Network Configuration Protocol (NETCONF)
draft-ietf-netconf-4741bis-10

[Ballot comment]
I am balloting Yes, but please check a couple of remaining comments.

4.3.  Element

  error-tag:  Contains a string identifying the error condition.  See
      Appendix A for allowed values.

Is the list of error conditions extensible? If yes, where can they be found? If not, it would be better to be explicit about this, in particular the document should mention that addition of a new error tag value would require capability version increment.

7.8. 

  Negative Response:

      An  element is included in the  if the
      request cannot be completed for any reason.

How is this possible? What can the client do next if the operation fails?


[I haven't checked if the following were addressed:]
I am also agreeing with David's DISCUSS points # 1 and # 2, and I also think that Peter's Comment point # 1 is worth being DISCUSS level.

[Ballot discuss]
1) should there be constraints on the basic format of username? if it is expected to be specified by an operator in config files or databases, should it be human-readable? ascii? utf-8?

2) should the format be predictable, so the operator can determine what the NC username will be, given a knowledge of the corresponding identifier in the secure transport protocol?

The crux of my discuss for 4741bis is that the netconf username will be used by other things, such as CLIs, scripts, YANG, etc. and should be in a format compatible with expected usage.
Expected usage appears to include embedding in XML documents, YANG data models, native CLI handling, and string matching (such as during lookup in a proprietary or standardized access control system).

I don't care whether the format of the netconf username is compatible with section 2.2 of the XML specification, or with RFC 6020's string data type, or ascii, or some other choice of the WG (although I recommend using something standardized).

The (implicit) expectation should be made explicit in documentation (and I think 4741bis makes the most sense to define the expected format of a netconf username).

dbh

[Ballot discuss]
1) should there be constraints on the basic format of username? if it is expected to be specified by an operator in config files or databases, should it be human-readable? ascii? utf-8?

2) should the format be predictable, so the operator can determine what the NC username will be, given a knowledge of the corresponding identifier in the secure transport protocol?

3) commit MUST revert at 600 secs, but timeout is configurable., what if somebody sets it to 700 seconds? MUST it still revert at 600? Can a low timeout cause a denial of service?
** resolved by an RFC Editor note **

[Ballot discuss]
This is a well written document and I am planning to ballot Yes once my comments are resolved/discussed.

1).
7.3. 

  Example:

   
     
       
         
       
       
          https://user@example.com:passphrase/cfg/new.txt

This doesn't seem to be a valid HTTPS URI (note, you have the passphrase where the port number is).

[Ballot comment]
1.3.  Capabilities

  A NETCONF capability is a set of functionality that supplements the
  base NETCONF specification.  The capability is identified by a
  uniform resource identifier (URI).

A normative reference ("[5]") is needed here.

3.  XML Considerations

  All NETCONF messages MUST be well-formed XML, encoded in UTF-8.

A Normative reference to UTF-8 is needed here.

4.3.  Element

  error-tag:  Contains a string identifying the error condition.  See
      Appendix A for allowed values.

Is the list of error conditions extensible? If yes, where can they be found?

7.8. 

  Negative Response:

      An  element is included in the  if the
      request cannot be completed for any reason.

How is this possible? What can the client do next if the operation fails?

7.9. 

Comment: I am missing some text here about authorization to kill other sessions.
Is any NETCONF session A can kill any session B?

I think this is covered by the Security Considerations, but a reader wouldn't
find this information until much later in the document.

8.1.  Capabilities Exchange

  A server receiving a  element MUST close the NETCONF
  session.  Similarly, a client that does not receive a
  element in the server's  message MUST close the NETCONF
  session.

Do you mean by sending ?


I am also agreeing with David's DISCUSS points # 1 and # 2, and I also think that Peter's Comment point # 1 is worth being DISCUSS level.

[Ballot discuss]
This is a well written document and I am planning to ballot Yes once my comments are resolved/discussed.

1).
7.3. 

  Example:

   
     
       
         
       
       
          https://user@example.com:passphrase/cfg/new.txt

This doesn't seem to be a valid HTTPS URI (note, you have the passphrase where the port number is).

What is the format of the data being retrieved from the source for HTTPS/HTTP?

