Re: [Rats] do not address yang warnings by making nodes writable
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 05 March 2021 15:52 UTC
Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1372D3A2708 for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 07:52:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mkJQjWgttVl for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 07:52:49 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60087.outbound.protection.outlook.com [40.107.6.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49A6C3A2706 for <rats@ietf.org>; Fri, 5 Mar 2021 07:52:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cGpTVw5eW0tKZyBpVpKDk4REuhOA6Vt+cgOyVCJPsxXQs7c+530BCiQ5MKTpAL/5RnWTvHEMTd/oJhchxXYpaQfttj9WchTqr9WOYsqSO1m/Bz2tojUEsZuQ+9aGO+tSkK20aNJWioesMVxjAjjMphqeXDvUnm1ugfz0H1yvyvcOKAgE1eDW+WQJhnEZnKNmCKS+rImCdVXCESfY5cUEjtOrxKJPcSYcjNzdklmdQVfQQuv6QLdQQmAFXF6tLux592OYeq8Hb9+pGXIAXidE24wYmAp00w8DC8mHrRkYiRRnpR48JC0yshxVHIwNhj1LLgLobEE2YwimmY3wSs4bHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mCsVqcj5GAs8UAZlqH/5874gsQ5YZVmG2wNxppAQyzw=; b=fulDUeVsQO9qwmZa2EjI2UEhiY3PzyfxUn6kQkSMMGbkFRLzYKia2tB2+zuPvRWt9xLMzs7+79hAujAZ4OeYFHK4ziFVyqWMGiUooBtz9CHeycrsIons7LhLsufLj/gmz8ulYiXl2r2EQ9Tp4aYbmXhnJbeuuKJoyTmr1VRiYVGS1TQM6IazNwCEEktvcR/4B2+xITWslNuMZuzW4ixakLtiodMdtC+tr+au4bqV2G9VaS5bHt+Ra549vPof3/yWm4lk7oIr4sgiQChValqwEXKPKJKHEQYJhO8QlHoS09rgX2BW+X27oYczKawXr939EPQCFsns8PZkONSYHhbuDQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mCsVqcj5GAs8UAZlqH/5874gsQ5YZVmG2wNxppAQyzw=; b=oE2yGaZ8h9OIUyWqQzRPzcBZeFD6y5FATDtIvF44s0zWSEwn0FepNlRXJB1fyh+96Z74u0KmVg0B4yFnkIoV7C0hVJWj5hQFJfodG27b1SM0azzPOUvHR6v6JFP8NvKC6HEThbApQO7DB+DE+O1QALh+4u7fObgBCDoFXjhdJ8c=
Authentication-Results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=jacobs-university.de;
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23) by AM4P190MB0193.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:62::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Fri, 5 Mar 2021 15:52:46 +0000
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6]) by AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6%4]) with mapi id 15.20.3912.022; Fri, 5 Mar 2021 15:52:46 +0000
Date: Fri, 05 Mar 2021 16:52:45 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <20210305155245.p23ab4isvpn2vxdo@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Eric Voit (evoit)" <evoit@cisco.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
References: <20210219131122.4b3qt7kgapmgv3ax@anna.jacobs.jacobs-university.de> <17694.1613745400@localhost> <20210219160103.26mds5wtenqtfbct@anna.jacobs.jacobs-university.de> <BL0PR11MB312290AB0F53053548E1D43DA1849@BL0PR11MB3122.namprd11.prod.outlook.com> <20210305111144.ptkqpler3rjmgx6i@anna.jacobs.jacobs-university.de> <BL0PR11MB3122D8926C5143368F4C77C5A1969@BL0PR11MB3122.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BL0PR11MB3122D8926C5143368F4C77C5A1969@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Originating-IP: [212.201.44.244]
X-ClientProxiedBy: FRYP281CA0007.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::17) To AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (212.201.44.244) by FRYP281CA0007.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.13 via Frontend Transport; Fri, 5 Mar 2021 15:52:46 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 39e6a583-6fb9-4364-8a34-08d8dfeeb864
