Diff: rfc8808xml2.original.xml

	rfc8808xml2.original.xml	rfc8808.xml

	<?xml version="1.0" encoding="US-ASCII"?>	<?xml version="1.0" encoding="utf-8"?>
	<!-- This template is for creating an Internet Draft using xml2rfc,
	which is available here: http://xml.resource.org. -->	<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
	<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
	<!-- One method to get references from the online citation libraries.	<rfc xmlns:xi="http://www.w3.org/2001/XInclude"
	There has to be one entity for each item to be referenced.	docName="draft-ietf-netmod-factory-default-15" number="8808"
	An alternate method (rfc include) is described in the references. -->	ipr="trust200902" obsoletes="" updates="" submissionType="IETF"
	<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC	category="std" consensus="true" xml:lang="en" tocInclude="true"
	.2119.xml">	symRefs="true" sortRefs="true" version="3">
	<!ENTITY RFC2697 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
	.2697.xml">	<!-- xml2rfc v2v3 conversion 2.44.0 -->
	<!ENTITY RFC2698 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
	.2698.xml">
	<!ENTITY RFC6020 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
	.6020.xml">
	]>
	<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
	<?rfc toc="yes" ?>
	<?rfc tocompact="yes"?>
	<?rfc tocindent="yes"?>
	<?rfc symrefs="yes" ?>
	<?rfc sortrefs="yes"?>
	<?rfc iprnotified="no" ?>
	<?rfc strict="yes" ?>
	<?rfc compact="yes"?>
	<?rfc subcompact="no"?>
	<rfc category="std" docName="draft-ietf-netmod-factory-default-15"
	ipr="trust200902">
	<front>	<front>

	<title abbrev="Factory Default Setting">A YANG Data Model for Factory	<title abbrev="Factory Default Settings">A YANG Data Model
	Default Settings</title>	for Factory Default Settings</title>


		<seriesInfo name="RFC" value="8808"/>
	<author fullname="Qin Wu" initials="Q." surname="Wu">	<author fullname="Qin Wu" initials="Q." surname="Wu">
	<organization>Huawei</organization>	<organization>Huawei</organization>


	<address>	<address>
	<postal>	<postal>

	<street>101 Software Avenue, Yuhua District</street>	<street>101 Software Avenue</street>
		<extaddr>Yuhua District</extaddr>
	<city>Nanjing</city>	<city>Nanjing</city>


	<region>Jiangsu</region>	<region>Jiangsu</region>


	<code>210012</code>	<code>210012</code>


	<country>China</country>	<country>China</country>
	</postal>	</postal>


	<email>bill.wu@huawei.com</email>	<email>bill.wu@huawei.com</email>
	</address>	</address>
	</author>	</author>


	<author fullname="Balazs Lengyel" initials="B." surname="Lengyel">	<author fullname="Balazs Lengyel" initials="B." surname="Lengyel">
	<organization abbrev="Ericsson Hungary">Ericsson Hungary</organization>	<organization abbrev="Ericsson Hungary">Ericsson Hungary</organization>


	<address>	<address>
	<postal>	<postal>
	<street>Magyar Tudosok korutja 11</street>	<street>Magyar Tudosok korutja 11</street>

		<city>Budapest</city><code>1117</code>
	<city>1117 Budapest</city>

	<country>Hungary</country>	<country>Hungary</country>
	</postal>	</postal>


	<phone>+36-70-330-7909</phone>	<phone>+36-70-330-7909</phone>


	<email>balazs.lengyel@ericsson.com</email>	<email>balazs.lengyel@ericsson.com</email>
	</address>	</address>
	</author>	</author>


	<author fullname="Ye Niu" initials="Y." surname="Niu">	<author fullname="Ye Niu" initials="Y." surname="Niu">
	<organization>Huawei</organization>	<organization>Huawei</organization>


	<address>	<address>
	<email>niuye@huawei.com</email>	<email>niuye@huawei.com</email>
	</address>	</address>
	</author>	</author>

		<date year="2020" month="August" />
	<date year="2020"/>

	<area>OPS Area</area>

	<workgroup>NETMOD Working Group</workgroup>

	<abstract>	<abstract>
	<t>This document defines a YANG data model with the "factory-reset" RPC	<t>This document defines a YANG data model with the "factory-reset" RPC
	to allow clients to reset a server back to its factory default	to allow clients to reset a server back to its factory default
	condition. It also defines an optional "factory-default" datastore to	condition. It also defines an optional "factory-default" datastore to
	allow clients to read the factory default configuration for the	allow clients to read the factory default configuration for the
	device.</t>	device.</t>