2).
8.1.  Capabilities Exchange


   
     
        urn:ietf:params:netconf:base:1.1
     
     
        urn:ietf:params:netconf:capability:startup:1.0
     
     
        http://example.net/router/2.3/myfeature

Does this mean that leading/trailing whitespaces are insignificant in the  data?
If it doesn't, then the example is incorrect and need fixing, e.g.:

  http://example.net/router/2.3/myfeature


     
   
    4
 

3).
8.8.5.1. 

  The :url capability modifies the  operation to accept
  the  element as an alternative to the  parameter.

8.8.5.2. 

  The :url capability modifies the  operation to accept
  the  element as the value of the  and the
  parameters.

  The file that the url refers to contains the complete datastore,
  encoded in XML under the element "config" in the
  "urn:ietf:params:xml:ns:netconf:base:1.0" namespace.

8.8.5.3. 

  The :url capability modifies the  operation to accept
  the  element as the value of the  parameters.

8.8.5.4. 

  The :url capability modifies the  operation to accept the
    element as the value of the  parameter.

How do these operations map to HTTP?

[Ballot comment]
Some comments from Ari Keränen:

4.3.  Element

Shouldn't the "t" namespace be defined in the error-path examples?


7.9. 

There is no discussion on who is allowed to kill whose sessions. I'd assume user is allowed to kills his own sessions (i.e., sessions associated with the same NETCONF username), but how about other sessions? If this is out of scope for this document, could at least say that it "depends on local policy".


8.3.5.1.  , , , and

       

Is really *any* operation (including ones defined in future documents) allowed here, or just one of the operations mentioned in the title? The text seems to imply the latter, but the example the former.


8.4.1.  Description

The confirmed-commit functionality is unclear. One paragraph (before the current 2nd paragraph) really explaining how this works would be helpful. That is, when/why would one send confirmed commit and what kind of messages/parameters you need at each stage.


8.6.4.1. 

        A validate operation can fail for any of the following reasons:

Would it be OK to fail validation for some other reason?


8.8.5.3. 

  The :url capability modifies the  operation to accept
  the  element as the value of the  parameters.

What should the server do if it gets URL in the delete-config? Delete the (local copy of the) config retrieved from the address pointed by the URL? Delete the file pointed by the URL?


Appendix C.  YANG Module for NETCONF Protocol Operations

      reference "RFC XXXX, section YYY";

Should add the correct section number (multiple times in the Appendix C).

[Ballot comment]
4.3.  Element

Shouldn't the "t" namespace be defined in the error-path examples?


7.9. 

There is no discussion on who is allowed to kill whose sessions. I'd assume user is allowed to kills his own sessions (i.e., sessions associated with the same NETCONF username), but how about other sessions? If this is out of scope for this document, could at least say that it "depends on local policy".


8.3.5.1.  , , , and

       

Is really *any* operation (including ones defined in future documents) allowed here, or just one of the operations mentioned in the title? The text seems to imply the latter, but the example the former.


8.4.1.  Description

The confirmed-commit functionality is unclear. One paragraph (before the current 2nd paragraph) really explaining how this works would be helpful. That is, when/why would one send confirmed commit and what kind of messages/parameters you need at each stage.


8.6.4.1. 

        A validate operation can fail for any of the following reasons:

Would it be OK to fail validation for some other reason?


8.8.5.3. 

  The :url capability modifies the  operation to accept
  the  element as the value of the  parameters.

What should the server do if it gets URL in the delete-config? Delete the (local copy of the) config retrieved from the address pointed by the URL? Delete the file pointed by the URL?


Appendix C.  YANG Module for NETCONF Protocol Operations

      reference "RFC XXXX, section YYY";

Should add the correct section number (multiple times in the Appendix C).

[Ballot discuss]
This is a placeholder DISCUSS which (by agreement with Dan) I am entering before I finish my review of the document before March 10th. Then I will either clear or enter a proper DISCUSS.

I am also agreeing with David's DISCUSS points # 1 and # 2, and I also think that Peter's Comment points # 1 and # 4 are worth being DISCUSS level.

[Ballot comment]
(1)

2.2.  paragraph 1 - last sentence is awkward.  In general connections are
encrypted "in" an algorithm (e.g., AES) or "using" a protocol (e.g., TLS).
Suggest:

s/encrypted in TLS [16] or SSH [14]/encrypted using TLS [16] or SSH [14]/

(2)

3.1.  Namespace

Should this text reference the namespace base:1.1 instead of base:1.0 ??