X-MS-TrafficTypeDiagnostic: AM4P190MB0193:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM4P190MB0193C1BF735E00EDA87D23CEDE969@AM4P190MB0193.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Wk/548CbT2nI+/6J19pb9GkvPYOe2GdMiEuFjR/wX8ZuhwBJdTMYsaJg9OcXs+hq2dNaBsGo1c60p11MEQIt6sS/Evwj8DdVpeCLxrNPZ/GRpm2ErykqWYjPNd+CUfkaSJvH6booQTot0GBz8LvJgxW0bfHtfh8wPLw5zvcmQHQ0gBGojRL+MWtZ+7TkuDI8n+VyDpPJBnwUFmlow4f1oY++zUj64MTDHbmnQjewhhqNr/PxjfGEndXEKpSE+tgISmqBrUw7d4Udtnjo2H73toF44hyNdSBLGJbY4zv7zZvoAYx9rxDoiUL+pUzsGp1zO4RPTiTZB+6QbVxbFuPwpMym0x+Djcon92E9uzDsz3qoh1H2Xm3kcUxur9RfrqrkaPY/qG99PLnC6T+3EhiQfGEmYyD1zjxLZU5+FMdTuBYtb2/6A2nE4g+2LLMnv92JnCnPEWcbdQidwfTZt/aVea213j+8eWtuZNUPohJO+3dqNhAZG7L+yw+SpbZE6xol7FpHVjwDWSTgLp8oYKz5aGno7EdjNu7eLqwJxX6GBOX23S15PbcJZQrGyJec5IEItI5CUpIVlHo1OoBYOUZVqB7gcbl5wLO6u+LO/FZPk68=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(346002)(396003)(39840400004)(136003)(366004)(376002)(54906003)(6486002)(53546011)(66556008)(316002)(786003)(86362001)(66476007)(83380400001)(26005)(966005)(3450700001)(66574015)(5660300002)(66946007)(186003)(1076003)(6496006)(956004)(52116002)(8676002)(2906002)(16526019)(478600001)(4326008)(6916009)(8936002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: CxhO8yttnIGXeeXt6m6/BS/CPA1dIzAmZKDtlQhjZSnEbPM7xPdvT6dMCfYpAEZtMpF98bSyUEWwrNrLPG7fsieHjGRGVO4Tp+6ohsPLLuJhvZHNsQPo0jSGfRUuqe9VkWFf+LTIZ3UIibZ12y8/pxjbFfm8xUPPn03ItuVmRdpMWbzozwK9lNq9nN15r7uYPyVtAceew+WmbANMDqANtWBXRfIm37JdIn6W9zGkjNC+YgiNKnoA9Wkyp0jXpSVzy4EBoqJr+tZPpdtb4qcMESVEyLhMFtKACiJEQSpwdh7J5yR9WiHtUtWNVteoAP21y/izP61ozD0WQvK/iQ/s6bTgllPTEWes2i9+rvSixgrWnKLAW97Qh2OJrEHt23sTZoUFNtU6/MQQFTxSy+4WTRAgA1iqEV8blyUQInfUQGdJzmvehUCYYkJJL7rk9clzU1bmZukil4HTBvZNla8EmtxVg+VfQbBKjWcbudihlNMAh46r9f7Bzfa/P9/GSikdZTciJAKnAlVWgi1igqAM0RZpjaFUX0hDMK0oFh1RyVgFM75/QJt5nLtnJHBGl73iYZYkRQ5wUdR0PNUvID4+hcXBTt3TgZNf7B8puHJJhlINouLLumyPUgQi3AJ6ACBhiEynP1aWqjDxLMBwReb+VIbp5dR9pwpbQVsmGhgVPeSzY/pK9/dmlwWWEtRgeptAmOvYCSk9Oel8lHo6SDcw07rlua2W9Bt2T5B/0kDVfY8DtjJkgJm0Vs0v+1ZOqoHqkL3Qnwe0Cq9ynezO/mcMZxHX4dVDmGBGvrMcRBQm1JUUUO9mLWcAuzZsUCSDN+kCBRlyYaDrRApaLLMgCcMFs5+Y1Wd+ZCtcrnoV0055IiogfrJfFwDX/3dFBbG4a2/rTa4PxmGSCNAE1ERBj9AIY/7VZfiFhyPXy+P7WeeSLhHoyPIstgNv5DhYkJFxv6Uubh8iXrBEiwXU9/StpYSlrsBe6RtzdclDyHqnu/ZYbNNcbENlP8Q55yDvduktAzUICYEe1bOOcLSRm98A/g+a5rsmuhJLoFDOE+AN5J46tPYU/WIZmSHhC8FtA3ekOsjXVi3c0Vf+peOwgwEgKyMPQ/AqS4deQJvGebyqgqt1wR9SK9zfpuqBQl8rKnw98OLrXy+0jJ7ECivPgRiDF0JwpADnm3sRbnQcS/LaCTh9KpyJQloEsZ3x4P5SBRY/UHp6SkT9c8pCuy6EGxWmxfxAgWwH7T5BD4bV250XTsTYxbXcQYuo0Qf+IIVfUch8UGhTmyH/9Umg+2JPNa7aLary7mzto8LVMtXSOivUVbr9GZK2lpKZhJi9BZVyGHIc/4Ud
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 39e6a583-6fb9-4364-8a34-08d8dfeeb864
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Mar 2021 15:52:46.3046 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: /8OgN+jS0W/wMUMRHhl8Bccj65sDybLGJmHN3LZYocK5Rp0dvHbY30PXee9mdfVlVqDnCGuf43bgVj7sJybvjoLgEkoF2r89qTwWlIpBN0A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0193
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/vBD_fxShMzDBabddnjqnjHbv7fw>
Subject: Re: [Rats] do not address yang warnings by making nodes writable
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 15:52:52 -0000
