Using the NETCONF Protocol over Secure Shell (SSH)
draft-ietf-netconf-rfc4742bis-08
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
08 | (System) | post-migration administrative database adjustment to the No Objection position for Sean Turner |
2012-08-22
|
08 | (System) | post-migration administrative database adjustment to the No Objection position for Peter Saint-Andre |
2012-08-22
|
08 | (System) | post-migration administrative database adjustment to the No Objection position for Alexey Melnikov |
2012-08-22
|
08 | (System) | post-migration administrative database adjustment to the Yes position for David Harrington |
2011-03-31
|
08 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2011-03-30
|
08 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2011-03-30
|
08 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2011-03-30
|
08 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2011-03-28
|
08 | (System) | IANA Action state changed to In Progress |
2011-03-26
|
08 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent. |
2011-03-25
|
08 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2011-03-25
|
08 | Cindy Morgan | IESG has approved the document |
2011-03-25
|
08 | Cindy Morgan | Closed "Approve" ballot |
2011-03-25
|
08 | Cindy Morgan | Approval announcement text regenerated |
2011-03-25
|
08 | Cindy Morgan | Ballot writeup text changed |
2011-03-15
|
08 | David Harrington | [Ballot comment] I cleared |
2011-03-15
|
08 | David Harrington | [Ballot Position Update] Position for David Harrington has been changed to Yes from Discuss |
2011-03-15
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-15
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-15
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-14
|
08 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2011-03-14
|
08 | (System) | New version available: draft-ietf-netconf-rfc4742bis-08.txt |
2011-03-03
|
08 | Sam Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Rob Austein. |
2011-03-03
|
08 | Cindy Morgan | Removed from agenda for telechat |
2011-03-03
|
08 | Cindy Morgan | State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation. |
2011-03-03
|
08 | Alexey Melnikov | [Ballot comment] 1) I support David's DISCUSS about lack of information about username extraction. |
2011-03-03
|
08 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from Discuss |
2011-03-03
|
08 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-03
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-03
|
08 | Alexey Melnikov | [Ballot discuss] In general I support publication of this document. However I would like to discuss the following issue before I can recommend its approval: … [Ballot discuss] In general I support publication of this document. However I would like to discuss the following issue before I can recommend its approval: 1) I support David's DISCUSS about lack of information about username extraction. |
2011-03-03
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-03
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-03
|
08 | Amy Vezza | Ballot writeup text changed |
2011-03-03
|
08 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss |
2011-03-03
|
08 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-03
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-03
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-02
|
08 | Tim Polk | [Ballot comment] I suspect I am disclosing my lack of netconf clue, but here goes: Why is the example in section 4.2 (chunked encoding) declaring … [Ballot comment] I suspect I am disclosing my lack of netconf clue, but here goes: Why is the example in section 4.2 (chunked encoding) declaring the base1.0 namespace? I thought that base1.1 support is required of both the server and client to use chunked encoding... |
2011-03-02
|
08 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-02
|
08 | Peter Saint-Andre | [Ballot comment] |
2011-03-02
|
08 | Peter Saint-Andre | [Ballot Position Update] Position for Peter Saint-Andre has been changed to No Objection from Discuss |
2011-03-02
|
08 | Alexey Melnikov | [Ballot discuss] In general I support publication of this document. However I would like to discuss the following issues before I can recommend its approval: … [Ballot discuss] In general I support publication of this document. However I would like to discuss the following issues before I can recommend its approval: 1) I support David's DISCUSS about lack of information about username extraction. 2) 3.1. Capabilities Exchange The NETCONF server MUST indicate its capabilities by sending an XML document containing a element as soon as the NETCONF session is established. The NETCONF client can parse this message to determine which NETCONF capabilities are supported by the NETCONF server. The NETCONF client must also send an XML document containing a element to indicate the NETCONF client's capabilities to the NETCONF server. The document containing the element MUST be the first XML document that the NETCONF client sends after the NETCONF session is established. These 2 paragraph look like they are repeating something already specified in the NETCONF spec itself, which I think is misleading. If that is the case, then you need to make it clear that you are merely repeating requirements stated elsewhere, for example by writing "As specified in [NETCONF] ...". 3). Have you forgotten to register the new URN? |