(3)

The example in 6.2.2 Attribute Match Expressions references containment nodes
and selection nodes, which are described in 6.2.3 and 6.2.4, respectively.

It might be cleaner to reorder as 6.2.2 Containment Nodes, 6.2.3 Selection Nodes,
and 6.2.4 Attribute Match Expressions so that concepts are introduced sequentially

(4)

Section 8.1  The following sentence implies that clients can attack other sessions
by guessing session-ids:

A server receiving a  element MUST close the NETCONF
  session.

I believe the intent was as follows:

A server receiving a  element that includes a  element
MUST ignore the session-id and close the NETCONF session.

If that is the intent, I suggest the latter wording.

(5)

Section 9.  Security Considerations, paragraph five states:

  Configuration information is by its very nature sensitive.  Its
  transmission in the clear and without integrity checking leaves
  devices open to classic eavesdropping attacks.  Configuration
  information often contains passwords, user names, service
  descriptions, and topological information, all of which are
  sensitive.  Because of this, this protocol SHOULD be implemented
  carefully with adequate attention to all manner of attack one might
  expect to experience with other management interfaces.

The clause "and without integrity checking" is not relevant to eavesdropping attacks.
Suggest:

s/classic eavesdropping attacks/classic eavesdropping and false data injection attacks/

[Ballot comment]
(1)

2.2.  paragraph 1 - last sentence is awkward.  In general connections are
encrypted "in" an algorithm (e.g., AES) or "using" a protocol (e.g., TLS).
Suggest:

s/encrypted in TLS [16] or SSH [14]/encrypted using TLS [16] or SSH [14]/

(2)

3.1.  Namespace

Should this text reference the namespace base:1.1 instead of base:1.0 ??

(3)

The example in 6.2.2 Attribute Match Expressions references containment nodes
and selection nodes, which are described in 6.2.3 and 6.2.4, respectively.

It might be cleaner to reorder as 6.2.2 Containment Nodes, 6.2.3 Selection Nodes,
and 6.2.4 Attribute Match Expressions so that concepts are introduced sequentially

(4) Section 9.  Security Considerations, paragraph five states:

  Configuration information is by its very nature sensitive.  Its
  transmission in the clear and without integrity checking leaves
  devices open to classic eavesdropping attacks.  Configuration
  information often contains passwords, user names, service
  descriptions, and topological information, all of which are
  sensitive.  Because of this, this protocol SHOULD be implemented
  carefully with adequate attention to all manner of attack one might
  expect to experience with other management interfaces.

The clause "and without integrity checking" is not relevant to eavesdropping attacks.
Suggest:

s/classic eavesdropping attacks/classic eavesdropping and false data injection attacks/

[Ballot comment]
1. DTDs are forbidden (presumably you mean internal or external DTD subsets in accordance with section 2.8 of the XML specification). What about comments, processing instructions, and internal or external entity references?

2. In Section 6.2.5, 'for which the  element is equal to "fred"' is more precisely expressed as 'for which XML character data of the  element is equal to "fred"'. (The same text occurs in Section 6.4.5.)

3. Section 6.4.3 states:

  In a real data model, the  would not
  likely be returned with the list of users for a particular host or
  network.

Why not?

4. In Section 7.5, is the server allowed to terminate a lock for reasons other than session closure? If not, it appears than an entity could maintain a lock indefinitely.

5. In Appendix B, it seems that some of the enumerated datatypes could be changed from xs:string to something more restrictive, such as xs:NMTOKEN (e.g., error types, error tags, error severity, edit operation type).

[Ballot comment]
1. DTDs are forbidden (presumably you mean internal or external DTD subsets in accordance with section 2.8 of the XML specification). What about comments, processing instructions, and internal or external entity references?

2. In Section 6.2.5, 'for which the  element is equal to "fred"' is more precisely expressed as 'for which XML character data of the  element is equal to "fred"'. (The same text occurs in Section 6.4.5.)

3. Section 6.4.3 states:

  In a real data model, the  would not
  likely be returned with the list of users for a particular host or
  network.

Why not?

4. In Section 7.5, is the server allowed to terminate a lock for reasons other than session closure? If not, it appears than an entity could maintain a lock indefinitely.