On Fri, Mar 05, 2021 at 03:42:54PM +0000, Eric Voit (evoit) wrote: > Hi Juergen, > > Where you say "this config applies to TPMs version X", we are accomplishing > a similar function via when statements, E.g.: > > uses TPM12-hash-algo { > when "tpm-firmware-version = 'taa:tpm12'"; > > It is possible to place what is currently within these 'when' statement to > instead be within the descriptions. But using 'when' statements seemed a > more robust approach. Except you had a broken config true node. > Based on our discussion, I can adjust that description of "leaf > tpm-firmware-version" to: "Identifies the cryptoprocessor API set > supported. This is automatically configured by the device and should not be > changed." This will eliminate the earlier text about a YANG warning and > NMDA. Is this a reasonable approach? Overwriting YANG semantics is not what you want. Perhaps you actually want to use a YANG feature to make parts of the model conditional to a feature indicating different TPM versions. Of, you already have an if-feature. It might well be that I do not understand what you are trying to achieve. /js > Thanks, > Eric > > > -----Original Message----- > > From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> > > Sent: Friday, March 5, 2021 6:12 AM > > To: Eric Voit (evoit) <evoit@cisco.com> > > Cc: Michael Richardson <mcr+ietf@sandelman.ca>; rats@ietf.org > > Subject: Re: [Rats] do not address yang warnings by making nodes writable > > > > Eric, > > > > I think you want to configure that "this config applies to TPMs version > X", i.e., > > you configure the version that needs to match the TPMs version so that > your > > config can apply, you are of course not configuring the TPM's version > (that > > would require a TPM configuration model but as you write, for many TPMs > this > > will be by design not configurable). > > > > For network interfaces, we do the same: You write down the configuration > of a > > network interface and we expect that the configuration only gets applied > if a > > matching network interface is actually present. (This is basically where > the > > difference between intended configuration and applied configuration comes > > into play.) > > > > /js > > > > On Fri, Feb 19, 2021 at 04:35:32PM +0000, Eric Voit (evoit) wrote: > > > Hi Juergen, > > > > > > > From: Juergen Schoenwaelder, February 19, 2021 11:01 AM > > > > > > > > I do not know what the purpose of the MUST statements is since I did > > > > not > > > dig > > > > deeper but it could be that config is only applied to TPMs where the > > > configured > > > > version matches the version of the TPM. This would then require to > > > configure > > > > the version, much like we allow to provision interface configs even > > > > if > > > there is > > > > (currently) no matching interfaces. > > > > > > > > It could also be that the WG does not want to allow something to be > > > configured > > > > for a TPM version that does (currently) not exist. Even in that > > > > case, you > > > would > > > > have to convey the TPM version as part of the config and then have > > > > logic defined in description statements that such config snippets > > > > are to be > > > rejected > > > > (instead of being not applied). > > > > > > This is closer to the purpose. > > > > > > The TPM is a hardware device* which will follow an API defined in > another > > > standards body. The TPM has firmware which will not be configured > through > > > YANG model. It is conceivable that new TPM firmware versions will be > > > exposed, so ENUMs cannot be used. It is this firmware version which > will > > > allow other relevant configuration operations to be applied. > > > > > > So you cannot