Re: [secdir] review of draft-ietf-netconf-nmda-restconf-04

Kent Watsen <kwatsen@juniper.net> Thu, 05 July 2018 14:46 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9969130E7F; Thu, 5 Jul 2018 07:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ojCqtTALhCu; Thu, 5 Jul 2018 07:46:13 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68FD4130E7B; Thu, 5 Jul 2018 07:46:12 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w65EhTD4012224; Thu, 5 Jul 2018 07:46:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=R7QkIXmwaYaqqA4Npa64pP3seZ0M0VvkZw9pVedAVWM=; b=niX3IDY1IV+JhtiBGNxcHzzTZjr3rIcYe3c4jNF8JAVLzNc4M2zI7p0NbTGf5OjcrqA9 ZqKlM94gjUs/ZzM2vn1/mYMnTjweEQI2/7wG0aMRwqeN9FYK6szV/QeaVX/cZgNUp8s4 UuXcU5yUVHtw1LP9V4BZ38HPd7e/Jg97jY5I1KWjbzqAXxJroMJ1G3XThupijAQM/DU5 M2VFHnuaLCGiY/KL4OHKpS+Ja0JWfLWWjUQUvuRELrgX5Ru8GbEhoYqviHryH/FdIthJ uMOCjUEirmPaPMHHsUMr+wefAt0sqy5rIXHAq8frf5HQ83maZS+j1DAEmWKJTy4tbpcS jA==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp0054.outbound.protection.outlook.com [216.32.181.54]) by mx0b-00273201.pphosted.com with ESMTP id 2k1j6g8e77-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 05 Jul 2018 07:46:11 -0700
Received: from BYAPR05MB4230.namprd05.prod.outlook.com (52.135.200.153) by BYAPR05MB4615.namprd05.prod.outlook.com (52.135.233.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.7; Thu, 5 Jul 2018 14:46:09 +0000
Received: from BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::959d:9fbe:90e4:3cc]) by BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::959d:9fbe:90e4:3cc%4]) with mapi id 15.20.0930.016; Thu, 5 Jul 2018 14:46:09 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Daniel Harkins <dharkins@lounge.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-netconf-nmda-restconf.all@ietf.org" <draft-ietf-netconf-nmda-restconf.all@ietf.org>
Thread-Topic: review of draft-ietf-netconf-nmda-restconf-04
Thread-Index: AQHUEvw7xz8IkgWC60ughtUiyRctB6R/Aq4AgABbSACAAAdiAIAAE/8AgAD7cwA=
Date: Thu, 5 Jul 2018 14:46:09 +0000
Message-ID: <DB8ED828-D18F-4AEF-A7AB-884D085ECDA7@juniper.net>
References: <f919a44f-d93b-f399-cc5d-1353c1c5b57d@lounge.org> <20180704124128.qpr7tunjw5quiex6@anna.jacobs.jacobs-university.de> <9b2f8091-9ead-e188-ee34-1acfead2dcd2@lounge.org> <20180704183436.zjzwz4vowqi5phz7@anna.jacobs.jacobs-university.de> <14e7ae2d-90ae-32c5-c814-a2d31e9f1a4e@lounge.org>
In-Reply-To: <14e7ae2d-90ae-32c5-c814-a2d31e9f1a4e@lounge.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4615; 7:Hea0jFsCXXvINYXuPxAWeQJgixe8TG8MMwUGkKABGE4U08ZEwlsdhfKswiwsNW7wn22E1fbX23Tee27g5u5f0fWW4p0yh2/yfFszJ/nxvSLWq7kBbCPhsONQiBecD6lvwvWMjrWAzBIZbuekbgmdgOcXoBA1en7HuA/mk9GvA+vDOSyBsnV0XrTB7H7iIGCjzjclYAHhVTW+fMskjwtR+ui59tAZoNmnPI54nI4tBEIV/QYz0sATklunHheKs29g
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 1f098925-088c-478a-1618-08d5e2860bb1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4615;
x-ms-traffictypediagnostic: BYAPR05MB4615:
x-microsoft-antispam-prvs: <BYAPR05MB461500AE429D6AC3C97CA145A5400@BYAPR05MB4615.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(10436049006162);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231280)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:BYAPR05MB4615; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4615;
x-forefront-prvs: 0724FCD4CD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(136003)(366004)(39860400002)(199004)(189003)(51444003)(76094002)(102836004)(3846002)(6116002)(99286004)(7736002)(105586002)(106356001)(305945005)(316002)(58126008)(11346002)(476003)(229853002)(33656002)(2900100001)(53546011)(6506007)(110136005)(76176011)(68736007)(486006)(2616005)(26005)(6486002)(2906002)(36756003)(446003)(8936002)(14454004)(66066001)(5660300001)(478600001)(25786009)(256004)(86362001)(6246003)(2201001)(82746002)(93886005)(53936002)(8676002)(186003)(97736004)(83716003)(2501003)(6306002)(6436002)(81156014)(81166006)(5250100002)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4615; H:BYAPR05MB4230.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: UQphDbFN7v9bHBcqDcmy/6Mjx+q+pVD61Vp87DMlSWOO+iM+9X+Xvy+pDT3k25Lt/zeoiRZLfFJvGFqZyLW+3L5ewmdS8fhiQ0kyJPsS1e930v+FIAfP1TdzKAlMULiySwF1P1CkGKGZgRpV+qpcUnplv1ifmb7MLCXvBZGXscBSZAGKApmicNFB3yi2yyEXfRJ6TRDRUdWtC8fW0pvNTNxQD5fMPFn7D90p/yUD8XEAaDqaSA9SIzcqlVKi3FcXbCw37t6pmk/3ViTuX25gU3SVUxKbNqHlzdskgkTf847iJnTeAazpwTu8QpkrhtIm3n0OQ2H19ELNW8ZElnsvS2oFd7Sa7dlGQq+2IyYDTs0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <E46CB86765B0664C9E13C39A8E261517@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f098925-088c-478a-1618-08d5e2860bb1
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2018 14:46:09.0932 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4615
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-05_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807050169
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/e6poZJif_9eYDH6M3ov9h0GEz1w>
Subject: Re: [secdir] review of draft-ietf-netconf-nmda-restconf-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 14:46:16 -0000