[Ballot comment]
1. DTDs are forbidden (presumably you mean internal or external DTD subsets in accordance with section 2.8 of the XML specification). What about comments, processing instructions, and internal or external entity references?

2. In Section 6.2.5, 'for which the  element is equal to "fred"' is more precisely expressed as 'for which XML character data of the  element is equal to "fred"'. (The same text occurs in Section 6.4.5.)

3. Section 6.4.3 states:

  In a real data model, the  would not
  likely be returned with the list of users for a particular host or
  network.

Why not?

[Ballot comment]
1. DTDs are forbidden (presumably you mean internal or external DTD subsets in accordance with section 2.8 of the XML specification). What about comments, processing instructions, and internal or external entity references?

2. In Section 6.2.5, 'for which the  element is equal to "fred"' is more precisely expressed as 'for which XML character data of the  element is equal to "fred"'.

[Ballot comment]
1. DTDs are forbidden (presumably you mean internal or external DTD subsets in accordance with section 2.8 of the XML specification). What about comments, processing instructions, and internal or external entity references?

2.

[Ballot comment]
I am entering a No Objection position on the basis of the Yes ballots fromt the Ops ADs.

Appendix C seems to claim that "this value is pre-determined by RFC 4741" but since 4741 is now obsoleted (by this document) you should find some new text.

[Ballot comment]
Section 2 should have a requirement that NETCONF transport that are to be used over the Internet MUST implement congestion control, in accordance with RFC2914. It can also simply note that all NETCONF transports that use TCP (such as the SSH transport) automatically fulfill this requirement.

(This really is a no-brainer. I just want to prevent a future argument when someone wants to do a "lightweight" NETCONF transport over UDP...)

[Ballot comment]
1) copyright in yang module needs updating.

2) appendix F doesn't mention dropping the local file requirement for URLs,

3) terminology should probably define username, not user. It is doubtful username is commonly referred, since it did not exist in 1.0.

4) I found the use of RFC2119 laniguage rather inconsistent. Some uses of "can" probbaly should have been MAY. Some uses of "are" probbaly should have been MUST, to ensure interoperability.

5) I support Lars' Discuss. There is no requirement to use a transport protocol that provides congestion control. If a transport is used that does not already provide congestion control, then the NC transport should provide congestion control. It is RECOMMENDED to use an existing transprt standard that provides congestion control.

[Ballot discuss]
1) should there be constraints on the basic format of username? if it is expected to be specified by an operator in config files or databases, should it be human-readable? ascii? utf-8?

2) should the format be predictable, so the operator can determine what the NC username will be, given a knowledge of the corresponding identifier in the secure transport protocol?

3) commit MUST revert at 600 secs, but timeout is configurable., what if somebody sets it to 700 seconds? MUST it still revert at 600? Can a low timeout cause a denial of service?

[Ballot discuss]
Section 2 should have a requirement that NETCONF transport that are to be used over the Internet MUST implement congestion control, in accordance with RFC2914. It can also simply note that all NETCONF transports that use TCP (such as the SSH transport) automatically fulfill this requirement.

(This really is a no-brainer. I just want to prevent a future argument when someone wants to do a "lightweight" NETCONF transport over UDP...)

IANA understands that, upon approval of this document, there are four
actions that IANA needs to complete.

First, in the IEFT XML namespace registry located at:

http://www.iana.org/assignments/xml-registry/ns.html

a new namespace is to be registered as follows:

ns: netconf:base:1.0
URI: urn:ietf:params:xml:ns:netconf:base:1.0
Registration template: NONE
Reference: [RFC-to-be]

Second, in the IANA XML schema registry located at:

http://www.iana.org/assignments/xml-registry/schema.html

a new schema is to be registered as follows:

ID: netconf
URI: urn:ietf:params:xml:schema:netconf
Filename: [as provided in Appendix B of the approved document]
Reference: [RFC-to-be]

Third, in the YANG Module Names subregistry of the Yang parameters
registry located at:

http://www.iana.org/assignments/yang-parameters/yang-parameters.xhtml

a new module is to be added to the registry as follows:

name: ietf-netconf
namespace: urn:ietf:params:xml:ns:netconf:base:1.0
prefix: nc
module: [left blank]
reference: [RFC-to-be]

Fourth, in the Network Configuration Protocol (NETCONF) Capability URNs
registry located at:

http://www.iana.org/assignments/netconf-capability-urns/netconf-capability-urns.xhtml

the references for the existing, registered URNs should be updated to
reference [RFC-to-be]. In addition, the matrix entry for the Network
Configuration Protocol (NETCONF) Capability URNs registry should be
updated to reference [RFC-to-be]. IANA understand that this document
adds no new registration to the the Network Configuration Protocol
(NETCONF) Capability URNs registry, but simply updates the references of
the existing registrations.

