| draft-ietf-netmod-factory-default-05.txt | draft-ietf-netmod-factory-default-06.txt | |||
|---|---|---|---|---|
| NETMOD Working Group Q. Wu | NETMOD Working Group Q. Wu | |||
| Internet-Draft Huawei | Internet-Draft Huawei | |||
| Intended status: Standards Track B. Lengyel | Intended status: Standards Track B. Lengyel | |||
| Expires: May 2, 2020 Ericsson Hungary | Expires: May 5, 2020 Ericsson Hungary | |||
| Y. Niu | Y. Niu | |||
| Huawei | Huawei | |||
| October 30, 2019 | November 2, 2019 | |||
| Factory Default Setting | Factory Default Setting | |||
| draft-ietf-netmod-factory-default-05 | draft-ietf-netmod-factory-default-06 | |||
| Abstract | Abstract | |||
| This document defines a method to reset a server to its factory- | This document defines a method to reset a server to its factory- | |||
| default content. The reset operation may be used e.g. during initial | default content. The reset operation may be used e.g. during initial | |||
| zero-touch configuration or when the existing configuration has major | zero-touch configuration or when the existing configuration has major | |||
| errors, so re-starting the configuration process from scratch is the | errors, so re-starting the configuration process from scratch is the | |||
| best option. | best option. | |||
| A new factory-reset RPC is defined. Several methods of documenting | A new factory-reset RPC is defined. Several methods of documenting | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 2, 2020. | This Internet-Draft will expire on May 5, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Factory-Reset RPC . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 | 3. Factory-Default Datastore . . . . . . . . . . . . . . . . . . 4 | |||
| 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 | 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 9 | 9.2. Informative References . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. Difference between <startup> datastore and <factory- | Appendix A. Difference between <startup> datastore and <factory- | |||
| default> datastore . . . . . . . . . . . . . . . . . 9 | default> datastore . . . . . . . . . . . . . . . . . 9 | |||
| Appendix B. Changes between revisions . . . . . . . . . . . . . 9 | Appendix B. Changes between revisions . . . . . . . . . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a method to reset a server to its factory- | This document defines a method to reset a server to its factory- | |||
| default content. The reset operation may be used e.g. during initial | default content. The reset operation may be used, e.g. during | |||
| zero-touch configuration [RFC8572] or when the existing configuration | initial zero-touch configuration [RFC8572] or when the existing | |||
| has major errors, so re-starting the configuration process from | configuration has major errors, so re-starting the configuration | |||
| scratch is the best option. When resetting a datastore all previous | process from scratch is the best option. When resetting a datastore | |||
| configuration settings will be lost and replaced by the factory- | all previous configuration settings will be lost and replaced by the | |||
| default content. | factory-default content. | |||
| A new factory-reset RPC is defined. Several methods of documenting | A new factory-reset RPC is defined. Several methods of documenting | |||
| the factory-default content are specified. | the factory-default content are specified. | |||
| Optionally a new "factory-default" read-only datastore is defined, | Optionally a new "factory-default" read-only datastore is defined, | |||
| that contains the data that will be copied over to all read-write | that contains the data that will be copied over to all read-write | |||
| configuration datastores at reset. This datastore can also be used | configuration datastores at reset. This datastore can also be used | |||
| in <get-data> or <get-config> operations. | in <get-data> or <get-config> operations. | |||
| NETCONF defines the <delete> operation that allows resetting the | NETCONF defines the <delete> operation that allows resetting the | |||
| <startup> datastore and the <discard-changes> operation that copies | <startup> datastore and the <discard-changes> operation that copies | |||
| the content of the <running> datastore into the <candidate> | the content of the <running> datastore into the <candidate> | |||
| datastore. However it is not possible to reset the running | datastore. However it is not possible to reset the running | |||
