On Tue, Feb 11, 2020 at 10:19 AM Joe Clarke (jclarke) <jcla...@cisco.com> wrote:
>
> As a contributor, I think this document is mostly ready (and as previously
> stated, I like and support the work). That said, after another read I found
> a few spelling nits and some comments:
>
> In Section 2, you paint the picture of a scenario, but “break the fourth
> wall” to explain what is existing and what is new functionality as well as
> state that the document prescribes using the SN as the unique identifier. In
> the spirit of a scenario with additional context, I think you should clarify
> that the DHCP boot of an out-of-the-box device is _typically_ existing
> functionality. Some vendors’ devices may not do this.
Good point. I have just submitted a new version which I think
addresses this (and your other comments below) -- I broke section 2
("Overview / Example Scenario") into 2 sections, "Overview" and
"Example Scenario". This required moving some text around, but I think
addresses your concern (and improves the document).
>
> ===
>
> Section 3.1:
>
> s/intially/initially/
DONE. Thank you!
>
> s/contrained/constrained/
DONE. Thank you!
>
> s/certifcates/certificates/
DONE. Thank you, there were 2 instances of this.
>
> ===
>
> Section 3.2:
>
> s/identfiers/identifiers/
DONE. Thanks!
>
> s/certificat/certificate/
DONE.
>
> s/certifcates/certificates/
DONE.
>
> ===
>
> Section 4.2:
>
> s/certifcate/certificate/
DONE. Well, this is getting embarrassing....
>
> ===
>
> Section 4.3:
>
> s/certifcate/certificate/
DONE. My old tooling would automagically spellcheck - I've just added
a spellcheck to VS Code (my new ID tooling editor).
>
> s/it never need/it never needs/
DONE.
>
> I think you need some definition of “garbage” when doing config “tasting”.
> It may be required that you standardize a header to indicate that the config
> file is encrypted so the device doesn’t try to process what could potentially
> be _lots_ of true garbage. You have a sentence here about the exact
> detection method being out of scope (which is true for what is a config), but
> saying anything else is decryptable may not please the security folks too
> much.
Yes -- unfortunately there doesn't seem to be any sort of standard way
to add a comment device configs - these all work on different devices:
# I'm a comment
! I'm also a comment
; Yet another comment format
: This is getting silly
' Ugh, who thought apostrophes was a sane comment character?!
How about some text along the lines of: "Unfortunately there is no
standard way to identify if a config file has been successfully
decrypted, as different vendors use different configuration languages,
with different forms of comments, etc.
It is recommended that each vendor documents a standard header or
magic which devices can use to determine if the configuration seems
largely correct.
As an example, Cisco IOS configuration files use the '!' character as
a comment, and so Cisco IOS files could be expected to start with
something like '! This is a Cisco IOS configuration file'. Juniper
Network's JunOS uses '#' as a comment character, and so Juniper could
adopt the convention of using '## JunOS device configuration file' (or
some other string, to be chosen and documented by the vendor)."
Note that I have *not* included this is the newly posted version yet,
as I think it needs some polishing...
W
>
> Joe
>
> > On Feb 4, 2020, at 12:41, Joe Clarke (jclarke) <jcla...@cisco.com> wrote:
> >
> > With the publication of -02 of this draft, it seems to have reached
> > stability. There has been interest in both usage an implementation of this
> > draft expressed in the past, but discussion has been quiet lately.
> >
> > This email serves as a two-week start of a WG LC for this document. Please
> > [re-]read this draft and comment on its content as well as whether or not
> > you feel it’s ready. WG LC will conclude on February 18, 2020.
> >
> > Authors and contributors, please reply on-list as to whether or not you are
> > aware of any intellectual property attributed to this work. Reply that
> > either you are not aware of any such IP, or reply with the details of known
> > IP while also making sure you complete any IPR disclosures in data tracker.
> >
> > Joe and Tianran
> > _______________________________________________
> > OPSAWG mailing list
> > OPSAWG@ietf.org
> > https://www.ietf.org/mailman/listinfo/opsawg
>
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
