Hi Jan, >> It is also notable that RFC 8341 say nothing about the fact that clients >> effected by NACM may not be able to pass validation (it’s not even >> mentioned). > > That a client with insufficient privileges may have trouble understanding or > controlling a server is no surprise to me. I don't quite see why you think > this observation is relevant for the discussion about whether a datastore is > valid or not?
It’s related to if offline validation can succeed or not. Effectively, all but the "recovery session” clients will not be able to offline-validate an update to <running> prior to pushing config to the server. That RFC 8341 doesn’t even mention this fact suggests that “validation” is a concept that only manifests in servers. Just pointing to evidence of precedence is all. Of course, I strongly support client-validation prior to push. My recommendation is that clients, when interacting with an NMDA-server, learn how to “cook” <intended> and validate that instead of just <running>. The question is what to do about legacy clients? First, we need to discuss what an “aware” (i.e., not “legacy”) client is. It seems that “awareness" would have to be more than just understanding that <intended> exists; the client would also have to understand each “cooking” step (pruning inactive nodes, expanding templates, merging system nodes, etc.) the server supports. There would need to be a client- compatibility check such that, if the client doesn’t understand all of the steps, then it must NOT proceed (aside: this reminds me of the “critical” extension that Lada and I discussed before). Actually, we might consider reversing the handshake and instead have the client present to the server a list of all the “critical” things it understands and for the server to effectively drop the client if it’s missing anything, since clients cannot predict what new critical things may arise, there could be no false-positives. Warning, we’re deep into NETCONF-next and RESTCONF-next territory here. It might turn out that the server, once upgraded to support “next” stuff, can ONLY interact with next-clients. If so, there would be never be a mix of legacy and not-legacy clients, and thus this entire hybrid-client compatibility concern disappears. K. // contributor _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
