public icon indicating copy to clipboard operation
public copied to clipboard

Published 20 hours ago verified publisher icon openconfig

Remove default value for gRPC transport-security

Open earies opened this issue 1 year ago • 5 comments

  • (M) release/models/system/openconfig-system-grpc.yang
    • Remove default value for gRPC transport-security since an implementation cannot enable by default without other mandatory TLS attributes

Change Scope

  • Remove default=true for gRPC transport-security. While it is recommended/preferred to enable transport-security, a YANG default here implies that the listening server has the ability to enable TLS without other mandatory parameters such as a certificate-id, mutual-authentication (and other future attributes for mutual-authentication that do not yet exist)

Platform Implementations

  • N/A

earies avatar Sep 19 '23 18:09 earies

Major YANG version changes in commit f5788df4a0d0c24fe1dd153878b11e62fbbdf4d9:

OpenConfigBot avatar Sep 19 '23 18:09 OpenConfigBot

Compatibility Report for commit f5788df4a0d0c24fe1dd153878b11e62fbbdf4d9: ✅ pyangbind@6b85c2b

OpenConfigBot avatar Sep 19 '23 18:09 OpenConfigBot

Today managing certificate-id, mutual-authentication is done out of band/outside of openconfig.

With the introduction of gNSI certz and authz and bootz, this moves to explicitly defined interfaces.

With this momentum, I think the time has past to change this default.

dplore avatar Sep 21 '23 00:09 dplore

Today managing certificate-id, mutual-authentication is done out of band/outside of openconfig.

With the introduction of gNSI certz and authz and bootz, this moves to explicitly defined interfaces.

With this momentum, I think the time has past to change this default.

I'm afraid you're missing the point that all of these projects are not going to be used by everyone concurrently but there is still a desire for only a subset - mainly YANG schemas and this node being a default=true is problematic for many reasons assuming some prior bootstrapping took place completely out-of-band. gNSI is not fully baked or adopted but there are real world deployments of this model set already for provisioning gRPC endpoints.

Also note that the nodes mentioned above still do exist in the schema set and there is no signal to the community or implementors that they are going away.

In addition, the other projects you mention are complementary to and possibly mutually exclusive to alternate methods of management. If there is a hard-set charter that gNSI is a must have for these provisions, I'm afraid this is going to gate adoption of these projects as it is then looking through a narrow lense.

The fact that it is default=true poses an issue for honoring defaults upon a plain server instance creation w/o other parameters.

earies avatar Sep 21 '23 01:09 earies

Hi, thinking about this some more, I would like to understand the problem better. Let's discuss in more detail what is missing which makes having this enabled by default problematic. Then it can be more clear if these changes should be made or if the changes are so large in scope or infeasible such that transport-security should be disabled by default until the changes can be made.

Is the trouble with enabled by default is an issue regarding bootstrapping / initial configuration state of the device and where gRPC is enabled by default?

dplore avatar Sep 26 '23 21:09 dplore