Thanks Andy for valuable review, please see my reply inline below.
发件人: Andy Bierman [mailto:[email protected]]
发送时间: 2019年11月2日 6:42
收件人: Kent Watsen <[email protected]>
抄送: [email protected]; [email protected]
主题: Re: [netmod] I-D Action: draft-ietf-netmod-factory-default-05.txt
Hi,
I have read draft-ietf-netmod-factory-default-05 and have the following
comments:
* sec 2. Specifying factory-reset content
This section uses SHALL (equivalent to MUST) to declare the implementation
details for
the server to load the factory-default content. This is not appropriate for a
server implementation detail.
What hard to the Internet is caused if the server has some other way to load
the factory config?
This section should be removed.
[Qin]:how about change SHALL into MAY?
point 1 is unclear what it means to derive the factory-config from the current
config.
[Qin]: It means the factory-config content may be specified by
<factory-default>datastore if it exists, I will make this clear in the text.
point 2 specifies a file format but there is no way to specify the file. What
is the value added here?
Some servers can use an XML file (and will continue to do so, per point 3).
[Qin]: how about change the text as follows:
“
2. by vendors using a file in YANG Instance Data
[I-D.ietf-netmod-yang-instance-file-format] format or some other
format in vendor's website or other places where similar off-line
documents are kept;
”
Why would this document specify that a dynamic datastore SHALL be empty upon
reset?
This is an implementation detail or a standard detail for some future work.
[Qin]: Okay, how about just remove this restriction.
* Sec. 4: rpc factory-reset
This RPC has no NACM protections.
There should be a nacm:default-deny-all extension added to restrict access.
The client invoking the RPC MUST have permission to write all the existing
config
that is being replaced with factory-reset contents.
[Qin]: Will add nacm:default-deny-all on this RPC.
There is no mention of any operational disruption caused by setting the config
to factory-reset contents.
This will vary greatly depending on the implementation and current config.
What if the config includes session and client config?
This RPC can prevent any further management of the device.
That seems worth mentioning in the security considerations.
[Qin]: Good input, will document this in the security section.
Overall the draft provides useful functionality so I support its publication.
(BTW, my name is also misspelled in the draft)
[Qin]: Apologize, will fix this.
Andy
On Fri, Nov 1, 2019 at 8:22 AM Kent Watsen
<[email protected]<mailto:kent%[email protected]>> wrote:
This begins a two-week Working Group Last Call (WGLC) on
draft-ietf-netmod-factory-default-05. The WGLC ends on Nov 15 (two days before
the NETMOD 106 session). Please send your comments to the working group
mailing list.
Positive comments, e.g., "I've reviewed this document and believe it is ready
for publication", are welcome! This is useful and important, even from
authors. Objections, concerns, and suggestions are also welcomed at this time.
Thank you,
NETMOD Chairs
On Nov 1, 2019, at 1:59 AM,
[email protected]<mailto:[email protected]> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Network Modeling WG of the IETF.
Title : Factory Default Setting
Authors : Qin Wu
Balazs Lengyel
Ye Niu
Filename : draft-ietf-netmod-factory-default-05.txt
Pages : 11
Date : 2019-10-31
Abstract:
This document defines a method to reset a server to its factory-
default content. The reset operation may be used e.g. during initial
zero-touch configuration or when the existing configuration has major
errors, so re-starting the configuration process from scratch is the
best option.
A new factory-reset RPC is defined. Several methods of documenting
the factory-default content are specified.
Optionally a new "factory-default" read-only datastore is defined,
that contains the data that will be copied over to the running
datastore at reset.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-netmod-factory-default/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-netmod-factory-default-05
https://datatracker.ietf.org/doc/html/draft-ietf-netmod-factory-default-05
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-netmod-factory-default-05
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at
tools.ietf.org<http://tools.ietf.org>.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
netmod mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/netmod
_______________________________________________
netmod mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/netmod
_______________________________________________
netmod mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/netmod