IANA understands that these are the only actions that need to be
completed upon approval of this document.

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Network Configuration Protocol (NETCONF)) to Proposed Standard


The IESG has received a request from the Network Configuration WG
(netconf) to consider the following document:
- 'Network Configuration Protocol (NETCONF)'
  as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-02-07. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-netconf-4741bis/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-netconf-4741bis/

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Bert Wijnen is the document shepherd.
Yes, I have reviewed the document many times, including this
version 7, that I believe is ready for forwarding to
the AD/IESG (this is a small, mainly editorial update after
the revision 06 was on HOLD in the AD Queue).

(1.b) Has the document had adequate review both from key WG
members and from key non-WG members? Does the Document
Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

The document has had wide review and re-reviews of NETCONF
WG members. I do not have any concerns regarding the level
of review for this document.

(1.c) Does the Document Shepherd have concerns that the
document needs more review from a particular or broader
perspective, e.g., security, operational complexity,
someone familiar with AAA, internationalization or XML?

I do not believe any extra special review (other than
normal IETF Last Call) is needed.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

I do not have any specific concerns.
No IPR disclosure been filed as far as we know.

(1.e) How solid is the WG consensus behind this document?
Does it represent the strong concurrence of a few individuals,
with others being silent, or does the WG as a whole understand
and agree with it?

The content of the document has strong WG consensus.

(1.f) Has anyone threatened an appeal or otherwise indicated
extreme discontent? If so, please summarise the areas of
conflict in separate email messages to the Responsible Area
Director. (It should be in a separate email because this
questionnaire is entered into the ID Tracker.)

No-one has threatened with an appeal or expressed extreme
discontent.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

Document passes ID-nits (as shown by the IETF idnits tool:
http://tools.ietf.org/idnits?url=http://tools.ietf.org/id/
draft-ietf-netconf-4741bis-07.txt

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

References are split in Normative and Informative. All normative
documents have been published except draft-ietf-netconf-rfc4742bis,
but that is also being submitted for IESG consideration as
proposed standard.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

IANA considerations are present and complete. No new namespaces are
created and so no new Expert is needed.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The YANG and XSD modules have been checked by Martin Bjorklund.
XSD also checked by co-chair Mehmet and I (Bert) have checked YANG.
Both are found to be valid.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

The Network Configuration Protocol (NETCONF) defined in
this document provides mechanisms to install, manipulate,
and delete the configuration of network devices. It uses
an Extensible Markup Language (XML)-based data encoding
for the configuration data as well as the protocol
messages. The NETCONF protocol operations are realized
as Remote Procedure Calls (RPC).

This revision of the document clarifies some text and
fixes some minor bugs as found from implementatition
experience of rfc4741.

Working Group Summary

The working group went over several versions of the
document. The comments and reviews helped improve the
document a lot and brought us to consensus on the
7th revision of the docuemnt.

Document Quality

There are implementations of this protocol, and in fact
the rfc4741bis revision is based on implementation
experience of that rfc.

State changed to AD is watching from Publication Requested.
At the request of the WG chairs the AD is watching while the WG debates the solution to the EOM problem which may lead to a revised ID.

Document write-up by Bert Wijnen:

(1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication?

Bert Wijnen is the document shepherd.
Yes, I have reviewed the document many times, including this version 6, that I believe is ready for forwarding to the AD/IESG.

(1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

The document has had wide review and re-reviews of NETCONF WG members. I do not have any concerns regarding the level of review for this document.

(1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML?

I do not believe any extra special review (other than normal IETF Last Call) is needed.

(1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue.

I do not have any specific concerns.
No IPR disclosure been filed as far as we know.