I think that the current wording is okay, but I'm okay with changing
it too. How about this?


OLD:
   The "with-defaults" query parameter ([RFC8040], Section 4.8.9) is
   optional to support when interacting with {+restconf}/ds/ietf-
   datastores:operational.  The associated capability to indicate a
   server's support is identified with the URI:

NEW:
   The "with-defaults" query parameter ([RFC8040], Section 4.8.9) 
   MAY be supported for the operational state datastore.  Support
   for the "with-defaults" query parameter for the operational
   state datastore is identified with the URI:



OLD:
   The "with-origin" query parameter is optional to support.  It is
   identified with the URI:

NEW:
   The "with-origin" query parameter MAY be supported.  Support
   for the "with-origin" query parameter is identified with the
   URI:



FWIW, elsewhere in the draft is another "optional" usage that could
be changed:

 OLD:
   An NMDA-compliant server MUST implement {+restconf}/ds/ietf-
   datastores:operational.  Other datastore resources are optional to
   implement.

 NEW:
   An NMDA-compliant server MUST implement {+restconf}/ds/ietf-
   datastores:operational.  Other datastore resources MAY be
   implemented.



Comments?

Kent  // co-author



On 7/4/18 11:34 AM, Juergen Schoenwaelder wrote:
> On Wed, Jul 04, 2018 at 11:08:10AM -0700, Daniel Harkins wrote:
>>
>>    I'm suggesting SHOULD _or_ MAY and I thought where would be obvious.
>> It is the places that say "optional to support" in 3.2.1. and 3.2.2 as
>> I indicated. For example, 3.2.1 says,
>>
>>     The "with-defaults" query parameter ([RFC8040], Section 4.8.9 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc8040-23section-2D4.8.9&d=DwIDaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=fApqY-LnEgjm4NbObNcu5L44jAZ2UYJz0CWl5q4U0YE&s=r65kakpgV3OSbY6iIzByXMmqvV-45Vo9wkXZHji8jlk&e=>) is
>>     optional to support when interacting with {+restconf}/ds/ietf-
>>     datastores:operational.
>>
>> 3.2.2 has similar text. As to why, it is for consistency and clarity in
>> expressing what you want.
>>
> What is unclear about 'optional to support'? RFC 8040 uses similar
> language and I do not recall that anyone had a problem with this so
> far.

   If you want to reject my comment then just reject my comment. It was made
in the spirit of improving your draft which apparently you take issue with
for some bizarre reason. If someone outside the RFC 8040 bubble you seem 
to be
living in found the wording lacking in clarity then it would seem logical to
infer that maybe others might too. Just a thought.

   Dan.