Re: [yang-doctors] Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
"Joe Clarke (jclarke)" <jclarke@cisco.com> Mon, 04 May 2020 13:29 UTC
Return-Path: <jclarke@cisco.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722953A088C; Mon, 4 May 2020 06:29:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CoQ4klWB; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Ufi5CZQT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uX8o36yCOuG1; Mon, 4 May 2020 06:29:02 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE8D83A0889; Mon, 4 May 2020 06:29:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9117; q=dns/txt; s=iport; t=1588598941; x=1589808541; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=UD4hlyh5A0Lc0LoSqJrm5mVPZSwrWMISJIbWcW6uggg=; b=CoQ4klWBHfmGfNmA8hz2hnaOwnY0+KUtUyvT62oxjr7sDN0ipiS2bsmr NUc+42pQoBKUEU5NqYEMMt+qWUw4dHHWzZdIYAQ8llqfCCCD+0yDvA+5L j8VZgo5rK8SCGtIJ6Fq1rMdJ47HMVDs3LJXhyEEtR/5hV5XXOW/DWbc0Q s=;
IronPort-PHdr: 9a23:AezenxybNftlQnLXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZRSPt/NshxnCT9aT5/FFjr/QtKbtESwF7I2auX8POJpLS1ceiMoQkgBhZazNCUDyIPPwKSBvGsNEWQxj/nr9OloGUMr7bkfZ93u16zNaEx7jNA1zc+LyHIOaj8m+2+2ovZPJZAAdjzumarQ0JxKz/gg=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BcAQBwF7Be/51dJa1mHAEBAQEBAQcBARIBAQQEAQGBdgQBAQsBgVNRBW5YLyoKhBmDRgOhGYRjglIDVAsBAQEMAQElCAIEAQGERAIXgh0kNwYOAgMBAQsBAQUBAQECAQUEbYVWDIVyAgEDEhEdAQE3AQ8CAQg/AwICAjAUEQIEDgUbB4MEAYF+TQMuAQ6nVAKBOYhhdoEygwABAQWFThiCDgMGgTgBgmKJYRqBQT+BESccgk0+gmcCgU0XLoJlM4ILIpFJhhokmVd3CoJIiBiLOIRGHZ0gmWuQBINEAgQCBAUCDgEBBYFoI4FWcBU7KgGCCgEBMj4SGA2QQoNyhRSFQQF0NwIGAQcBAQMJfJA6AYEPAQE
X-IronPort-AV: E=Sophos;i="5.73,352,1583193600"; d="scan'208,217";a="754077804"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 May 2020 13:29:00 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 044DT00V011292 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 May 2020 13:29:00 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 May 2020 08:29:00 -0500
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 May 2020 09:28:59 -0400
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 4 May 2020 08:28:59 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eVrV6c0Yj2vaq+FoMa/DYCWJACEV24EiboYQxWxSLs7fw615SHX6HqBuzpYZb7lwMrgiTKl6xr5hFHAThUGSdPXG4XDXe1L1lcefsUNouYHGgD60sX5Ml0peQLCyigMbcXJak6N2uQUSKDUWemj9BMqREl5MEFl3ptVp5lEyMhpWFpAX8nd1rRQL3sSnVo3KL6r3goNAIDFYtwV9+Ro1KbH7dxg2fawFMmyqrSuwC2BrLbWWXbhsgG3kYNFuoG4KDtbPRnYQOpzaY5fuEjPJK+TAj2Y5vihACe+AbB1F+ZXufTTGIUEkVUAQipkfr0SFvObADZAWvjf+YDIR6M8RhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UD4hlyh5A0Lc0LoSqJrm5mVPZSwrWMISJIbWcW6uggg=; b=WLIPCiaCwBm+LlgCgnM8t4QWLRE7WtyjGGJ7yc+qScAArQNjMi9DVMX5hXMEWzXdQBRt61C3/VoYxP0K628Xnb3a24w7iMwucOdwXaQ+3HUBvc2+y0jfqq5smvZBe+CEs3GolRfTRdcrZnIrHSpPzPjnfnJRHsM2C0dPL+7GYm3A1HZV/QVtCggchh8yHki+wKFodUUAXyGlfHxGtuo6xcxMqJJM9R/Q0ks4pl3YurU+oV5ctnBd1tMKsT6Ip5Q8Sd2/kZRbf3TkpF5CqBkme2Gydzik+U3sSfUgBwqh3YmlX06fdAbGXmuFnXaieQ5lX6XICJzjFCh1QWd1N9km+Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UD4hlyh5A0Lc0LoSqJrm5mVPZSwrWMISJIbWcW6uggg=; b=Ufi5CZQTReB//0tOr9OXrNTH/6816rZ0Cklbn3jZdE0xC/E2IWs1mbQw4dvy2nWKd6OQ8SzMVAR9vUCPCiuG233zUAIqn/sE79zYHrZ71zMbk1BFvwrab2h/YiZ7otWtRuuTO4iDc5M44z6H8M7uwpqPdh9QX1siZFKngSmNWY4=
Received: from BN6PR11MB1667.namprd11.prod.outlook.com (2603:10b6:405:e::12) by BN6PR11MB1604.namprd11.prod.outlook.com (2603:10b6:405:e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20; Mon, 4 May 2020 13:28:58 +0000