2011-03-02
|
08 | Alexey Melnikov | [Ballot Position Update] New position, Discuss, has been recorded |
2011-03-02
|
08 | Sean Turner | [Ballot comment] This is updated to add two new comments from the SECDIR review. #1) Sec 3.1: 2nd para, 1st sentence: Should the "must" in … [Ballot comment] This is updated to add two new comments from the SECDIR review. #1) Sec 3.1: 2nd para, 1st sentence: Should the "must" in the first paragraph be a "MUST"? #2) Sec 4.2: Would any XML decoding error cause termination as stated at the end of 4.2? E.g. some unknown xmlns value or something? #3) If it's worth changing the framing protocol at all, which I'm willing to accept as a given, it is far from obvious to me that the current negotiated upgrade is the right way to do it, as this will require implementation of the old bad mechanism forever. Switching to a new SSH subsystem name seems like a much simpler solution. #4) As a matter of stylistic consistency with the last several decades of Internet protocols, the delimiter sequence in the new framing protocol should have been , not . |
2011-03-02
|
08 | Sean Turner | [Ballot discuss] This discuss position is not updated (but the comments are). #1) You state a max for chunk-size in 4.2 but I think you … [Ballot discuss] This discuss position is not updated (but the comments are). #1) You state a max for chunk-size in 4.2 but I think you need a MUST for what to do if a client or server sends something out-of-range (<=0 or >2^32-1). The idea is to get implementers not to leave buffer overrun vulnerabilities around. (Same thing for what to do if chunk-size does contain leading zeros, or is negative perhaps.) That may not be quite the same as saying "MUST terminate" at the very end of 4.2 if someone didn't consider the chunk-size part of the decoding process. Lastly, as a bit of a mad corner-case, if I send a chunk that's 2^32-2 long (which is allowed) and then another chunk that's 10 bytes, but both are the same XML element, i.e. the "" then is a server or client expected to be able to handle the overall element that's 2^32+8 bytes long? Maybe just add text that implementations SHOULD include an upper-limit that ensures they're not vulnerable to buffer overruns or something. #2) There's a mix of upper and lower case in the security considerations was this purposely done? Specifically, it says "should" only be used with confidentiality. Maybe "SHOULD" is better there? Also why isn't this a MUST? |
2011-03-02
|
08 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-02
|
08 | Dan Romascanu | Ballot writeup text changed |
2011-03-02
|
08 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-01
|
08 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-01
|
08 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-01
|
08 | Peter Saint-Andre | [Ballot comment] For the sake of clarity, I suggest changing " end tag" to " end tag" in Section 4.2. Why do examples at the … [Ballot comment] For the sake of clarity, I suggest changing " end tag" to " end tag" in Section 4.2. Why do examples at the end of the Section 5 (top of page 9) contain LF? As far as I can see, those XML documents are not being chunked. |
2011-03-01
|
08 | Peter Saint-Andre | [Ballot discuss] It appears that a normative reference to the XML specification might be needed (unless that is included by reference via draft-ietf-netconf-rfc4742bis). |
2011-03-01
|
08 | Peter Saint-Andre | [Ballot Position Update] New position, Discuss, has been recorded |
2011-03-01
|
08 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded |
2011-03-01
|
08 | Sean Turner | [Ballot discuss] #1) You state a max for chunk-size in 4.2 but I think you need a MUST for what to do if a client … [Ballot discuss] #1) You state a max for chunk-size in 4.2 but I think you need a MUST for what to do if a client or server sends something out-of-range (<=0 or >2^32-1). The idea is to get implementers not to leave buffer overrun vulnerabilities around. (Same thing for what to do if chunk-size does contain leading zeros, or is negative perhaps.) That may not be quite the same as saying "MUST terminate" at the very end of 4.2 if someone didn't consider the chunk-size part of the decoding process. Lastly, as a bit of a mad corner-case, if I send a chunk that's 2^32-2 long (which is allowed) and then another chunk that's 10 bytes, but both are the same XML element, i.e. the "" then is a server or client expected to be able to handle the overall element that's 2^32+8 bytes long? Maybe just add text that implementations SHOULD include an upper-limit that ensures they're not vulnerable to buffer overruns or something. #2) There's a mix of upper and lower case in the security considerations was this purposely done? Specifically, it says "should" only be used with confidentiality. Maybe "SHOULD" is better there? Also why isn't this a MUST? |
2011-03-01
|
