Roman: Security has created very few Yang modules. Therefore, you do not have experience with the lengthy cycle for this work. Ask Rob Wilton about the versioning efforts or ask Alvaro regarding the routing yang models. Or look at the BGP model for complexity.
Data driven Yang models are extremely powerful, but these models take 2-3 passes to the internal structure right. During the 2nd and 3rd passes, the WG participation is low because Yang refactoring is not an easy or common skill. Yang refactoring + security + I2NSF models is a very rare skill. You are looking at working group participation as we "hold" for getting the last 5 models correct. We are in the 3rd stage of work for these models. It takes time to get the models right, but it is something that takes 2-3 people with a rare set of experience time. Do I believe that IETF Yang models are beneficial? Yes, because they influence open source + the future of network management work. Even Open-Config (ask Rob about that story), is taking fixes from the bgp model refactoring. My recommendation is that you consider the life-cycle of Yang models in reviewing a WG. If you are going to hold on 5 models in phase-3, put the WG in hiatus while the experts work. Or decide to start-up work that I2NSF WG participants can help with. NETMOD exist at the center of YANG creation, but even in these WGS there are few experts implementing the code. Most people review the high-level concepts, and it takes time to get the high level concepts sorted out. For example, I would like to get the I2NSF IP-SEC model adapted so that we can use it in the BGP model. This takes chatting with the folks in I2NSF who are experts. I hope this longish message is helpful. Sue PS - The BGP model is at draft-ietf-idr-bgp-model-13.txt. -----Original Message----- From: Roman Danyliw [mailto:r...@cert.org] Sent: Sunday, March 20, 2022 5:03 PM To: Susan Hares; i2nsf@ietf.org Subject: RE: [I2nsf] Comments on re-chartering Hi Sue! > -----Original Message----- > From: I2nsf <i2nsf-boun...@ietf.org> On Behalf Of Susan Hares > Sent: Sunday, March 20, 2022 3:12 PM > To: Roman Danyliw <r...@cert.org>; i2nsf@ietf.org > Subject: Re: [I2nsf] Comments on re-chartering > > Roman: > > May I ask a questions before answering your questions. I don't have comprehensive data on any of these. The datatracker likely has some of this information but it would take effort to extract. > 1) How many security Yang models have been published? My sense is that that the number of Yang models from the SEC area is low in in comparison to other areas. Other areas do publish Yang modules on Sec related topics. > 2) How long does it take Yang models approved in the security area? I'm only tracking two data points -- I2NSF and RATS. https://datatracker.ietf.org/doc/draft-ietf-rats-yang-tpm-charra/ was adopted by the RATS WG in January 2020 and reviewed by the IESG at the last 03/10/2022 telechat. If you count from the first individual draft -00, then the time starts at Jul 2018 (which was even before the first RATS BOF at IETF 103). > 3) How many IETF yang models have been deployed? I can't say. For Yang module and most IETF work, there isn't a good sense of that answer in the aggregate. My experience is that specific WGs have a better sense of implementations and adoption of their technologies. Perhaps the I2NSF Yang module authors can give us a sense of adoption. > 4) Does the small deployment for IETF yang models change the value of the > model? At the risk of getting philosophical, such a hypothetical question depends on your definition of value, who are the stakeholders, and desired payoff horizon this technology. > The SEC-ADs sent this WG off to create Yang models. Did you consider this > in your review? I definitely considered the existing I2NSF charter and the planned milestones before my review. This WG was not so much sent off to create Yang models as, like every WG, approved with a specific scope, in this case making Yang models for a narrow scope. > May I politely and respectfully suggest there are things about the standardizing > Yang models that you have not asked about. > > The first stage of a yang model is joyous. You decide what goes in. The > second of getting a prototype yang model implementation is hard work. The > third stage of getting the model approved in the IETF environment is > frustrating and painful. During the second and third stage, most WGs have > trouble keeping up the energy - since it is all about the small details of > Yang. Help me understand how to read this progression as it relates to the I2NSF documents. What didn't I ask? > Tom Petch has been very helpful, but it is a long process to refactored > structures in Yang. Paul has done a tremendous job in both doing prototype > implementations, and working through the lengthy issues with the Yang > models. While completing those 5 models, Paul has run into many of the > structural issues/debates inside Yang. I couldn't agree with you more. Paul and Tom have a done a tremendous and admirable job on the core I2NSF data models. > Having struggle to incorporate yang models from IP-SEC into the BGP model > (with my excellent co-authors), may I suggest that even the IP-SEC models > are just at the beginning from I2NSF. Maybe there are other IP-SEC Yang > models outside of I2NSF. The community would know better than me on what future work is needed to better manage security protocols, IPSec, or otherwise with Yang modules. I don't see the I2NSF WG being the place to do that Yang work for security protocols in the general case. Roman > Sue > > -----Original Message----- > From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Roman Danyliw > Sent: Sunday, March 20, 2022 2:33 PM > To: i2nsf@ietf.org > Subject: [I2nsf] Comments on re-chartering > > Hi! > > It's nice to see I2NSF on the formal meeting agenda again. I see discussions on > the mailing list to again revisit the WG charter [3] and it's on the agenda for > this week's IETF 113 meeting. I don't want my position at the meeting to come > as a surprise so I'll restate what I've previously said in November 2020 [1] and > October 2021 [2] on a new I2NSF charter: > > ** By all means, please use the WG to discuss I2NSF and the associated > ecosystem. > > ** With the degree of discussion and review demonstrated in the last two years > by the WG on I2NSF documents, these is not sufficient WG participation to take > on new work. It remains unclear if there is even enough energy to finish the > currently charted documents. Given the current WG dynamics, I will not > support a new charter. > > ** Rechartering the WG would first require all previously promised deliverables > (all 5 YANG modules) to be complete (at the RFC Editor), and then amongst > other things, the identification of a critical mass of additional WG participants > (beyond document authors/their organizations) committed to reviewing and > implementing the work. Next steps would be heavily dependent on the > specifics of the new work being proposed. > > To the specific charter text [3], a few high level questions: > > (a) This seems like a lot of work that equal to, if not larger than, the original > WG scope which the WG is having difficulty finishing. Given that I2NSF has > been unable to publish any of its core protocol deliverables in the last 6.5 years > (chartered September 2015), is this the right size of new work to consider? > Why is there bandwidth to do new work, but not finish the existing work? > > (b) This seems like a significant expansion into areas that I2NSF has not worked > on -- DLT, PQ Crypto, attestation, etc. This begs questions such as whether a > new WG is more appropriate. Why is I2NSF the right place? > > (c) Correct me if I'm wrong, it's my understanding that there isn't commercial > adoption (or a substantial user base) of I2NSF yet. If that's true, what role will > this new work play in increasing the likelihood of adoption? Why does this > additional work have to happen now rather than waiting for more operational > experience? > > Regards, > Roman > > [1] > https://mailarchive.ietf.org/arch/msg/i2nsf/FBzpXwPUaY5PkcgvKpWnHAAanp4 > / > [2] > https://mailarchive.ietf.org/arch/msg/i2nsf/GAqtySDhTlhgPGMh_MdaajApUDs > / > [3] > https://mailarchive.ietf.org/arch/msg/i2nsf/XQxOoQS9JkJ0hDeICISHEl8QasE/ > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
