Tue, Nov 05, 2019 at 07:47:12AM +0000, Schönwälder, Jürgen: > Yes to your point. > > But every time I read the phrase "setting some security data/passwords > to the default value" I am feeling uneasy. The notion of 'default > passwords' is scary and a knob to restore default passwords even more > so. Perhaps the text should say instead 'removing security credentials > and restoring default security settings'.
Yes, I'm suggesting that this "clearing" be a requirement, even if the operator has the choice between clear "only the configuration" and "everything." "might" -> "MUST". The fine line between too vague and too much detail must be found. >>> In addition,the "factory-reset" RPC MUST restore storage to factory condition, including remove log files, remove temporary files, remove certificates, keys, etc zero passwords, <insert other things> The process (SHOULD|MUST) zero/pattern-write then remove sensitive files such as the TLS keys, configuration stores, etc. The RPC MAY provide an option to limit the actions to factory reset of the configuration. _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