| datastore, to reset the candidate datastore without changing the | datastore, to reset the candidate datastore without changing the | |||
| running datastore or to reset any dynamic datastore. | running datastore or to reset any dynamic datastore. | |||
| A RESTCONF server MAY implement the above NETCONF operations, but | A RESTCONF server MAY implement the above NETCONF operations, but | |||
| that would still not allow it to reset the running configuration. | that would still not allow it to reset the running configuration. | |||
| The YANG data model in this document conforms to the Network | ||||
| Management Datastore Architecture defined in [RFC8342]. | ||||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| The following terms are defined in [RFC8342] and are not redefined | The following terms are defined in [RFC8342] and are not redefined | |||
| here: | here: | |||
| skipping to change at page 4, line 13 ¶ | skipping to change at page 4, line 13 ¶ | |||
| like available HW. | like available HW. | |||
| 2. Factory-Reset RPC | 2. Factory-Reset RPC | |||
| A new "factory-reset" RPC is introduced. Upon receiveing the RPC the | A new "factory-reset" RPC is introduced. Upon receiveing the RPC the | |||
| server resets the content of all read-write configuration datastores | server resets the content of all read-write configuration datastores | |||
| (e.g.,<running> and <startup>) to their factory-default content. | (e.g.,<running> and <startup>) to their factory-default content. | |||
| Read-only datastores receive their content from other datastores | Read-only datastores receive their content from other datastores | |||
| (e.g. <intended> gets its content from <running>). | (e.g. <intended> gets its content from <running>). | |||
| Factory-default content SHALL be specified by one of the following | Factory-default content MAY be specified by one of the following | |||
| means in descending order of precedence | means in descending order of precedence | |||
| 1. For the <running>,<candidate> and <startup> datastores as the | 1. <factory-default> datastore, if it exists; | |||
| content of the <factory-default> datastore, if it exists; | ||||
| 2. by vendors using YANG Instance Data | 2. by vendors using a file in YANG Instance Data | |||
| [I-D.ietf-netmod-yang-instance-file-format] file format in | [I-D.ietf-netmod-yang-instance-file-format] format or some other | |||
| vendor's website or other places where off-line document is kept; | format in vendor's website or other places where similar off-line | |||
| documents are kept; | ||||
| 3. In some implementation specific manner; | 3. In some implementation specific manner; | |||
| 4. For dynamic datastores unless otherwise specified the factory- | ||||
| default content is empty. | ||||
| For the server supporting zero touch bootstrapping mechanisms, the | For the server supporting zero touch bootstrapping mechanisms, the | |||
| factory default configuration causes the bootstrapping process to | factory default configuration causes the bootstrapping process to | |||
| execute,e.g.,the server might reset configuration to device's factory | execute,e.g.,the server resets configuration to device's factory | |||
| default configuration,for the version of operating system software it | default configuration,for the version of operating system software it | |||
| is running. In addition,the "factory-reset" RPC might also be used | is running. In addition,the "factory-reset" RPC MAY also be used to | |||
| to trigger some other restoring and resetting tasks such as files | trigger some other restoring and resetting tasks such as files | |||
| cleanup, restarting the node or some of the software processes, | cleanup, restarting the node or some of the software processes, | |||
| setting some security data/passwords to the default value, removing | setting some security data/passwords to the default value, removing | |||
| logs, or removing any temporary data (from datastore or elsewhere), | logs, or removing any temporary data (from datastore or elsewhere), | |||
| etc. When and why these tasks are triggered is not the scope of this | etc. When and why these tasks are triggered is not the scope of this | |||
| document. | document. | |||
| 3. Factory-Default Datastore | 3. Factory-Default Datastore | |||
| Following guidelines for defining Datastores in the appendix A of | Following guidelines for defining Datastores in the appendix A of | |||