08 | Sean Turner | [Ballot comment] #1) Sec 3.1: 2nd para, 1st sentence: Should the "must" in the first paragraph be a "MUST"? #2) Sec 4.2: Would any XML … [Ballot comment] #1) Sec 3.1: 2nd para, 1st sentence: Should the "must" in the first paragraph be a "MUST"? #2) Sec 4.2: Would any XML decoding error cause termination as stated at the end of 4.2? E.g. some unknown xmlns value or something? |
2011-03-01
|
08 | Sean Turner | [Ballot discuss] #1) You state a max for chunk-size in 4.2 but I think you need a MUST for what to do if a client … [Ballot discuss] #1) You state a max for chunk-size in 4.2 but I think you need a MUST for what to do if a client or server sends something out-of-range (<=0 or >2^32-1). The idea is to get implementers not to leave buffer overrun vulnerabilities around. (Same thing for what to do if chunk-size does contain leading zeros, or is negative perhaps.) That may not be quite the same as saying "MUST terminate" at the very end of 4.2 if someone didn't consider the chunk-size part of the decoding process. Lastly, as a bit of a mad corner-case, if I send a chunk that's 2^32-2 long (which is allowed) and then another chunk that's 10 bytes, but both are the same XML element, i.e. the "" then is a server or client expected to be able to handle the overall element that's 2^32+8 bytes long? Maybe just add text that implementations SHOULD include an upper-limit that ensures they're not vulnerable to buffer overruns or something. #2) There's a mix of upper and lower case in the security considerations was this purposely done? Specifically, it says "should" only be used with confidentiality. Maybe "SHOULD" is better there? Also why isn't this a MUST? |
2011-03-01
|
08 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded |
2011-03-01
|
08 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded |
2011-02-28
|
08 | David Harrington | [Ballot discuss] 1) 4741bis says: "The authentication process MUST result in an authenticated client identity whose permissions are known to the server. The … [Ballot discuss] 1) 4741bis says: "The authentication process MUST result in an authenticated client identity whose permissions are known to the server. The authenticated identity of a client is commonly referred to as the NETCONF username. The algorithm used to derive the username is transport protocol specific and in addition specific to the authentication mechanism used by the transport protocol. NETCONF transport protocols therefore MUST explain how a NETCONF username is derived from the authentication mechanisms supported by the transport protocol. The access permissions of a given client, identified by its NETCONF username, are part of the configuration of the NETCONF server. These permissions MUST be enforced during the remainder of the NETCONF session. The details how access control is configured is outside the scope of this document." 4742bis says: "How the NETCONF Server extracts the SSH user name from the SSH layer is implementation-dependent." This is not an explanation. Assuming an operator must specify access control rights for a user in the configuration o fthe server, it is important that the operator understands what the netconf username(s) will be. That is presumably why it is important for the Netconf transport protocol specification to explain the algorithm for deriving the username. RFC5592 defines an SSH subsystem for use with SNMP, and has had to deal with similar issues, including constraints about not changing the username associated with a session, allowing "user@host" style naming, etc. Maybe those are not needed for netconf, but the above "implementation-dependent" explanations seems woefully inadequate. |
2011-02-28
|
08 | David Harrington | [Ballot Position Update] Position for David Harrington has been changed to Discuss from No Objection |
2011-02-28
|
08 | David Harrington | [Ballot comment] 1) The IANA section does not specify that the assigned port is a TCP port. should it? |
2011-02-28
|
08 | David Harrington | [Ballot Position Update] New position, No Objection, has been recorded |
2011-02-28
|
08 | Tim Polk | [Ballot comment] I suspect I am disclosing my lack of netconf clue, but here goes: Why is the example in section 4.2 (chunked encoding) declaring … [Ballot comment] I suspect I am disclosing my lack of netconf clue, but here goes: Why is the example in section 4.2 (chunked encoding) declaring the base1.0 namespace? I thought that base1.1 support is required of both the server and client to use chunked encoding... |
2011-02-23
|
07 | (System) | New version available: draft-ietf-netconf-rfc4742bis-07.txt |
2011-02-22
|
08 | Dan Romascanu | [Ballot Position Update] New position, Yes, has been recorded for Dan Romascanu |
2011-02-22
|
08 | Dan Romascanu | Ballot has been issued |
2011-02-22
|
08 | Dan Romascanu | Created "Approve" ballot |
2011-02-22
|
08 | Dan Romascanu | Placed on agenda for telechat - 2011-03-03 |
2011-02-22
|
08 | Dan Romascanu | State changed to IESG Evaluation from Waiting for AD Go-Ahead. |
2011-02-16
|
08 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call. |
2011-02-07
|