	<t>The YANG data model in this document conforms to the Network	<t>The YANG data model in this document conforms to the Network
	Management Datastore Architecture (NMDA) defined in RFC 8342.</t>	Management Datastore Architecture (NMDA) defined in RFC 8342.</t>
	</abstract>	</abstract>
	</front>	</front>


	<middle>	<middle>

	<section anchor="intro" title="Introduction">	<section anchor="intro" numbered="true" toc="default">
		<name>Introduction</name>
	<t>This document defines a YANG data model and associated mechanism to	<t>This document defines a YANG data model and associated mechanism to

	reset a server to its factory default content. This mechanism may be	reset a server to its factory default contents. This mechanism may be
	used, e.g., when the existing configuration has major errors so	used, for example, when the existing configuration has major errors and so
	re-starting the configuration process from scratch is the best	restarting the configuration process from scratch is the best
	option.</t>	option.</t>

		<t>A "factory-reset" remote procedure call (RPC) is defined within the YAN
	<t>A "factory-reset" RPC is defined within the YANG data model. When	G data model. When
	resetting a device, all previous configuration settings will be lost and	resetting a device, all previous configuration settings will be lost and

	replaced by the factory default content.</t>	replaced by the factory default contents.</t>

	<t>In addition, an optional "factory-default" read-only datastore is	<t>In addition, an optional "factory-default" read-only datastore is

	defined within the YANG data model, that contains the data to replace	defined within the YANG data model. This datastore contains the data to re place
	the contents of implemented read-write conventional configuration	the contents of implemented read-write conventional configuration

	datastores at reset. This datastore can also be used in the	datastores at reset and can also be used in the
	<get-data> operation.</t>	<get&nbhy;data> operation.</t>

	<t>The YANG data model in this document conforms to the Network	<t>The YANG data model in this document conforms to the Network

	Management Datastore Architecture defined in [RFC8342].</t>	Management Datastore Architecture defined in <xref target="RFC8342" format
		="default"/>.</t>
	<section title="Terminology">	<section numbered="true" toc="default">
	<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",	<name>Terminology</name>
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and	<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
	"OPTIONAL" in this document are to be interpreted as described in BCP	"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>",
	14 [RFC2119] [RFC8174] when, and only when, they appear in all	"<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>",
	capitals, as shown here.</t>	"<bcp14>SHOULD NOT</bcp14>",
		"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
	<t>The following terms are defined in [RFC8342] [RFC7950] and are not	"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document
		are to be interpreted as described in BCP 14
		<xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
		when, they appear in all capitals, as shown here.</t>
		<t>The following terms are defined in <xref target="RFC8342"
		format="default"/> and <xref target="RFC7950" format="default"/> and are
		not
	redefined here:</t>	redefined here:</t>

		<ul spacing="normal">
	<t><list style="symbols">	<li>server</li>
	<t>server</t>	<li>startup configuration datastore</li>
		<li>candidate configuration datastore</li>
	<t>startup configuration datastore</t>	<li>running configuration datastore</li>
		<li>intended configuration datastore</li>
	<t>candidate configuration datastore</t>	<li>operational state datastore</li>
		<li>conventional configuration datastore</li>
	<t>running configuration datastore</t>	<li>datastore schema</li>
		<li>RPC operation</li>
	<t>intended configuration datastore</t>	</ul>
		<t>This document defines the following term:</t>
	<t>operational state datastore</t>	<dl newline="false">
		<dt>"factory-default" datastore: </dt>
	<t>conventional configuration datastore</t>	<dd>A read-only configuration datastore
		holding a preset initial configuration that is used to initialize
	<t>datastore schema</t>

	<t>RPC operation</t>
	</list></t>

	<t>The following terms are defined in this document as follows:</t>

	<t><list style="symbols">
	<t>factory-default datastore: A read-only configuration datastore
	holding a pre-set initial configuration that is used to initialize
	the configuration of a server. This datastore is referred to as	the configuration of a server. This datastore is referred to as

	"<factory-default>".</t>	"<factory-default>".</dd>
	</list></t>	</dl>
	</section>	</section>
	</section>	</section>