| [RFC8342], this document introduces a new datastore resource named | [RFC8342], this document introduces a new datastore resource named | |||
| 'Factory-Default' that represents a preconfigured minimal initial | 'factory-default' that represents a preconfigured minimal initial | |||
| configuration that can be used to initialize the configuration of a | configuration that can be used to initialize the configuration of a | |||
| server. | server. | |||
| o Name: "factory-default" | o Name: "factory-default" | |||
| o YANG modules: all | o YANG modules: all | |||
| o YANG nodes: all "config true" data nodes | o YANG nodes: all "config true" data nodes | |||
| o Management operations: The content of the datastore is set by the | o Management operations: The content of the datastore is set by the | |||
| server in an implementation dependent manner. The content can not | server in an implementation dependent manner. The content can not | |||
| be changed by management operations via NETCONF, RESTCONF,the CLI | be changed by management operations via NETCONF, RESTCONF,the CLI | |||
| etc. unless specialized, dedicated operations are provided. The | etc. unless specialized, dedicated operations are provided. The | |||
| contents of the datastore can be read using NETCONF, RESTCONF | contents of the datastore can be read using NETCONF <get-data> and | |||
| <get-data> and <get-config> operations. The operation <factory- | <get-config> operations, and the RESTCONF protocol equivalents. | |||
| reset> can be used to copy the factory default content to a set of | The operation <factory- reset> copies the factory default content | |||
| read-write configuration datastores and then the content of these | to <running> and, if present, <startup> and then the content of | |||
| datastores is propagated automatically to any other read only | these datastores is propagated automatically to any other read | |||
| datastores, e.g., <intended> and <operational>. | only datastores, e.g., <intended> and <operational>. | |||
| o Origin: This document does not define a new origin identity as it | o Origin: This document does not define a new origin identity as it | |||
| does not interact with <operational> datastore. | does not interact with <operational> datastore. | |||
| o Protocols: RESTCONF, NETCONF and other management protocol. | o Protocols: RESTCONF, NETCONF and other management protocol. | |||
| o Defining YANG module: "ietf-factory-default". | o Defining YANG module: "ietf-factory-default". | |||
| The datastore content is usually defined by the device vendor. It is | The datastore content is usually defined by the device vendor. It is | |||
| usually static, but MAY change e.g., depending on external factors | usually static, but MAY change e.g., depending on external factors | |||
| like HW available or during device upgrade. | like HW available or during device upgrade. | |||
| On devices that support non-volatile storage, the contents of | On devices that support non-volatile storage, the contents of | |||
| <factory > MUST persist across restarts. | <factory > MUST persist across restarts. | |||
| 4. YANG Module | 4. YANG Module | |||
| <CODE BEGINS> file "ietf-factory-default.yang" | This module imports typedefs from [RFC8342], and it references | |||
| module ietf-factory-default { | [RFC6421],[RFC8341]. | |||
| yang-version 1.1; | ||||
| namespace urn:ietf:params:xml:ns:yang:ietf-factory-default; | ||||
| prefix fd; | ||||
| import ietf-netconf { prefix nc ; } | <CODE BEGINS> file "ietf-factory-default.yang" | |||
| import ietf-datastores { prefix ds; } | module ietf-factory-default { | |||
| yang-version 1.1; | ||||
| namespace urn:ietf:params:xml:ns:yang:ietf-factory-default; | ||||
| prefix fd; | ||||
| organization | import ietf-netconf { prefix nc ; } | |||
| "IETF NETMOD (Network Modeling) Working Group"; | import ietf-datastores { prefix ds; } | |||
| contact | import ietf-netconf-acm { prefix nacm;} | |||
| "WG Web: <https://tools.ietf.org/wg/netconf/> | ||||
| WG List: <mailto:netconf@ietf.org> | ||||
| Editor: Balazs Lengyel | organization | |||
| <mailto:balazs.lengyel@ericsson.com> | "IETF NETMOD (Network Modeling) Working Group"; | |||
| Editor: Qin Wu | contact | |||
| <mailto:bill.wu@huawei.com> | "WG Web: <https://tools.ietf.org/wg/netconf/> | |||
| Editor: Ye Niu | WG List: <mailto:netconf@ietf.org> | |||
| <mailto:niuye@huawei.com>"; | ||||
| description | Editor: Qin Wu | |||
| "This module defines the | <mailto:bill.wu@huawei.com> | |||
| - factory-reset RPC | Editor: Balazs Lengyel | |||
