Re: [Rats] do not address yang warnings by making nodes writable

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 05 March 2021 11:11 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A143A23A4 for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 03:11:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lni0eo9JBmdh for <rats@ietfa.amsl.com>; Fri, 5 Mar 2021 03:11:49 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140078.outbound.protection.outlook.com [40.107.14.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D069A3A1920 for <rats@ietf.org>; Fri, 5 Mar 2021 03:11:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EyNB1ofIJmOB8XMuFe8z81T8bRVUv8cbIhGqtd4FfYqZmqntmCkc8qYmtg8VAbCEGgMUhyEGQhYzZWFRZTNl+ngfdmq9hWb0M8kKkAm4Z/w00INYuPwqcM4m8P9F2oSdezlsqdRJkkr3sCB1AYbOcYfHLFpSaEHRS9UkosY8v/Y9CkgHVWyHqDppoQQy7/oQZ5IYP6mfn+DZt6GGUzDbyRJuVbGHg38DVxLEKNjBaJJTkDNK9XR7/dP1XB4oHuhajy123rUFk4Ta4QyyAlYte/4X6qOG7K3hzjhsJ9+5suIk3ooMVfigAj8tJcPqhpsFhWhAKN3qZ4SZWK7ARTyudw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zp5Gspe7Ay/5CFMJL4zZozzA6OCn87pWCyge7PsfzRQ=; b=BU8O3Lp8mxoxrq6crbtEJFkHWWeK06UXevtnlnbgfanwrM3ybt2Kk7e74cbyO7RwVaYdj9N2EEfHFT80GW9av26coJ7cM3h3UiCWCljfmfh8/kw/y35DIYXp2GHYvw6LprR7s+Ldv2blx89pI5cDDyjD4T/P7IxsIn8U+4U0ZcjchOS/18rH4pXqxTOM6z93zqD/oo6uMpXZR+rZHp4UQkmOuixigzeVDMNKukPWgkIu9fwwrAzQVRWMPjWNLE1DJW79ZkzmKtQoiCSzC9fxdtFajOstU1w5bNrZ51HT0dAN/lOwUiYAa32TolrCMPGmCPTswcSM6Oc7canCHD2XIQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zp5Gspe7Ay/5CFMJL4zZozzA6OCn87pWCyge7PsfzRQ=; b=NQDuMJq30nve8OULeL6YDvq/SKDWmby5g/VZVT7TPdBffYXBxi5bn9NmTFVb7rqFp0dBcmKTXiOT9cI7TRzd2fLz08a0KoUAZBXgPIAR2/4C0RieSB/i144LsK9aZl5QITobOaUkom2vhrr9o5XQW4l01uyVqHKKH1dIYQ3KBz0=
Authentication-Results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=jacobs-university.de;
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23) by AM9P190MB1251.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:26d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.23; Fri, 5 Mar 2021 11:11:45 +0000
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6]) by AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6%4]) with mapi id 15.20.3912.022; Fri, 5 Mar 2021 11:11:45 +0000
Date: Fri, 5 Mar 2021 12:11:44 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Message-ID: <20210305111144.ptkqpler3rjmgx6i@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Eric Voit (evoit)" <evoit@cisco.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
References: <20210219131122.4b3qt7kgapmgv3ax@anna.jacobs.jacobs-university.de> <17694.1613745400@localhost> <20210219160103.26mds5wtenqtfbct@anna.jacobs.jacobs-university.de> <BL0PR11MB312290AB0F53053548E1D43DA1849@BL0PR11MB3122.namprd11.prod.outlook.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BL0PR11MB312290AB0F53053548E1D43DA1849@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Originating-IP: [212.201.44.244]
X-ClientProxiedBy: AM0PR03CA0032.eurprd03.prod.outlook.com (2603:10a6:208:14::45) To AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (212.201.44.244) by AM0PR03CA0032.eurprd03.prod.outlook.com (2603:10a6:208:14::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Fri, 5 Mar 2021 11:11:45 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 34304903-b8d1-4520-72b7-08d8dfc7768f
