that is out-of-scope here.

Thanks,
Eric

> My point is that saying a leaf is rw config, it is expected to be used for
> validation, but it is not expected to be there is not working.
> 
> Personally, I prefer config that can be provisioned but may not be applied
if it
> does not match the resources (currently) available.
> Yes, this requires to check for possible differences between applied and
> provisioned (aka running) config but the opposite gets you into situation
where a
> hardware component failures leads to an invalid config and you are either
> bricked or in a mode hard to understand.
> 
> /js
> 
> On Fri, Feb 19, 2021 at 09:36:40AM -0500, Michael Richardson wrote:
> >
> > Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> >     > I doubt that this is a proper solution as you now have to
configure the
> >     > tpm-firmware-version. If you cannot configure this (as the
description
> >     > says), then the MUST may always be false, i.e, once you implement
this,
> >     > you will see that this does not work.
> >
> > I am not clueful about XPATH forcing "rw"... is there another solution?
> >
> > --
> > Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting
)
> >            Sandelman Software Works Inc, Ottawa and Worldwide
> >
> >
> >
> >
> 
> 
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats