Hi, I have read draft-ietf-netmod-factory-default-05 and have the following comments:
* sec 2. Specifying factory-reset content This section uses SHALL (equivalent to MUST) to declare the implementation details for the server to load the factory-default content. This is not appropriate for a server implementation detail. What hard to the Internet is caused if the server has some other way to load the factory config? This section should be removed. point 1 is unclear what it means to derive the factory-config from the current config. point 2 specifies a file format but there is no way to specify the file. What is the value added here? Some servers can use an XML file (and will continue to do so, per point 3). Why would this document specify that a dynamic datastore SHALL be empty upon reset? This is an implementation detail or a standard detail for some future work. * Sec. 4: rpc factory-reset This RPC has no NACM protections. There should be a nacm:default-deny-all extension added to restrict access. The client invoking the RPC MUST have permission to write all the existing config that is being replaced with factory-reset contents. There is no mention of any operational disruption caused by setting the config to factory-reset contents. This will vary greatly depending on the implementation and current config. What if the config includes session and client config? This RPC can prevent any further management of the device. That seems worth mentioning in the security considerations. Overall the draft provides useful functionality so I support its publication. (BTW, my name is also misspelled in the draft) Andy On Fri, Nov 1, 2019 at 8:22 AM Kent Watsen <[email protected]> wrote: > > This begins a two-week Working Group Last Call (WGLC) on > draft-ietf-netmod-factory-default-05. The WGLC ends on Nov 15 (two days > before the NETMOD 106 session). Please send your comments to the working > group mailing list. > > Positive comments, e.g., "I've reviewed this document and believe it is > ready for publication", are welcome! This is useful and important, even > from authors. Objections, concerns, and suggestions are also welcomed at > this time. > > Thank you, > NETMOD Chairs > > > > > On Nov 1, 2019, at 1:59 AM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Network Modeling WG of the IETF. > > Title : Factory Default Setting > Authors : Qin Wu > Balazs Lengyel > Ye Niu > Filename : draft-ietf-netmod-factory-default-05.txt > Pages : 11 > Date : 2019-10-31 > > Abstract: > This document defines a method to reset a server to its factory- > default content. The reset operation may be used e.g. during initial > zero-touch configuration or when the existing configuration has major > errors, so re-starting the configuration process from scratch is the > best option. > > A new factory-reset RPC is defined. Several methods of documenting > the factory-default content are specified. > > Optionally a new "factory-default" read-only datastore is defined, > that contains the data that will be copied over to the running > datastore at reset. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-netmod-factory-default-05 > https://datatracker.ietf.org/doc/html/draft-ietf-netmod-factory-default-05 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-netmod-factory-default-05 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > netmod mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/netmod > > > _______________________________________________ > netmod mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/netmod >
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