08 | Amanda Baber | IANA understands that, upon approval of this document, two IANA Actions are required to be completed. First, in the IANA Port Numbers registry located at: … IANA understands that, upon approval of this document, two IANA Actions are required to be completed. First, in the IANA Port Numbers registry located at: http://www.iana.org/assignments/port-numbers The reference for port number 830 will be updated to [RFC-to-be] netconf-ssh 830/tcp NETCONF over SSH netconf-ssh 830/udp NETCONF over SSH show quoted text # [RFC-to-be] Second, in the Connection Protocol Subsystem Names subregistry of the Secure Shell (SSH) Protocol Parameters registry located at: http://www.iana.org/assignments/ssh-parameters the entry for netconf will be updated to reference [RFC-to-be] as follows: Registry Name: Connection Protocol Subsystem Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Subsystem Name Reference ------------------------------ --------- publickey [RFC4819] snmp [RFC5592] netconf [RFC-to-be] IANA understands that these are the only IANA Actions required upon approval of this document. |
2011-02-07
|
08 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Rob Austein |
2011-02-07
|
08 | Sam Weiler | Request for Last Call review by SECDIR is assigned to Rob Austein |
2011-02-02
|
08 | Amy Vezza | Last call sent |
2011-02-02
|
08 | Amy Vezza | State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: … State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (Using the NETCONF Configuration Protocol over Secure Shell (SSH)) to Proposed Standard The IESG has received a request from the Network Configuration WG (netconf) to consider the following document: - 'Using the NETCONF Configuration Protocol over Secure Shell (SSH)' as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2011-02-16. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-netconf-rfc4742bis/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-netconf-rfc4742bis/ |
2011-02-02
|
08 | Dan Romascanu | Last Call was requested |
2011-02-02
|
08 | (System) | Ballot writeup text was added |
2011-02-02
|
08 | (System) | Last call text was added |
2011-02-02
|
08 | (System) | Ballot approval text was added |
2011-02-02
|
08 | Dan Romascanu | State changed to Last Call Requested from AD Evaluation. |
2011-02-02
|
08 | Dan Romascanu | Last Call text changed |
2011-02-02
|
08 | Dan Romascanu | State changed to AD Evaluation from Publication Requested. |
2011-01-31
|
08 | Cindy Morgan | http://tools.ietf.org/html/draft-ietf-netconf-rfc4742bis-06 Please find below the updated document write-up. Mehmet Ersue Document shepherd ------------------------------------------------------------------------ --- (1.a) Who is the Document Shepherd for this document? Has the … http://tools.ietf.org/html/draft-ietf-netconf-rfc4742bis-06 Please find below the updated document write-up. Mehmet Ersue Document shepherd ------------------------------------------------------------------------ --- (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? I, Mehmet Ersue, am the Document Shepard for this document. I have personally reviewed this version of the document and I believe it is ready for publication. Adequate review has occurred from WG members, and it has been reviewed especially by Bert Wijnen, Andy Bierman, Phil Shaefer, Martin Bjorklund, Lada Lothka, Wes Hardaker, Tom Petch, Ken Watson, and Juergen Schoenwaelder. The issues raised in the reviews have been discussed on the mailing list and fixed in the last versions. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has had adequate review from working group and non-working group members, mostly from NETCONF and NETMOD WGs. I do not have any concerns about the depth or breadth of review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? No. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no concerns about the technical merit of the document. There are no IPR disclosures filed on this document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is strong consensus in the WG to publish this document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Yes. There are no nits in this draft. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has split references into normative and informative. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? IANA considerations are present and complete. The draft requests to update the allocations, which have been done for RFC 4742. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? The ABNF rules for the chunked framing mechanism are correct and follow RFC5234. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document describes a method for invoking and running the NETCONF protocol within a Secure Shell (SSH) session as an SSH subsystem. Working Group Summary This document has been longly discussed in the Working Group, including several WG Last Calls. The comments and reviews helped to improve the document a lot and the current version reflects the consensus of the WG. The document incorporates all accepted errata against RFC4742. After a long debate the WG decided to have the way a NETCONF Server extracts the SSH user name from the SSH layer as implementation-dependent. There was a long discussion on the handling of the EOM character sequence. As the workgroup had only a mandate for bug fixing the workgroup first agreed to keep using the EOM sequence to avoid incompatibility with existing implementations. After the discussion on