Re: [Netconf] <edit-config> and remote URLs

To: j.schoenwaelder at jacobs-university.de
Subject: Re: [Netconf] <edit-config> and remote URLs
From: Martin Bjorklund <mbj at tail-f.com>
Date: Fri, 02 Oct 2009 13:25:27 +0200 (CEST)
Cc: netconf at ietf.org
Delivered-to: netconf at core3.amsl.com
In-reply-to: <20091002112240.GA2607 at elstar.local>
List-archive: <http://www.ietf.org/mail-archive/web/netconf>
List-help: <mailto:netconf-request@ietf.org?subject=help>
List-id: Network Configuration WG mailing list <netconf.ietf.org>
List-post: <mailto:netconf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
References: <8a0268750910011529r6989b3c4m753a19abaf78c125 at mail.gmail.com> <20091002.130811.171518135.mbj at tail-f.com> <20091002112240.GA2607 at elstar.local>

Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de> wrote:
> On Fri, Oct 02, 2009 at 01:08:11PM +0200, Martin Bjorklund wrote:
>  
> > I think this should be ok.  The only operation that is restricted to
> > local files is <delete-config>.
> > 
> > Hmm.. the reason for restricting <delete-config> to local files was
> > for security.  We don't want the NETCONF server to delete files on
> > remote computers; it is pointless.  But <copy-config> to a remote file
> > is allowed, so you can get the NETCONF server to overwrite remote
> > files.
> 
> I fail to follow the logic - why is overwriting OK but deleting not?

That's what I meant - the reasoning is flawed.

> At the end, it is a matter of the remote ftp/http/... server to
> enforce access control rules.

So we should simply remove the text about local config files then.


/martin

References:
- Re: [Netconf] <edit-config> and remote URLs
  - From: Mark Ellison
- Re: [Netconf] <edit-config> and remote URLs
  - From: Martin Bjorklund
- Re: [Netconf] <edit-config> and remote URLs
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Netconf] <edit-config> and remote URLs
Next by Date: Re: [Netconf] [NETCONF] <get-schema> mandatory parms discussion
Previous by thread: Re: [Netconf] <edit-config> and remote URLs
Next by thread: Re: [Netconf] <edit-config> and remote URLs
Index(es):
- Date
- Thread

Re: [Netconf] <edit-config> and remote URLs

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.