change the configuration datastore for this object (as it > is > > > read internally). But you also can't make the object as "config > false", as > > > other configurable items depend on it. If there is a proper way to > > > document such a relationship, it would be great to update the model so > that > > the > > > relationship does not require the text currently in the description. > Any > > > suggestions? > > > > > > * There are also such things as Virtual TPMs. This model is intending > > > to frame YANG structures which can be reused should others want to build > for > > > these as well. But that is out-of-scope here. > > > > > > Thanks, > > > Eric > > > > > > > My point is that saying a leaf is rw config, it is expected to be > > > > used for validation, but it is not expected to be there is not > working. > > > > > > > > Personally, I prefer config that can be provisioned but may not be > > > > applied > > > if it > > > > does not match the resources (currently) available. > > > > Yes, this requires to check for possible differences between applied > > > > and provisioned (aka running) config but the opposite gets you into > > > > situation > > > where a > > > > hardware component failures leads to an invalid config and you are > > > > either bricked or in a mode hard to understand. > > > > > > > > /js > > > > > > > > On Fri, Feb 19, 2021 at 09:36:40AM -0500, Michael Richardson wrote: > > > > > > > > > > Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote: > > > > > > I doubt that this is a proper solution as you now have to > > > configure the > > > > > > tpm-firmware-version. If you cannot configure this (as the > > > description > > > > > > says), then the MUST may always be false, i.e, once you > > > > > implement > > > this, > > > > > > you will see that this does not work. > > > > > > > > > > I am not clueful about XPATH forcing "rw"... is there another > solution? > > > > > > > > > > -- > > > > > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT > consulting > > > ) > > > > > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Juergen Schoenwaelder Jacobs University Bremen gGmbH > > > > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > > > > Fax: +49 421 200 3103 <https://www.jacobs-university.de/> > > > > > > > > _______________________________________________ > > > > RATS mailing list > > > > RATS@ietf.org > > > > https://www.ietf.org/mailman/listinfo/rats > > > > > > > > -- > > Juergen Schoenwaelder Jacobs University Bremen gGmbH > > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany > > Fax: +49 421 200 3103 <https://www.jacobs-university.de/> -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- [Rats] do not address yang warnings by making nod… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Michael Richardson
- Re: [Rats] do not address yang warnings by making… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Eric Voit (evoit)
- Re: [Rats] do not address yang warnings by making… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Eric Voit (evoit)
- Re: [Rats] do not address yang warnings by making… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Eric Voit (evoit)
- Re: [Rats] do not address yang warnings by making… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Eric Voit (evoit)
- Re: [Rats] do not address yang warnings by making… Juergen Schoenwaelder
- Re: [Rats] do not address yang warnings by making… Eric Voit (evoit)