| - factory-default datastore | <mailto:balazs.lengyel@ericsson.com> | |||
| - an extension to the NETCONF <get-config> operation to | ||||
| allow it to operate on the factory-default datastore. | ||||
| It provides functionality to reset a server to its | Editor: Ye Niu | |||
| factory-default content. | <mailto:niuye@huawei.com>"; | |||
| description | ||||
| "This module defines the | ||||
| - factory-reset RPC | ||||
| - factory-default datastore | ||||
| - an extension to the NETCONF <get-config> operation to | ||||
| allow it to operate on the factory-default datastore. | ||||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | It provides functionality to reset a server to its | |||
| NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', | factory-default content. | |||
| 'MAY', and 'OPTIONAL' in this document are to be interpreted as | ||||
| described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, | ||||
| they appear in all capitals, as shown here. | ||||
| Copyright (c) 2019 IETF Trust and the persons identified as | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | |||
| authors of the code. All rights reserved. | NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', | |||
| 'MAY', and 'OPTIONAL' in this document are to be interpreted as | ||||
| described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, | ||||
| they appear in all capitals, as shown here. | ||||
| Redistribution and use in source and binary forms, with or | Copyright (c) 2019 IETF Trust and the persons identified as | |||
| without modification, is permitted pursuant to, and subject | authors of the code. All rights reserved. | |||
| to the license terms contained in, the Simplified BSD License | ||||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | ||||
| Relating to IETF Documents | ||||
| (http://trustee.ietf.org/license-info). | ||||
| This version of this YANG module is part of RFC XXXX; | Redistribution and use in source and binary forms, with or | |||
| see the RFC itself for full legal notices."; | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD License | ||||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | ||||
| Relating to IETF Documents | ||||
| (http://trustee.ietf.org/license-info). | ||||
| revision 2019-05-03 { | This version of this YANG module is part of RFC XXXX; | |||
| description | see the RFC itself for full legal notices."; | |||
| "Initial revision."; | ||||
| reference "RFC XXXX: Factory default Setting"; | ||||
| } | ||||
| feature factory-default-as-datastore { | revision 2019-05-03 { | |||
| description "Indicates that the factory default configuration is | description | |||
| also available as a separate datastore"; | "Initial revision."; | |||
| } | reference "RFC XXXX: Factory default Setting"; | |||
| } | ||||
| rpc factory-reset { | feature factory-default-as-datastore { | |||
| description "The server resets the content of all read-write | description "Indicates that the factory default configuration is | |||
| configuration datastores (e.g.,<running> and <startup>) to | also available as a separate datastore"; | |||
| their factory default content."; | } | |||
| } | ||||
| identity factory-default { | rpc factory-reset { | |||
| base ds:datastore; | nacm:default-deny-all; | |||
| if-feature factory-default-as-datastore; | description "The server resets the content of all read-write | |||
| description "The read-only datastore contains the configuration that | configuration datastores (e.g.,<running> and <startup>) to | |||
| will be copied into e.g., the running datastore by the | their factory default content."; | |||
| factory-reset operation if the target is the running | } | |||
| datastore."; | identity factory-default { | |||
| } | base ds:datastore; | |||
| augment /nc:get-config/nc:input/nc:source/nc:config-source { | if-feature factory-default-as-datastore; | |||
| if-feature factory-default-as-datastore; | description "The read-only datastore contains the configuration | |||
| description "Allows the get-config operation to use the | that will be copied into <running> and, if present, <startup> | |||
| factory-default datastore as a source"; | ."; | |||
| leaf factory-default { | } | |||
| type empty ; | augment /nc:get-config/nc:input/nc:source/nc:config-source { | |||
| description | if-feature factory-default-as-datastore; | |||
| "The factory-default datastore is the source."; } | description "Allows the get-config operation to use the | |||
| } | factory-default datastore as a source"; | |||