Received: from BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::39d9:b3b4:a981:2bd7]) by BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::39d9:b3b4:a981:2bd7%7]) with mapi id 15.20.2958.030; Mon, 4 May 2020 13:28:58 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Ladislav Lhotka <lhotka@nic.cz>
CC: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-opsawg-tacacs-yang.all@ietf.org" <draft-ietf-opsawg-tacacs-yang.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
Thread-Index: AQHWIhZNeouoMcD1DkCN7EcqHat8SqiX678A
Date: Mon, 04 May 2020 13:28:57 +0000
Message-ID: <D8227036-7D3C-4CE5-97EA-5FFC5A2392D3@cisco.com>
References: <158859819282.16144.11762511824828734226@ietfa.amsl.com>
In-Reply-To: <158859819282.16144.11762511824828734226@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: nic.cz; dkim=none (message not signed) header.d=none;nic.cz; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [70.231.19.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5372beb3-42a8-47bd-fa18-08d7f02f19af
x-ms-traffictypediagnostic: BN6PR11MB1604:
x-microsoft-antispam-prvs: <BN6PR11MB1604882E107248BADC792DB8B8A60@BN6PR11MB1604.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03932714EB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9KxoJQRf9QRaoM+hPiJ9/Ajubqdz6BbpvFaimQLqN/xvm3NFQI595ThrCJ+4D68RJrK4yYMKLln8mXlEB4K74fURA6lxPZg5t6zX3IcZLOLlCSQ3Zuk+lEw7FGVb9ITHMRS27hLbFDaNNcD5f28v4HJojdgXxuiWqCVDQg2RxWScBjoahg6plKSAs0WHjrfqTrfYpjN3nEHrD2pnhOEYlMAI3J8uoYBuEpY4lbEY9aLk4rdK0DnYLZsgt9XApOewSaJgQUH7XpmA+m/nRWp9UeqLOC7v6vSg6lTlmSg1sl/SJ2OaK+WjoFE2ivKevUCAcNEMaVAivWZik19QQKFr/pZgcBDHehx0pGzDMcWjNq2tyE4LtjAiBSn9AED44LIjkahQAKk41aMW2K+33253ikEjWtFek9McWfP36tBOW8xzDSMjVxJFiggr/RO26/xQ/RJrme6EpnbdVvIoH0sjXm5R0kDM/QbuDPCWB3i/ymvuPDSXv2I4SCNjCViWw+ZD0HEDzi0xMwtkeqfZSNUwfA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1667.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(136003)(366004)(376002)(346002)(186003)(86362001)(36756003)(5660300002)(71200400001)(26005)(66476007)(66446008)(76116006)(66556008)(64756008)(966005)(478600001)(2906002)(66946007)(91956017)(4326008)(6916009)(6506007)(53546011)(2616005)(54906003)(316002)(33656002)(8936002)(6512007)(6486002)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /R/hdkm44eFuDrmj43OqXBSWqLJyrp3KY75HrLkL90ELWwYIEXllzeHC3cIY6BvPFtYOJSLI9tEYjzbVaJLU+9ZN1iookqWXWcG9h7YRsGGqaoCdv0sKP4xepmyW1SBWCyDNo3G0fNOgb7iLitgrHijouOV7O3ZXuY0M5emMBvcTyQmKgysLkkSUaLkkfAOR/HrlL0HWsuZCIyJ2MfsLDQtealaEyPqgTx5fJa54TWte/VC0s/ssQ3ncYI2u6/1Mg8Aj1vvBgVknNf2HYBlpNRU0hOLDmUybGjdiv6/w3j1NS4qEigO64gyp+KMXbBc2zb6Qa+LmfsJbATf6i9ZahqlPMddCMA9roPwpGMDaf9KFtWtvUd1s5wWXgdCtlhtB/betVi38T2Gfomx49eljVep2BLMiCxmWiU99OwH55QuMV+ST822RevFQk6jmtHEWwSJ1dNIzrG8qQ/3RDjGCiuWz1tbQSebaYo5Ghkf/82+7es2GQBJjtgqX9Sk0SjxQaj+j5bgHkZtDBSm+sv6a5qzqtWRzmJuNMKv2IL/lU9xwdmmCwFIhPA2u+7Zhn1Wl6dp98eUQWvIBvyWU4g6rtrVO0RD8v74IJfR3d/nRiJEC+w/9P0fq9fh5uU5k687Hpb7gXBzvpXdVJJMDnA3MmH9mqGf1rE4ApXtfxt3WcjZLhvBOn1mls2Y439cDzBLWnmGz5vJz52cE3NecIgJ0tOaPblVmEw921PTY8Ds1Lj/tZZ46ATStEZQEFH2jIrZ/IvaEEJZ/Mpmts3eI0OfqPUnjNZ0UeZax9olZOvcEfWQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_D82270367D3C4CE597EA5FFC5A2392D3ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5372beb3-42a8-47bd-fa18-08d7f02f19af