this issue in IETF #79 a few WG members proposed to figure out if a proper framing solution can be found now, while being backwards compatible with the rfc4742. The old EOM framing has been seen as not secure enough: - RFC4742 assumes that the EOM sequence, ]]>]]>, cannot appear in any well-formed XML document, which turned out to be mistaken. - The EOM sequence can cause operational problems and open space for attacks if sent deliberately in RPC messages. NETCONF co-chairs agreed to consider a solution only if there is a real WG consensus (i.e. near 100%) on such a change. First a possible solution has been discussed in a small team, which included most of the implementers for NETCONF-related tools and protocol code. The solution proposes to encode all NETCONF messages with a chunked framing (similar but not equal to HTTP chunked framing). The document still uses the EOM sequence for the initial message to avoid incompatibility with existing implementations. NETCONF co-chairs asked the AD to hold the documents for 4741bis and 4742bis for a short period of time and the result of the discussion in the small team has been sent to the WG for consensus. Some of the discussion points were: - The proposal makes it a little bit harder to do just an SSH-session and then do cut-and-paste input. The implementers believe that the proposed solution for proper/decent framing is acceptable and that most implementation can/will provide a simple scripting front-end to allow for some form of cut-and-paste. - It came out that less experienced implementers find it as helpful to see the "invisible LineFeed" in the examples. The WG concluded that '\n' is the most common character for this purpose. One WG member though was against '\n' and wanted to use '}', which has been noted. - One WG member didn't want to stick the usage of the Chunked Framing Mechanism to capability "base:1.1" only and wanted rather to state ":base:1.1 or later". The WG concluded that we should stick to "base:1.1" and extend it with a new version, which most likely will introduce other changes. The changes have been accepted by the WG with some additional discussion and bug fixing. As the result of the WG discussion the WG co-chairs concluded near FULL consensus on the proposed edits and started a WGLC. The WGLC did raise only minor issues. After a short discussion in a small team including the WG co-chairs, the editor of 4742bis Margaret Wasserman, editors of 4741bis Martin Bjorklund, Andy Bierman and Juergen Schoenwaelder the document shepherd sent the collected bug fixing and change requests to NETCONF ML and announced it as the result of the WG last call. Document Quality Since SSH is mandatory transport for NETCONF there are numerous implementations of RFC 4742. It is expected that existing implementations will be updated based on the 4742bis document once it gets published as proposed standard. Mehmet Ersue Document Shepherd |
2011-01-27
|
08 | Cindy Morgan | State changed to Publication Requested from AD is watching. |
2011-01-27
|
08 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? I, Mehmet Ersue, am the Document Shepard for this document. I have personally reviewed this version of the document and I believe it is ready for publication. Adequate review has occurred from WG members, and it has been reviewed especially by Bert Wijnen, Andy Bierman, Phil Shaefer, Martin Bjorklund, Lada Lothka, and Juergen Schoenwaelder. The issues raised in the reviews have been discussed on the mailing list and fixed in the last versions. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has had adequate review from working group and non-working group members, mostly from NETCONF and NETMOD WGs. I do not have any concerns about the depth or breadth of review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? No. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no concerns about the technical merit of the document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is strong consensus in the WG to publish this document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Yes. There is only one outdated reference (for draft-ietf-netconf-4741bis). (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has split references into normative and informative. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? IANA considerations are present and complete. The draft requests to update the allocations, which have been done for RFC 4742. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There is no data model in this document. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document describes a method for invoking and running the NETCONF protocol within a Secure Shell (SSH) session as an SSH subsystem. Working Group Summary This document has been longly discussed in the Working Group, including several WG Last Calls. The comments and reviews helped to improve the document a lot and the current version reflects the consensus of the Working Group. The document incorporates all accepted errata against RFC4742. After a long debate the WG decided to have the way a NETCONF Server extracts the SSH user name from the SSH layer as implementation-dependent. There was a long discussion on the handling of the EOM character sequence. The workgroup agrees that this issue should be solved with an additional framing, which would lead to a new version incompatible with version v1.0. As described in the Security Considerations section the EOM sequence can cause operational issues however the workgroup believes the associated threat is not very high. As the workgoup has only a mandate for bug fixing the document keeps using the EOM sequence to avoid incompatibility with existing implementations. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? Since SSH is mandatory transport for NETCONF there are numerous implementations of RFC 4742. 4742bis is doing only bug fixing and existing implementations can be updated once 4742bis becomes proposed standard. Mehmet Ersue Document Shepherd |
2011-01-27
|
08 | Cindy Morgan | [Note]: 'Mehmet Ersue (mehmet.ersue@nsn.com) is the document shepherd.' added |
2011-01-27
|
08 | Cindy Morgan | Intended Status has been changed to Proposed Standard from None |
2011-01-24
|
06 | (System) | New version available: draft-ietf-netconf-rfc4742bis-06.txt |
2010-12-20
|
05 | (System) | New version available: draft-ietf-netconf-rfc4742bis-05.txt |
2010-11-25
|
08 | Dan Romascanu | State changed to AD is watching from Publication Requested. At the request of the WG chairs the AD is watching while the WG debates the … State changed to AD is watching from Publication Requested. At the request of the WG chairs the AD is watching while the WG debates the solution to the EOM problem which may lead to a revised ID. |
2010-10-26
|
08 | Dan Romascanu | Document write-up from shepherd Mehmet Ersue: (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this … Document write-up from shepherd Mehmet Ersue: (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? I, Mehmet Ersue, am the Document Shepard for this document. I have personally reviewed this version of the document and I believe it is ready for publication. Adequate review has occurred from WG members, and it has been reviewed especially by Bert Wijnen, Andy Bierman, Phil Shaefer, Martin Bjorklund, Lada Lothka, and Juergen Schoenwaelder. The issues raised in the reviews have been discussed on the mailing list and fixed in the last versions. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has had adequate review from working group and non-working group members, mostly from NETCONF and NETMOD WGs. I do not have any concerns about the depth or breadth of review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? No. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no concerns about the technical merit of the document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is strong consensus in the WG to publish this document. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Yes. There is only one outdated reference (for draft-ietf-netconf-4741bis). (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has split references into normative and informative. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? IANA considerations are present and complete. The draft requests to update the allocations, which have been done for RFC 4742. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There is no data model in this document. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document describes a method for invoking and running the NETCONF protocol within a Secure Shell (SSH) session as an SSH subsystem. Working Group Summary This document has been longly discussed in the Working Group, including several WG Last Calls. The comments and reviews helped to improve the document a lot and the current version reflects the consensus of the Working Group. The document incorporates all accepted errata against RFC4742. After a long debate the WG decided to have the way a NETCONF Server extracts the SSH user name from the SSH layer as implementation-dependent. There was a long discussion on the handling of the EOM character sequence. The workgroup agrees that this issue should be solved with an additional framing, which would lead to a new version incompatible with version v1.0. As described in the Security Considerations section the EOM sequence can cause operational issues however the workgroup believes the associated threat is not very high. As the workgoup has only a mandate for bug fixing the document keeps using the EOM sequence to avoid incompatibility with existing implementations. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? Since SSH is mandatory transport for NETCONF there are numerous implementations of RFC 4742. 4742bis is doing only bug fixing and existing implementations can be updated once 4742bis becomes proposed standard. |
2010-10-26
|
08 | Dan Romascanu | Draft added in state Publication Requested by Dan Romascanu |
2010-10-25
|
04 | (System) | New version available: draft-ietf-netconf-rfc4742bis-04.txt |
2010-10-20
|
03 | (System) | New version available: draft-ietf-netconf-rfc4742bis-03.txt |
2010-07-26
|
02 | (System) | New version available: draft-ietf-netconf-rfc4742bis-02.txt |
2010-06-01
|
01 | (System) | New version available: draft-ietf-netconf-rfc4742bis-01.txt |
2010-01-08
|
00 | (System) | New version available: draft-ietf-netconf-rfc4742bis-00.txt |