| <CODE ENDS> | leaf factory-default { | |||
| type empty ; | ||||
| description | ||||
| "The factory-default datastore is the source."; } | ||||
| } | ||||
| <CODE ENDS> | ||||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document registers one URI in the IETF XML Registry [RFC3688]. | This document registers one URI in the IETF XML Registry [RFC3688]. | |||
| The following registration has been made: | The following registration has been made: | |||
| URI: urn:ietf:params:xml:ns:yang:ietf-factory-default | URI: urn:ietf:params:xml:ns:yang:ietf-factory-default | |||
| Registrant Contact: The IESG. | Registrant Contact: The IESG. | |||
| skipping to change at page 8, line 12 ¶ | skipping to change at page 8, line 21 ¶ | |||
| RESTCONF layer is HTTPS, and the mandatory-to-implement secure | RESTCONF layer is HTTPS, and the mandatory-to-implement secure | |||
| transport is TLS [RFC8446]. | transport is TLS [RFC8446]. | |||
| The <factory-reset> RPC operation may be considered sensitive in some | The <factory-reset> RPC operation may be considered sensitive in some | |||
| network enviroments,e.g., remote access to reset the device or | network enviroments,e.g., remote access to reset the device or | |||
| overwrite security sensitive information in one of the other | overwrite security sensitive information in one of the other | |||
| datastores, e.g. running, therefore it is important to restrict | datastores, e.g. running, therefore it is important to restrict | |||
| access to this RPC using the standard access control methods. | access to this RPC using the standard access control methods. | |||
| [RFC8341] | [RFC8341] | |||
| The NETCONF Access Control Model (NACM) [RFC8341] provides the means | The 'factory-reset' RPC can prevent any further management of the | |||
| to restrict access for particular users to a pre-configured subset of | device if the session and client config is included in the factory- | |||
| all available protocol operations and content. | reset contents. | |||
| The operational disruption caused by setting the config to factory- | ||||
| reset contents varies greatly depending on the implementation and | ||||
| current config. | ||||
| 7. Acknowledgements | 7. Acknowledgements | |||
| Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell,Joe | Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe | |||
| Clark,Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy | Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy | |||
| Berman,Susan Hares to review this draft and provide important input | Bierman, Susan Hares to review this draft and provide important input | |||
| to this document. | to this document. | |||
| 8. Contributors | 8. Contributors | |||
| Rohit R Ranade | Rohit R Ranade | |||
| Huawei | Huawei | |||
| Email: rohitrranade@huawei.com | Email: rohitrranade@huawei.com | |||
| 9. References | 9. References | |||
| skipping to change at page 9, line 33 ¶ | skipping to change at page 9, line 46 ¶ | |||
| default> datastore | default> datastore | |||
| When the device first boots up, the content of the <startup> and | When the device first boots up, the content of the <startup> and | |||
| <factory-default> will be identical. The content of <startup> can be | <factory-default> will be identical. The content of <startup> can be | |||
| subsequently changed by using <startup> as a target in a <copy- | subsequently changed by using <startup> as a target in a <copy- | |||
| config> operation. The <factory-default> is a read-only datastore | config> operation. The <factory-default> is a read-only datastore | |||
| and it is usually static as described in earlier sections. | and it is usually static as described in earlier sections. | |||
| Appendix B. Changes between revisions | Appendix B. Changes between revisions | |||
| Editorial Note (To be removed by RFC Editor) | ||||
| v05 - 06 | ||||
| o Additional text to enhance security section. | ||||
| o Add nacm:default-deny-all on "factory-reset" RPC. | ||||
| o A few clarification on Factory-default content specification. | ||||
| v03 - 04 | v03 - 04 | |||
| o Additional text to clarify factory-reset RPC usage. | o Additional text to clarify factory-reset RPC usage. | |||
| v02 - 03 | v02 - 03 | |||
| o Update security consideration section. | o Update security consideration section. | |||
| v01 - v02 | v01 - v02 | |||
| End of changes. 33 change blocks. | ||||
| 109 lines changed or deleted | 127 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||