Re: [secdir] review of draft-ietf-netconf-nmda-restconf-04

Juergen Schoenwaelder <> Mon, 16 July 2018 10:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 447B3130FEC; Mon, 16 Jul 2018 03:42:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WzxWeTXba4Ta; Mon, 16 Jul 2018 03:42:29 -0700 (PDT)
Received: from anna.localdomain ( [IPv6:2001:638:709:5::7]) by (Postfix) with ESMTP id B259B130FE9; Mon, 16 Jul 2018 03:42:29 -0700 (PDT)
Received: by anna.localdomain (Postfix, from userid 501) id 41650233FEEE; Mon, 16 Jul 2018 12:42:25 +0200 (CEST)
Date: Mon, 16 Jul 2018 12:42:25 +0200
From: Juergen Schoenwaelder <>
To: Mahesh Jethanandani <>
Cc: Daniel Harkins <>, Kent Watsen <>, The IESG <>, "" <>, "" <>
Message-ID: <>
Reply-To: Juergen Schoenwaelder <>
Mail-Followup-To: Mahesh Jethanandani <>, Daniel Harkins <>, Kent Watsen <>, The IESG <>, "" <>, "" <>
References: <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: NeoMutt/20180622
Archived-At: <>
Subject: Re: [secdir] review of draft-ietf-netconf-nmda-restconf-04
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Jul 2018 10:42:33 -0000

On Mon, Jul 09, 2018 at 05:48:53PM -0700, Mahesh Jethanandani wrote:
> There have been a few comments that have been made to the version of the draft that has been submitted to IESG. While we wait for other comments to be provided, and direction of when an update should be provided, who amongst the authors is updating GitHub with these changes? 
> I am concerned we might lose track of the changes that need to be made.
> Here are the changes that I am aware of for nmda-restconf. I can compile a similar list for nmda-netconf if needed.

Having a list of outstanding edits for nmda-netconf would be nice as well
so we can make the edits on github.
> Kent’s comment on nmda-restconf operations (thread <> from today).

Given that lock and unlock require session semantics, I think the
resolution should be to add.

   A RESTCONF server supporting NMDA datastores MAY implement the
   "ietf-netconf-nmda" [I-D. ietf-netconf-nmda-netconf] module to
   enable the NETCONF operations defined in this draft to appear
   under the {+restconf}/operations resource.

But then, what is the value of this? You do not need get-data and
edit-data with RESTCONF since you can send GET/POST/PATCH straight to
the datastore resources. I guess I am still unclear which problem we
are trying to solve by adding this (or a similar) statement.

> Dan’s comment on this thread (also from today, but is not on netconf mailing list)

Not sure which one you mean.

> Russ’s Genart review (thread <> from June 28)

Not sure what the resolution is, removing the example text or trying
to better explain that this is example text.

> Rohit’s change-2 comments provided for nmda-netconf, that are applicable for nmda-restconf (thread <> from June 1)

The inclusion of an example showing the usage of
negated-origin-filter? This was an nmda netconf command. We do not
seem to have an origin filter in nmda restconf, this is an nmda
netconf only feature?

> Anything else that I missing?

Not that I recall.


Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <>