Hi Kent, Please see inline.
Cheers, Med De : Kent Watsen <[email protected]> Envoyé : mercredi 28 février 2024 16:35 À : BOUCADAIR Mohamed INNOV/NET <[email protected]> Cc : [email protected]; [email protected] Objet : Re: [netmod] Next steps for draft-ietf-netmod-rfc8407bis Hi Med, I’ve been slow to provide follow-up responses to you regarding the "Adherence to the NMDA" and "Security Considerations" sections, which I have refined even more since our last interactions here. 1) In the Adherence to the NMDA section, I know that I pushed before to invert the recommendation from before, along with a promise to then eliminate the section from all my drafts. But then I looked at all my drafts and found that I was saying some pretty meaningly things. I think that my current position is now “neutral” - that is, don’t say how it is NMDA-compliant (as all YANG modules SHOULD be now) nor say how it is not compliant (as none SHOULD be), but rather say what might be useful to say. This may be unique to these drafts, as they partially depend on the existence of an <operational> datastore, which is define by NMDA. To get a feel for what I mean, check out these sections: https://datatracker.ietf.org/doc/html/draft-ietf-netconf-crypto-types#section-1.3 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-trust-anchors#section-1.3 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-keystore#section-1.4 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-tcp-client-server#section-1.3 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-ssh-client-server#section-1.4 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-tls-client-server#section-1.4 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-http-client-server#section-1.3 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-netconf-client-server#section-1.3 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-restconf-client-server#section-1.3 [Med] I think these are compliant with the text in -09 If the document contains major Network Management Datastore Architecture (NMDA) exceptions or include a temporary non-NMDA module [RFC8342], then the Introduction section should mention this fact with the reasoning that motivated that design. Refer to Section 4.23 for more NMDA-related guidance. Specifically, Section 4.23.2 includes a recommendation for designers to describe and justify any NMDA exceptions in detail as part of the module itself. 2) In the Security Considerations section, the template should be amended to have the following paragraph: Please be aware that this YANG module uses groupings from other YANG modules that define nodes that may be considered sensitive or vulnerable in network environments. Please review the Security Considerations for dependent YANG modules for information as to which nodes may be considered sensitive or vulnerable in network environments. [Med] We need to be careful for this one as the document that defines the grouping may not include that analysis (because those are not used as data nodes). Here is a proposal for discussion: NEW: == -- if your YANG module reuses groupings from other modules and -- the document that specifies these groupings also -- includes those as data nodes, then add this text to remind -- the specific sensitivity or vulnerability of reused nodes. This YANG module uses groupings from other YANG modules that define nodes that may be considered sensitive or vulnerable in network environments. Refer to the Security Considerations of <RFC-insert-numbers> for information as to which nodes may be considered sensitive or vulnerable in network environments. -- if your YANG module does not define any data nodes, then -- add the following text The YANG module defines a set of identities, types, and groupings. These nodes are intended to be reused by other YANG modules. The module by itself does not expose any data nodes that are writable, data nodes that contain read-only state, or RPCs. As such, there are no additional security issues related to the YANG module that need to be considered. Modules that use the groupings that are defined in this document should identify the corresponding security considerations. For example, reusing some of these groupings will expose privacy-related information (e.g., 'node-example'). === Below is top of mind, but I invite/encourage you to read said sections (and the IANA Considerations section too) in, e.g., https://datatracker.ietf.org/doc/html/draft-ietf-netconf-ssh-client-server to see if I missed anything. [Med] Noted, thanks. Kent On Feb 28, 2024, at 4:51 AM, [email protected]<mailto:[email protected]> wrote: Hi all, I think that this version is ready for the WGLC. The document fully covers the items promised when requesting adoption [1]. As listed in the ACK section, we also solicited and integrated feedback from many yangdoctors, solicited SAAG WG to review the security text, etc. Refer to 1.1 for a comprehensive list of the changes. Cheers, Med [1] Slide#7 of https://datatracker.ietf.org/meeting/117/materials/slides-117-netmod-7-guidelines-for-authors-and-reviewers-of-documents-containing-yang-data-models-00 -----Message d'origine----- De : I-D-Announce <[email protected]<mailto:[email protected]>> De la part de [email protected]<mailto:[email protected]> Envoyé : mercredi 28 février 2024 10:01 À : [email protected]<mailto:[email protected]> Cc : [email protected]<mailto:[email protected]> Objet : I-D Action: draft-ietf-netmod-rfc8407bis-09.txt Internet-Draft draft-ietf-netmod-rfc8407bis-09.txt is now available. It is a work item of the Network Modeling (NETMOD) WG of the IETF. Title: Guidelines for Authors and Reviewers of Documents Containing YANG Data Models Authors: Andy Bierman Mohamed Boucadair Qin Wu Name: draft-ietf-netmod-rfc8407bis-09.txt Pages: 84 Dates: 2024-02-28 Abstract: This memo provides guidelines for authors and reviewers of specifications containing YANG modules, including IANA-maintained modules. Recommendations and procedures are defined, which are intended to increase interoperability and usability of Network Configuration Protocol (NETCONF) and RESTCONF protocol implementations that utilize YANG modules. This document obsoletes RFC 8407. Also, this document updates RFC 8126 by providing additional guidelines for writing the IANA considerations for RFCs that specify IANA-maintained modules. The IETF datatracker status page for this Internet-Draft is: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata<https://data/> tracker.ietf.org%2Fdoc%2Fdraft-ietf-netmod- rfc8407bis%2F&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C51672231 30c943a5a4c608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C 638447076716455966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=s5VX9Hb%2Fl P9v5QurysF69syyEyba9yYss7xd7K5E2FE%3D&reserved=0 There is also an HTML version available at: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww<https://www/>. ietf.org%2Farchive%2Fid%2Fdraft-ietf-netmod-rfc8407bis- 09.html&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C5167223130c943 a5a4c608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C638447 076716464395%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Br3nHahSq8OV24f hFxBkJaqY43Q0GUxcbPZSFhji4uk%3D&reserved=0 A diff from the previous version is available at: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauth<https://auth/> or-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-netmod-rfc8407bis- 09&data=05%7C02%7Cmohamed.boucadair%40orange.com%7C5167223130c943a5a4c 608dc383bce6b%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C63844707671 6470644%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC JBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zo%2FrtFJrYJkJXOceIpzR mlGAQF2c8m9Z%2F0vShl5o8gQ%3D&reserved=0 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ netmod mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/netmod ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
