Tom: Thank you for your interesting perspective. I think that your observation here that states:
"YANG, like Security, is an arcane subject but knowledge of it is now widespread, inside and outside the IETF. Where I think that I see the YANG work go wrong, in several WG, is at the start, getting the structure, the scope, wrong and that is hard to change later so may not get changed (my comments on the lack of a common I2NSF I-D, module, definitions and so on, are in that vein). Security, by contrast, can often be fixed late in the day with a judicious tweak to Security Considerations or by the addition of nacm:default deny-all in the YANG." I agree that Yang and Security are arcane subjects. Some people say BGP is arcane as well. Some say the IP, TCP, internet stuff is arcane. Having sat in this WG since the beginning, disagree that it has been easy to judge the structure, scope and set-up initially. Especially, when these models started (pre-NDMA, RFC8342). I also think that the WG had more guidance at the front of the process. Including Adrian (one WG chair) who has a fairly deep knowledge on this topic. In my humble opinion, I think this working group (I2NSF) is trying to change security's paradigm. I agree with you that it is at the heart of cross-area struggles. It is at the nexus of security, yang, TCP/IP, and others. Where would you put these models? That's the real question. Today's attempts (post-NDMA, caused by I2RS struggles), will be wiser than the original models. IMHO - The chaos in the Yang world led to many initially questionable choices. Paul, his team and you have done a fabulous job at the working through refactoring. I support the re-chartering because I would like to allow the group to try additional security Yang models. If there are other groups chomping at the bit to create security Yang models, then perhaps the work can move. I still believe in the Yang data-driven dream. Sue -----Original Message----- From: I2nsf [mailto:[email protected]] On Behalf Of t petch Sent: Thursday, March 24, 2022 7:22 AM To: Roman Danyliw; Susan Hares; [email protected] Subject: Re: [I2nsf] Comments on re-chartering On 22/03/2022 10:54, Roman Danyliw wrote: > Hi Sue! > >> -----Original Message----- >> From: Susan Hares <[email protected]> >> Sent: Sunday, March 20, 2022 6:35 PM >> To: Roman Danyliw <[email protected]>; [email protected] >> Subject: RE: [I2nsf] Comments on re-chartering >> >> Roman: >> >> Security has created very few Yang modules. Therefore, you do not have >> experience with the lengthy cycle for this work. Ask Rob Wilton about the >> versioning efforts or ask Alvaro regarding the routing yang models. Or >> look at the BGP model for complexity. > > ... > >> For example, I would like to get the I2NSF IP-SEC model adapted so >> that we can use it in the BGP model. This takes chatting with the >> folks in I2NSF who are experts. > > I've consulted with my peer-SEC ADs. If the community has interest to more closely align this activity with the larger critical mass of work in Yang modules in the IETF, we would be supportive of moving I2NSF to the OPS Area to finish the remaining work or evolve it as appropriate. YANG, like Security, is an arcane subject but knowledge of it is now widespread, inside and outside the IETF. Where I think that I see the YANG work go wrong, in several WG, is at the start, getting the structure, the scope, wrong and that is hard to change later so may not get changed (my comments on the lack of a common I2NSF I-D, module, definitions and so on, are in that vein). Security, by contrast, can often be fixed late in the day with a judicious tweak to Security Considerations or by the addition of nacm:default deny-all in the YANG. With the work of I2NSF so far, I see few YANG problems of any account, apart from the one I mentioned. By contrast, I have seen many issues arising from a lack of familiarity with core IETF protocols - IP, ICMP, TCP. DCCP, HTTP, POP3 and so on - and the most recent set of I-D may repeat that pattern. My knowledge of these protocols is basic but is enough to see over and over again that the I-D needs changing or that a change made is inappropriate. Given the wide scope of the current I2NSF I-D, I find it hard to suggest a better home for them; rather, they would have benefitted from ...art reviews at an earlier stage. If the focus changes, for example to provide a focus on BGP, then a move to an Area or WG with skills in that focus would seem prudent. The Security Area, as I have commented before, is lagging in producing YANG modules for others to use and other WG have stepped in, with or without success; the Routing Area, by contrast, has produced a wealth of material but I do not see YANG skills, or lack thereof, as a factor in the current work of the I2NSF WG; rather a lack of familiarity with the other work of the IETF Tom Petch. > Regards, > Roman > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > . > _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