X-MS-TrafficTypeDiagnostic: AM9P190MB1251:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM9P190MB1251E36160600F1F975612BBDE969@AM9P190MB1251.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 3rQQdq/Thtwx4iUcdn/H4ytPw2hHGr/ejNSmNipNygQPsBQQ4nD3kVe15NDhsls63oenr/KF3zWUqxG3fwNXfY90vXAaXEgxNExH0TJuPNUlDK5qolSLlWYZb1YetBgjskas0DPH4zreLF9bbIZkAsWLoSEpcxjjzrU2Inl4+cvhUjf7EryB2Hyn+/a52IyTBvolLJcCh0bIFiFZV5eWT1+7dBia2VbP+tAPfnBzKp73Rx3opP8FI24pjWBLcN/iKCyoXsck84Ii7GhCGZDoQtikJtSRY5TYaZFe9USBgUZUrz+RCTsOSDsUY41WIQgxQqe8WsA8TAqWYCPFu8JvsNeF1Yex+hRLH1IS9h5sPY5yTaNeqDZQZvcPmsWxlidcHy3MuxpYh16+DpWCSPbaA/vaa+QH22AyaCA1Kyv9eqUhT0sOXKsxKHvxhEoASAB66IS8JsHCM/Erm/9fAEPN9fhpFusZP7+uzJiUaLiynMHym/RRpDobludlxi5z6BMYXG/ex6rS2EK59UsVwZgx2IvjIiWzUOkwQ2Qr8JtDoDs4ImY95SYAxFHJpt1iLKfh/9EzW1CoFF0cHA9NksOfk/9U3cQz3cSjScUlDo+VrDk=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(136003)(366004)(39850400004)(396003)(346002)(52116002)(6916009)(16526019)(786003)(3450700001)(66556008)(66946007)(956004)(6496006)(66476007)(316002)(8676002)(4326008)(54906003)(2906002)(966005)(5660300002)(186003)(6486002)(26005)(86362001)(1076003)(66574015)(83380400001)(478600001)(8936002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?iso-8859-1?Q?pxewTwes++R9Gff9ymmzNyFw8zI84pJ0+kru2RdEDM/tFPhxEkUiWC+j9h?= =?iso-8859-1?Q?oIkhpQEvzJ9RQfdRxEHZtdS4Ac13VrjRuBFWCNLQeTL3o46sWVfKGHNSfx?= =?iso-8859-1?Q?1F/rQhxEYFPYk4nxwRfdVgHDVZgChI/CGa1T9laK22Tidz2lFSoR/0dSsi?= =?iso-8859-1?Q?FTGFpI7mniTZAkd0+qVedCrgZz6aQnvd+lGAd+kJPbVHx3s9Cyi8ugbAsl?= =?iso-8859-1?Q?XH2WMG/gnTHGLTHePkNVRYKMrcXHlGSQt2b5TAKi8tgCQVK7zoOTcP2GkM?= =?iso-8859-1?Q?zommw7TDc2asOgb1sZRSJHLEDxtIAvMfuzOEZrQtemVNu91ovNGeDvzMdW?= =?iso-8859-1?Q?aMPvDSlIx50iRBcABdx5XhUarCj9eFzY47BGzI7mXSr3WxcHXCPkqVe9Vt?= =?iso-8859-1?Q?5SpavAx2919nsPMxMMhDHSmPB44i+TDq3njWn9JgSMVNXMawQ6ewVQFeDN?= =?iso-8859-1?Q?TPV46H6qlY4r+F/NvSG7JpHuYEPxP8qz/mmxuvJK8Ay0vFabAilP+FA5G2?= =?iso-8859-1?Q?rSkcuoAsik0zTpjAezPeRZvfDQLktWTXfFNBY90T4k14f2le8qkQZetLLc?= =?iso-8859-1?Q?SwBaYZCMBWECTwX+dqvM0D1ck8FtQCyJ5kzCget/eLFWiTpxoSTXgnvSXG?= =?iso-8859-1?Q?a3MGC3xvnGmZLkArIvzUaq5qeEaUclLHDBeXAH1djSoeNkXwGsRN28TSYD?= =?iso-8859-1?Q?/kKwbtwrhX/zd6s/L1D33CClU0exIVlLVLlRCkqiqLxMjpiRY8icV7O6uU?= =?iso-8859-1?Q?XHTj6vUasiYFapmDuYwTZmNLNxvlfYo3+vCIlWTrFq+3hFSZRXvHy7tUKV?= =?iso-8859-1?Q?0n9NaqXbnU0msjHteROmGhS5t3Whws0SZVERpn3MTR1/AXzXjJg6Zdx6vX?= =?iso-8859-1?Q?+9AnRBOOi02m68yyEqDka3lwuyErFWXKpv1WTt+zWzsyPKrCo0I87oCybJ?= =?iso-8859-1?Q?t5IS2OuXtZQmY/VKEo7kPAy3tgVXZ2G9BoU4jO2USt1s3fanuzeEBJldOF?= =?iso-8859-1?Q?0Ib+jVZ0qi9U9+CWP/GT+YMJCT6Ckep9R+FytYL9Jc0MDdcHRa+G3Z1edv?= =?iso-8859-1?Q?RsExETKX8ier/2HvxMKzjqGkiYYHwTt8pH6I3O5kqhhJy5jXYgG3+tI9Sy?= =?iso-8859-1?Q?M14H1kZ6QE+5bucExgOd+ULv1EmZe4lFSHbQN3a1b/2TFcLEzV9+tqNlIP?= =?iso-8859-1?Q?yMU4CJxIgD7WUdHSoZlMrlhwYhV7lrpZoDDHqVwSxAOiPMVur2ULkJauOg?= =?iso-8859-1?Q?V+0neJqZtXAG79pZcmzRYGcchgZFWixGO/G49KMwu+s76qnFFjtwkcQpTh?= =?iso-8859-1?Q?idC+B9SnmXgtVk43n4/31dKDNx5sIfCwpvvWtqqFBTxAzwJrhzKmgk8Rfr?= =?iso-8859-1?Q?WJtf1v2snx?=
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 34304903-b8d1-4520-72b7-08d8dfc7768f
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Mar 2021 11:11:45.5066 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: TIr/PHryqzQ0j9e0G4H9JpE3eLLgiH0expM0SPuQMhYtc6lVaBZJh+QzCVGbwSIIjBUiJAO9LYyYthetHMjkp/mtfy1AJXGkdN5tZL9Rn3w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1251
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/wDoGAF44-FhLJxxNzRavPUetQoc>
Subject: Re: [Rats] do not address yang warnings by making nodes writable
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 11:11:51 -0000

