[yang-doctors] [Ladislav Lhotka] Re: Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
Ladislav Lhotka <ladislav.lhotka@nic.cz> Tue, 05 May 2020 14:31 UTC
Return-Path: <ladislav.lhotka@nic.cz>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4C73A077F; Tue, 5 May 2020 07:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42n9rBcUOmT8; Tue, 5 May 2020 07:31:54 -0700 (PDT)
Received: from trail.lhotka.name (trail.lhotka.name [77.48.224.143]) by ietfa.amsl.com (Postfix) with ESMTP id D84C13A0538; Tue, 5 May 2020 07:31:53 -0700 (PDT)
Received: by trail.lhotka.name (Postfix, from userid 109) id F25BA86007F; Tue, 5 May 2020 16:31:52 +0200 (CEST)
Received: from localhost (unknown [172.29.2.100]) by trail.lhotka.name (Postfix) with ESMTPSA id 04F56860052; Tue, 5 May 2020 16:31:52 +0200 (CEST)
From: Ladislav Lhotka <ladislav.lhotka@nic.cz>
To: opsawg@ietf.org, YANG Doctors <yang-doctors@ietf.org>
References: <87zhamsc04.fsf@nic.cz>
Date: Tue, 05 May 2020 16:31:51 +0200
Message-ID: <87r1vysbag.fsf@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/v9CvnsfYGc0nW8iyU-W_twcCRW8>
Subject: [yang-doctors] [Ladislav Lhotka] Re: Yangdoctors last call review of draft-ietf-opsawg-tacacs-yang-03
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 14:31:56 -0000
Resending to the mailing lists - I changed my company mail address to ladislav.lhotka@nic.cz and it causes problems once in a while. Lada -------------------- Start of forwarded message -------------------- From: Ladislav Lhotka <lhotka@nic.cz> Date: Tue, 05 May 2020 16:16:27 +0200 "Joe Clarke (jclarke)" <jclarke@cisco.com> writes: > Thank you for your review, Lada. One item came up in WGLC about the server-type leaf (and you have called that out below). > > Right now, this is an enumeration. As you say (and also Tom Petch > pointed out) that typically a server will have multiple types (i.e., In fact, Tom pointed out other things that I also had in my review (I didn't know about that thread before, I swear:-). > a server will be used for authn, authz, and acct). So Bo proposed a > leaf-list solution whereby one could specify multiple values for > server-type. Tom counter-proposed a bit string (akin to chmod and > NACM CRUDX handling). As a contributor, I liked the leaf-list idea, > but Tom is still leaning toward the bit string. We wanted to get > YAND Doc’s opinion on this. I was also thinking about the "bits" type, it is IMO designed for cases like this. Note that in XML or JSON representation (not in CBOR, though), the on-the-wire instance encoding is also self-describing, e.g. <server-type>authentication authorization</server-type> Lada > > The full thread can be found at https://mailarchive.ietf.org/arch/msg/opsawg/Q_ov6M-PZF4rlsCae0qZh1aE6tg/ . If you could provide some guidance on this that would be appreciated. > > Joe > > On May 4, 2020, at 09:16, Ladislav Lhotka via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: > > Reviewer: Ladislav Lhotka > Review result: Ready with Nits > > The YANG module specified in this I-D defines a relatively simple augmentation > of the "ietf-system" module that enables configuration of TACACS+ > authentication. The ietf-system-tacacsplus module is in a good shape, I found > no substantial problems. > > **** Comments > > - In sec. 3, the text says: 'The ietf-system-tacacsplus module is intended to > augment the "/sys:system" path defined in the ietf-system module with > "tacacsplus" grouping.' It would be more precise to say '... with the contents > of the "tacacsplus" grouping.' > > - Description of the leaf > /ietf-system-tacacsplus:tacacsplus/statistics/sessions is cryptic and unclear. > > - Typo in error-message of > /ietf-system:system/ietf-system-tacacsplus:tacacsplus: s/sysytem/system/ > > - Is it correct that the server type may be either one of "authentication", > "authorization" or "accounting", or all of them? Is it impossible for a server > to be authentication & authorization but not accounting? Such a variant cannot > be configured. > > - The "case" statements in ietf-system-tacacsplus:tacacsplus/source-type are > unnecessary because each contains only one leaf of the same name; I suggest to > remove them. > > - Security Considerations should specifically address the "shared-secret" leaf. > > - The purpose of Appendix A is unclear, the information it provides is (or > should be) in the previous text, the YANG module, and RFC 7317. Instead, it > would be useful to provide an example of TACACS+ configuration, e.g. in JSON > representation. > > > -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67 -------------------- End of forwarded message -------------------- -- Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 0xB8F92B08A9F76C67
- [yang-doctors] Yangdoctors last call review of dr… Ladislav Lhotka via Datatracker
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- [yang-doctors] [Ladislav Lhotka] Re: Yangdoctors … Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… Wubo (lana)
- Re: [yang-doctors] Yangdoctors last call review o… tom petch
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Ladislav Lhotka
- Re: [yang-doctors] Yangdoctors last call review o… Joe Clarke (jclarke)
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… john heasley
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Wubo (lana)
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… john heasley
- Re: [yang-doctors] [Last-Call] Yangdoctors last c… Wubo (lana)