	<!-- intro -->	<section numbered="true" toc="default">
		<name>"Factory-Reset" RPC</name>
	<section title="Factory-Reset RPC">	<t>This document introduces a new "factory-reset" RPC. Upon
	<t>A new "factory-reset" remote procedure call (RPC) is introduced. Upon	receiving the RPC: </t>
	receiving the RPC: <list style="symbols">	<ul spacing="normal">
	<t>All supported conventional read-write configuration datastores	<li>All supported conventional read-write configuration datastores
	(i.e. <running>, <startup>, and <candidate>) are	(i.e., <running>, <startup>, and <candidate>) are
	reset to the contents of <factory-default>.</t>	reset to the contents of <factory-default>.</li>
		<li>Read-only datastores receive their contents from other datastores
	<t>Read-only datastores receive their content from other datastores	(e.g., <intended> gets its contents from <running>).</li>
	(e.g., <intended> gets its content from <running>).</t>	<li>All data in any dynamic configuration datastores <bcp14>MUST</bcp14>
		be
	<t>All data in any dynamic configuration datastores MUST be	discarded.</li>
	discarded.</t>	<li>The contents of the <operational> datastore <bcp14>MUST</bcp14
		> reflect
	<t>The contents of the <operational> datastore MUST reflect
	the operational state of the device after applying the factory	the operational state of the device after applying the factory

	default configuration.</t>	default configuration.</li>
	</list></t>	</ul>


	<t>In addition, the "factory-reset" RPC MUST restore non-volatile	<t>In addition, the "factory-reset" RPC <bcp14>MUST</bcp14> restore nonvolati le
	storage to factory condition. Depending on the system, this may entail	storage to factory condition. Depending on the system, this may entail
	deleting dynamically generated files, such as those containing keys	deleting dynamically generated files, such as those containing keys
	(e.g., /etc/ssl/private), certificates (e.g., /etc/ssl), logs (e.g.,	(e.g., /etc/ssl/private), certificates (e.g., /etc/ssl), logs (e.g.,
	/var/log), and temporary files (e.g., /tmp/*). Any other cryptographic	/var/log), and temporary files (e.g., /tmp/*). Any other cryptographic
	keys that are part of the factory-installed image will be retained (such	keys that are part of the factory-installed image will be retained (such

	as an IDevID certificate) [I-D.ietf-anima-bootstrapping-keyinfra]. When	as an Initial Device Identifier (IDevID) certificate <xref target="I-D.iet f-anima-bootstrapping-keyinfra" format="default"/>). When
	this process includes security-sensitive data such as cryptographic keys	this process includes security-sensitive data such as cryptographic keys

	or passwords, it is RECOMMENDED to perform the deletion in a manner as	or passwords, it is <bcp14>RECOMMENDED</bcp14> to perform the deletion
	thorough as possible (e.g., overwriting the physical storage medium with	in as thorough a manner as possible (e.g., overwriting the physical storag
	zeros and/or random bits for repurpose or end of life (EoL) disposal) to	e medium with
		zeros and/or random bits for repurposing or end-of-life (EOL) disposal) to
	reduce the risk of the sensitive material being recoverable. The	reduce the risk of the sensitive material being recoverable. The

	"factory-reset" RPC MAY also be used to trigger some other resetting	"factory-reset" RPC <bcp14>MAY</bcp14> also be used to trigger some other resetting
	tasks such as restarting the node or some of the software processes.</t>	tasks such as restarting the node or some of the software processes.</t>


	<t>Note that operators should be aware that since all read-write	<t>Note that operators should be aware that since all read-write
	datastores are immediately reset to factory default, the device may	datastores are immediately reset to factory default, the device may
	become unreachable as a host on the network. It is important to	become unreachable as a host on the network. It is important to
	understand how a given vendor's device will behave after the RPC is	understand how a given vendor's device will behave after the RPC is

	executed. Implementors SHOULD reboot the device and get it properly	executed. Implementors <bcp14>SHOULD</bcp14> reboot the device and get it properly
	configured or otherwise restart processes needed to bootstrap it.</t>	configured or otherwise restart processes needed to bootstrap it.</t>

	</section>	</section>
		<section anchor="datastore" numbered="true" toc="default">
	<section anchor="datastore" title="Factory-Default Datastore">	<name>"Factory-Default" Datastore</name>
	<t>Following the guidelines for defining Datastores in the appendix A of	<t>Following the guidelines for defining datastores in
	[RFC8342], this document introduces a new optional datastore resource	<xref target="RFC8342" format="default" section="A" sectionFormat="of"
	named "factory-default" that represents a pre-set initial configuration	derivedLink="https://rfc-editor.org/rfc/rfc8342#appendix-A"
		derivedContent="RFC8342"/>, this document introduces a new optional datastore r
		esource
		named "factory-default" that represents a preset initial configuration
	that can be used to initialize the configuration of a server. A device	that can be used to initialize the configuration of a server. A device

