Minutes of the virtual interim meeting on January 5, 2015 1700-1900 UTC ------------------------------------------------------------------------------------- Attendees: Mehmet Ersue Mahesh Jethanandani Andy Bierman Kent Watsen Susan Hares Hannes Tschofenig Juergen Schoenfelder Alan Luchuk Reinaldo Penno Agenda is available at: http://www.ietf.org/proceedings/interim/2015/01/05/netconf/agenda/agenda-interim-2015-netconf-1 - 5 min chair intro, scribe, agenda bashing The notes will betaKent on: http://beta.etherpad.org/p/netconf-Jan05 Issue discussion per WG item: - Call Home (Kent) (10min) Currently 3 openissues. See https://github.com/netconf-wg/call-home/issues Notes during the discussion: no consensus on splitting the draft into two drafts. Better readability can be achieved by: - break RESTCONF or NETCONF into different sections. - another way is that this section could be broKent out by transport sections. However, these sections are highly shared - so this would solve the issue. Andy: I do not see why these should be broKent into two sentences in this section. Kent: Do you mean two sentences. Mehmet: The four bullets are steps. You can not add bullets, but you could have sub-bullets. Kent: I can try it. Mehmet: You do not seem convinced. Should we have it on the mail list? Kent: I agree that it needs to be the complete document. Andy: This solution makes sense to me. Readability is subjective. Hannes: readability is important. Mehmet: Let's go for this solution. - Server Model (Kent) (20min) Currently 4 openissues. See https://github.com/netconf-wg/server-model/issues Notes: Kent: WG consensus "not granted" on the issue 21. Resolution is to not have a feature statement. around the session options node. ( Mehmet: can you give us an update on issues 18 and issues 24. Kent: Hannes Tschofenig agreed cliient-trust-cert are password, and hence they should be treated as the same. The plan is to add NACM attribute to the yang model for the client-trust-cert node indicating that it should only be written by permitted users. Simiilar updates to be made to indicate this in the security section. Mehmet: Should we send a solution to the mail list? We can have a 1 week deadline (1/12/2015). Kent needs to update the Server Model draft for client authentication to make it consistent. Kent will open a new issue for it in GH. - Zerotouch (Kent) (30min) Currently 2 openissues. See https://github.com/netconf-wg/zero-touch/issues issue 5: Validate if vendors can support owner-validation service (from anima WG) Kent will send a request to the mail list. Mehmet: Why are we not using Yang instead of XSD datamodel? Kent: The interesting thing was we were using yang, and we used XSD to assert the use of XML but also because a grouping configlet would create a top-level mandatory node. YANG is about configuration and non-configuration definition. A config-let is not a configuration. It is a HTTP file downloaded by the device. The data is XML. Hannes: There is no requirement to use a schema langauge. Kent: This could be defined in Yang and the instance document would be XML. Alan Luchuk agrees with the reason for keeping the config-let in XSD format. There is also an issue with XML signing and encryption for the config-let. XML signing and encryption is not widely adopted. Looking for a simpler solution. Hannes suggested using transport layer security. - rfc5539bis (Juergen) (5min) No open issues. There was a short discussion on starting WGLC for call-home, server-model and 5539bis together. Juergen says that this document makes no normative reference to server model anymore, so 5539bis is independent of the other two. Mehmet suggested that we start WGLC on the document asap. AI for Mehmet. - Restconf/YANG Patch (Andy) (40min) Currently 9/2open issues. https://github.com/netconf-wg/restconf/issues https://github.com/netconf-wg/yang-patch/issues RESTCONF Issue#15. Andy has already posted the proposal (S2-B) on the ML Lada objected, but has not provided clarification. Kent prefers machine readable, so he does not like S3. He prefers S2-A or S2-B. Whatever solution is preferred here can then be applied to conflig-let issue in ZeroTouch. Hannes has a problem with defining protocol operations using a XML schema. Kent surpised by Hannes objection. IETF has a long tradition of using ABN format. Andy agrees that the proposed solution is not human readable format and at best is the work around to the limitation. Andy needs time to update the draft. He can do it for next Monday. Yang patch is already updated. Issue #2 in yang patch is an implementation issue. Kent wants more discussion around issue #9 of RESTCONF. Per the notes in GH, BasisAuth needs to be supported. Server needs to support a small number of client (password and client-auth) authentication.Server needs to support at least one of password, digest and client-auth. Andy has no objection to the proposed solution. Currently, as written, the draft says BasicAuth has to be supported. That according to Kent is not realistic. Passwords are inherently less secure. It also requires all server to support BasicAuth. Juergen comments that for interoperability, you need a common baseline. Either or is broken for interoperability. He suggests that choice of auth is a deployment policy and should not be hard coded. Mehmet suggests to start LC on RESTCONF and yang-patch next Monday with this issue open for discussion. Kent can bring the issue to the maillist. - 5 min AOB other topics Susan Hares will provide an update. The i2rs interim meeting had a discussion around the RIB model and what NETCONF needs to provide. Susan will have a discussion with Jeff and post the questions the group has to the ML. ME: The next meeting is on 2015-01-19 1700 UTC. We will plan a I2RS slot for discussion with Jeff Haas and others.