(1.e) How solid is the WG consensus behind this document?
Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

The content of the document has strong WG consensus.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.)

No-one has threatened with an appeal or expressed extreme discontent.

(1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html  and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews?

Document passes ID-nits (as shown by the IETF idnits tool:
http://tools.ietf.org/idnits?url=http://tools.ietf.org/id/
draft-ietf-netconf-4741bis-06.txt
There are no errors, but there are a few comments and warnings. We're addressing those, but we're in ID-cutoff, so we cannot submit a fixed version immediately.


(1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967].

References are split in Normative and Informative. All normative documents have been published except draft-ietf-netconf-rfc4742bis, but that is also being submitted for IESG consideration as proposed standard.

(1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation?

IANA considerations are present and complete. No new namespaces are created and so no new Expert is needed.

(1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker?

The YANG and XSD modules have been checked by Martin Bjorklund.
Both are found to be valid.

(1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary

    The Network Configuration Protocol (NETCONF) defined in
    this document provides mechanisms to install, manipulate,
    and delete the configuration of network devices. It uses
    an Extensible Markup Language (XML)-based data encoding
    for the configuration data as well as the protocol
    messages. The NETCONF protocol operations are realized
    as Remote Procedure Calls (RPC).

    This revision of the document clarifies some text and
    fixes some minor bugs (including reported rfc4741 errata)
    as found from implementatition experience of rfc4741.

Working Group Summary

  The working group went over several versions of the
  document. The comments and reviews helped improve the
  document a lot and brought us to consensus on the
  6th revision of the docuemnt.

Document Quality

  There are implementations of this protocol, and in fact
  the rfc4741bis revision is based on implementation
  experience.

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Bert Wijnen is the document shepherd.
Yes, I have reviewed the document many times, including this
version 6, that I believe is ready for forwarding to
the AD/IESG.

(1.b) Has the document had adequate review both from key WG
members and from key non-WG members? Does the Document
Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?

The document has had wide review and re-reviews of NETCONF
WG members. I do not have any concerns regarding the level
of review for this document.

(1.c) Does the Document Shepherd have concerns that the
document needs more review from a particular or broader
perspective, e.g., security, operational complexity,
someone familiar with AAA, internationalization or XML?

I do not believe any extra special review (other than
normal IETF Last Call) is needed.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

I do not have any specific concerns.
No IPR disclosure been filed as far as we know.

(1.e) How solid is the WG consensus behind this document?
Does it represent the strong concurrence of a few individuals,
with others being silent, or does the WG as a whole understand
and agree with it?

The content of the document has strong WG consensus.

(1.f) Has anyone threatened an appeal or otherwise indicated
extreme discontent? If so, please summarise the areas of
conflict in separate email messages to the Responsible Area
Director. (It should be in a separate email because this
questionnaire is entered into the ID Tracker.)

No-one has threatened with an appeal or expressed extreme
discontent.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

Document passes ID-nits (as shown by the IETF idnits tool:
http://tools.ietf.org/idnits?url=http://tools.ietf.org/id/
draft-ietf-netconf-4741bis-06.txt
There are no errors, but there are a few comments and
warnings. We're addressing those, but we're in ID-cutoff,
so we cannot submit a fixed version immediately.


(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

References are split in Normative and Informative. All normative
documents have been published except draft-ietf-netconf-rfc4742bis,
but that is also being submitted for IESG consideration as
proposed standard.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

IANA considerations are present and complete. No new namespaces are
created and so no new Expert is needed.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The YANG and XSD modules have been checked by Martin Bjorklund.
Both are found to be valid.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

The Network Configuration Protocol (NETCONF) defined in
this document provides mechanisms to install, manipulate,
and delete the configuration of network devices. It uses
an Extensible Markup Language (XML)-based data encoding
for the configuration data as well as the protocol
messages. The NETCONF protocol operations are realized
as Remote Procedure Calls (RPC).

This revision of the document clarifies some text and
fixes some minor bugs (including reported rfc4741 errata)
as found from implementatition experience of rfc4741.

Working Group Summary

The working group went over several versions of the
document. The comments and reviews helped improve the
document a lot and brought us to consensus on the
6th revision of the docuemnt.

Document Quality

There are implementations of this protocol, and in fact
the rfc4741bis revision is based on implementation
experience.