	MAY implement the "factory-reset" RPC without implementing the	<bcp14>MAY</bcp14> implement the "factory-reset" RPC without implementing the
	"factory-default" datastore, which would only eliminate the ability to	"factory-default" datastore, which would only eliminate the ability to

	programmatically determine the factory default configuration. <list	programmatically determine the factory default configuration. </t>
	style="symbols">	<dl>
	<t>Name: "factory-default"</t>	<dt>Name:</dt> <dd>"factory-default".</dd>
		<dt>YANG modules:</dt><dd>The "factory-default" datastore schema
	<t>YANG modules: The factory default datastore schema MUST either be	<bcp14>MUST</bcp14> be either
	the same as the conventional configuration datastores, or a subset	(1) the same as the conventional configuration datastores or
	of the datastore schema for the conventional configuration	(2) a subset of the datastore schema for the conventional co
	datastores.</t>	nfiguration datastores.</dd>
		<dt>YANG nodes:</dt> <dd>All "config true" data nodes.</dd>
	<t>YANG nodes: all "config true" data nodes</t>	<dt>Management operations:</dt> <dd>The contents of the datastore is set
		by the
	<t>Management operations: The content of the datastore is set by the	server in an implementation-dependent manner. The contents cannot be
	server in an implementation dependent manner. The content can not be	changed by management operations via the Network Configuration
	changed by management operations via NETCONF, RESTCONF, the CLI etc.	Protocol (NETCONF), RESTCONF, the CLI,
	unless specialized, dedicated operations are provided. The datastore	etc., unless specialized, dedicated operations are provided. The datas
		tore
	can be read using the standard NETCONF/RESTCONF protocol operations.	can be read using the standard NETCONF/RESTCONF protocol operations.

	The "factory-reset" operation copies the factory default content to	The "factory-reset" operation copies the factory default contents to
	<running> and, if present, <startup> and/or	<running> and, if present, <startup> and/or

	<candidate> and then the content of these datastores is	<candidate>. The contents of these datastores is then
	propagated automatically to any other read only datastores, e.g.,	propagated automatically to any other read-only datastores, e.g.,
	<intended> and <operational>.</t>	<intended> and <operational>.</dd>
		<dt>Origin:</dt><dd>This document does not define a new origin
	<t>Origin: This document does not define a new origin identity as it	identity, as it does not interact with the <operational> datastore.
	does not interact with the <operational> datastore.</t>	</dd>
		<dt>Protocols:</dt><dd>RESTCONF, NETCONF, and other management protocols
	<t>Protocols: RESTCONF, NETCONF and other management protocol.</t>	.</dd>
		<dt>Defining YANG module:</dt><dd>"ietf-factory-default".</dd>
	<t>Defining YANG module: "ietf-factory-default".</t>	</dl>
	</list>The contents of <factory-default> are defined by the	<t>The contents of <factory-default> are defined by the
	device vendor and MUST persist across device restarts. If supported, the	device vendor and <bcp14>MUST</bcp14> persist across device restarts. If s
	factory-default datastore MUST be included in the list of datastores in	upported, the
	YANG library [RFC 8525].</t>	"factory-default" datastore <bcp14>MUST</bcp14> be included in the list of
		datastores in the
		YANG library <xref target="RFC8525" format="default"/>.</t>
	</section>	</section>

		<section numbered="true" toc="default">
	<section title="YANG Module">	<name>YANG Module</name>
	<t>This module uses the "datastore" identity [RFC8342], and the	<t>This module uses the "datastore" identity <xref target="RFC8342" format
	"default-deny-all" extension statement from [RFC8341].</t>	="default"/> and the
		"default&nbhy;deny-all" extension statement from <xref target="RFC8341"/>.
	<figure>	</t>
	<artwork><CODE BEGINS> file "ietf-factory-default@2019-11-27.yang"	<sourcecode name="ietf-factory-default@2020-07-27.yang" type="yang" marker
		s="true"><![CDATA[
	module ietf-factory-default {	module ietf-factory-default {
	yang-version 1.1;	yang-version 1.1;
	namespace "urn:ietf:params:xml:ns:yang:ietf-factory-default";	namespace "urn:ietf:params:xml:ns:yang:ietf-factory-default";
	prefix fd;	prefix fd;

	import ietf-datastores {	import ietf-datastores {
	prefix ds;	prefix ds;
	reference	reference

