Hi, Kent and Rob, My apology for the extreme delay in this response, just try to recover from the long leave…
Thanks for all the good comments below, -05 is available now to incorporate them, and you may want to review the diff at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-netmod-immutable-flag-05. Please let me know if you have further comments/suggestions. Thanks a lot! Best Regards, Qiufang From: Kent Watsen <[email protected]> Sent: Wednesday, September 3, 2025 4:15 AM To: Rob Wilton (rwilton) <[email protected]> Cc: Jason Sterne (Nokia) <[email protected]>; maqiufang (A) <[email protected]>; [email protected]; [email protected] Subject: Re: [netmod] I-D Action: draft-ietf-netmod-immutable-flag-04.txt Hi Rob, On Aug 7, 2025, at 9:45 AM, Rob Wilton (rwilton) <[email protected]<mailto:[email protected]>> wrote: Hi Kent, authors, I’ve reviewed the latest version of the document, sorry for the delay. Thank you for your review! (Three weeks later) I'm likewise delayed ;) That said, Qiufang is still on PTO... I think that the changes look good, but I wonder whether a bit more description is needed for the example in the appendix, otherwise, I fear it may still be slightly confusing. (i) It may be worth including a copy of the contents of the system datastore to make it clear which configuration is present in the system datastore and hence if deleted from the running datastore will still be present in the intended datastore. E.g., “The client may also subsequently delete any copied "user-group" entries or the entire "user-groups" container, but this will not prevent the configuration as shown in Figure 2<https://www.ietf.org/archive/id/draft-ietf-netmod-immutable-flag-04.html#example> being present in <intended> (if implemented).” This will surely depend on whether the power-users group is also in the system datastore. E.g., these entries may just be in running and hence could just be deleted as normal, and not appear in intended? This is a good suggestion. (ii) The example includes a hardcoded admin username/password that cannot be changed. I’m wondering whether that is really a good example to give in an IETF document, or at least flag that this is not best practice and is only be used to illustrate the hierarchical nature of the immutable flag. I think best practice might be to have usernames like "ex-username-1" and "ex-username-2". As for the passwords, I see them as instances of ianach:crypt-hash. That said, I think there is an error in the examples as never should <system> return a password beginning with "$0$" (Andy's password). (iii) Similarly, the text for B.3, indicates that the tags for the power users can be removed, but would still turn up in intended. I assume that this would depend on whether those entries are also in the system datastore? Yes, it would help to clarify that those users are in <system>. Last minor comment. In section 4.1, it states “4.1., “nor is there any way to delete the node from the combined configuration (as described in [I-D.ietf-netmod-system-config<https://www.ietf.org/archive/id/draft-ietf-netmod-immutable-flag-04.html#I-D.ietf-netmod-system-config>]).” But the system-config draft doesn’t seem to mention the word combined at all. Perhaps relate back to the intended datastore (if implemented) and perhaps update the reference to the specific section where it describes the merging of configuration along with the diagram in the system datastore draft. E.g., “nor is there any way to delete the node from the combined configuration in the intended datastore (as described in [I-D.ietf-netmod-system-config<https://www.ietf.org/archive/id/draft-ietf-netmod-immutable-flag-04.html#I-D.ietf-netmod-system-config>] section XXX).” Agreed. Terminology matters. Kind regards, Rob Kent
_______________________________________________ netmod mailing list -- [email protected] To unsubscribe send an email to [email protected]