Eric,

I think you want to configure that "this config applies to TPMs
version X", i.e., you configure the version that needs to match the
TPMs version so that your config can apply, you are of course not
configuring the TPM's version (that would require a TPM configuration
model but as you write, for many TPMs this will be by design not
configurable).

For network interfaces, we do the same: You write down the
configuration of a network interface and we expect that the
configuration only gets applied if a matching network interface is
actually present. (This is basically where the difference between
intended configuration and applied configuration comes into play.)

/js

On Fri, Feb 19, 2021 at 04:35:32PM +0000, Eric Voit (evoit) wrote:
> Hi Juergen, 
> 
> > From: Juergen Schoenwaelder, February 19, 2021 11:01 AM
> > 
> > I do not know what the purpose of the MUST statements is since I did not
> dig
> > deeper but it could be that config is only applied to TPMs where the
> configured
> > version matches the version of the TPM. This would then require to
> configure
> > the version, much like we allow to provision interface configs even if
> there is
> > (currently) no matching interfaces.
> >
> > It could also be that the WG does not want to allow something to be
> configured
> > for a TPM version that does (currently) not exist. Even in that case, you
> would
> > have to convey the TPM version as part of the config and then have logic
> > defined in description statements that such config snippets are to be
> rejected
> > (instead of being not applied).
> 
> This is closer to the purpose.  
> 
> The TPM is a hardware device* which will follow an API defined in another
> standards body.   The TPM has firmware which will not be configured through
> YANG model.  It is conceivable that new TPM firmware versions will be
> exposed, so ENUMs cannot be used.   It is this firmware version which will
> allow other relevant configuration operations to be applied.
> 
> So you cannot change the configuration datastore for this object (as it is
> read internally).   But you also can't make the object as "config false", as
> other configurable items depend on it.  If there is a proper way to document
> such a relationship, it would be great to update the model so that the
> relationship does not require the text currently in the description.   Any
> suggestions?
> 
> * There are also such things as Virtual TPMs.  This model is intending to
> frame YANG structures which can be reused should others want to build for
> these as well.   But that is out-of-scope here.
> 
> Thanks,
> Eric
> 
> > My point is that saying a leaf is rw config, it is expected to be used for
> > validation, but it is not expected to be there is not working.
> > 
> > Personally, I prefer config that can be provisioned but may not be applied
> if it
> > does not match the resources (currently) available.
> > Yes, this requires to check for possible differences between applied and
> > provisioned (aka running) config but the opposite gets you into situation
> where a
> > hardware component failures leads to an invalid config and you are either
> > bricked or in a mode hard to understand.
> > 
> > /js
> > 
> > On Fri, Feb 19, 2021 at 09:36:40AM -0500, Michael Richardson wrote:
> > >
> > > Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> wrote:
> > >     > I doubt that this is a proper solution as you now have to
> configure the
> > >     > tpm-firmware-version. If you cannot configure this (as the
> description
> > >     > says), then the MUST may always be false, i.e, once you implement
> this,
> > >     > you will see that this does not work.
> > >
> > > I am not clueful about XPATH forcing "rw"... is there another solution?
> > >
> > > --
> > > Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting
> )
> > >            Sandelman Software Works Inc, Ottawa and Worldwide
> > >
> > >
> > >
> > >
> > 
> > 
> > 
> > --
> > Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> > Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> > Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
> > 
> > _______________________________________________
> > RATS mailing list
> > RATS@ietf.org
> > https://www.ietf.org/mailman/listinfo/rats



-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>