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2020 13:28:57.9557 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: J+8++OGxGT5ou4XIuL57d73Zn9noDnB3CQvXhim4MaZdv1NpfyUcLicEwEEjJWtjWdkMXCovwE36fN1oezBNFg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1604
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/eesYD3bB3WQfbG4w8FyOgiOmkmQ>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 13:29:05 -0000
Thank you for your review, Lada. One item came up in WGLC about the server-type leaf (and you have called that out below). Right now, this is an enumeration. As you say (and also Tom Petch pointed out) that typically a server will have multiple types (i.e., a server will be used for authn, authz, and acct). So Bo proposed a leaf-list solution whereby one could specify multiple values for server-type. Tom counter-proposed a bit string (akin to chmod and NACM CRUDX handling). As a contributor, I liked the leaf-list idea, but Tom is still leaning toward the bit string. We wanted to get YAND Doc’s opinion on this. The full thread can be found at https://mailarchive.ietf.org/arch/msg/opsawg/Q_ov6M-PZF4rlsCae0qZh1aE6tg/ . If you could provide some guidance on this that would be appreciated. Joe On May 4, 2020, at 09:16, Ladislav Lhotka via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Reviewer: Ladislav Lhotka Review result: Ready with Nits The YANG module specified in this I-D defines a relatively simple augmentation of the "ietf-system" module that enables configuration of TACACS+ authentication. The ietf-system-tacacsplus module is in a good shape, I found no substantial problems. **** Comments - In sec. 3, the text says: 'The ietf-system-tacacsplus module is intended to augment the "/sys:system" path defined in the ietf-system module with "tacacsplus" grouping.' It would be more precise to say '... with the contents of the "tacacsplus" grouping.' - Description of the leaf /ietf-system-tacacsplus:tacacsplus/statistics/sessions is cryptic and unclear. - Typo in error-message of /ietf-system:system/ietf-system-tacacsplus:tacacsplus: s/sysytem/system/ - Is it correct that the server type may be either one of "authentication", "authorization" or "accounting", or all of them? Is it impossible for a server to be authentication & authorization but not accounting? Such a variant cannot be configured. - The "case" statements in ietf-system-tacacsplus:tacacsplus/source-type are unnecessary because each contains only one leaf of the same name; I suggest to remove them. - Security Considerations should specifically address the "shared-secret" leaf. - The purpose of Appendix A is unclear, the information it provides is (or should be) in the previous text, the YANG module, and RFC 7317. Instead, it would be useful to provide an example of TACACS+ configuration, e.g. in JSON representation.
- [yang-doctors] Yangdoctors last call review of dr… Ladislav Lhotka via Datatracker
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- [yang-doctors] [Ladislav Lhotka] Re: Yangdoctors … Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… tom petch
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… john heasley
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Wubo (lana)
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… john heasley
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Wubo (lana)