	"RFC 8342: Network Management Datastore Architecture (NMDA)";	"RFC 8342: Network Management Datastore Architecture
		(NMDA)";
	}	}
	import ietf-netconf-acm {	import ietf-netconf-acm {
	prefix nacm;	prefix nacm;
	reference	reference

	"RFC8341: Network Configuration Access Control Model";	"RFC 8341: Network Configuration Access Control Model";
	}	}

	organization	organization

	"IETF NETMOD (Network Modeling) Working Group";	"IETF Network Modeling (netmod) Working Group";
	contact	contact

	"WG Web: <https://tools.ietf.org/wg/netconf/>	"WG Web: <https://datatracker.ietf.org/wg/netmod/>
	WG List: <mailto:netconf@ietf.org>	WG List: <mailto:netmod@ietf.org>

	Editor: Qin Wu	Editor: Qin Wu

	<mailto:bill.wu@huawei.com>	<mailto:bill.wu@huawei.com>

	Editor: Balazs Lengyel	Editor: Balazs Lengyel

	<mailto:balazs.lengyel@ericsson.com>	<mailto:balazs.lengyel@ericsson.com>

	Editor: Ye Niu	Editor: Ye Niu

	<mailto:niuye@huawei.com>";	<mailto:niuye@huawei.com>";
	description	description
	"This module provides functionality to reset a server to its	"This module provides functionality to reset a server to its

	factory default configuration and, when supported, to discover	factory default configuration and, when supported, to
	the factory default configuration contents independent of	discover the factory default configuration contents
	resetting the server.	independently of resetting the server.

	Copyright (c) 2020 IETF Trust and the persons identified as	Copyright (c) 2020 IETF Trust and the persons identified as
	authors of the code. All rights reserved.	authors of the code. All rights reserved.

	Redistribution and use in source and binary forms, with or	Redistribution and use in source and binary forms, with or
	without modification, is permitted pursuant to, and subject	without modification, is permitted pursuant to, and subject
	to the license terms contained in, the Simplified BSD License	to the license terms contained in, the Simplified BSD License
	set forth in Section 4.c of the IETF Trust's Legal Provisions	set forth in Section 4.c of the IETF Trust's Legal Provisions
	Relating to IETF Documents	Relating to IETF Documents

	(http://trustee.ietf.org/license-info).	(https://trustee.ietf.org/license-info).


	This version of this YANG module is part of RFC XXXX;	This version of this YANG module is part of RFC 8808; see the
	see the RFC itself for full legal notices.";	RFC itself for full legal notices.";
	// RFC Ed.: update the date below with the date of RFC publication
	// and remove this note.	revision 2020-07-27 {
	// RFC Ed.: replace XXXX with actual RFC number and remove this
	// note.
	revision 2019-11-27 {
	description	description
	"Initial revision.";	"Initial revision.";
	reference	reference

	"RFC XXXX: Factory default Setting";	"RFC 8808: A YANG Data Model for Factory Default Settings";
	}	}

	feature factory-default-datastore {	feature factory-default-datastore {
	description	description
	"Indicates that the factory default configuration is	"Indicates that the factory default configuration is
	available as a datastore.";	available as a datastore.";
	}	}

	rpc factory-reset {	rpc factory-reset {
	nacm:default-deny-all;	nacm:default-deny-all;
	description	description
	"The server resets all datastores to their factory	"The server resets all datastores to their factory

	default content and any non-volatile storage back to	default contents and any nonvolatile storage back to
	factory condition, deleting all dynamically generated	factory condition, deleting all dynamically
	files, including those containing keys, certificates,	generated files, including those containing keys,
	logs, and other temporary files.	certificates, logs, and other temporary files.


	Depending on the factory default configuration, after	Depending on the factory default configuration, after
	being reset, the device may become unreachable on the	being reset, the device may become unreachable on the
	network.";	network.";
	}	}

	identity factory-default {	identity factory-default {
	if-feature "factory-default-datastore";	if-feature "factory-default-datastore";
	base ds:datastore;	base ds:datastore;
	description	description
	"This read-only datastore contains the factory default	"This read-only datastore contains the factory default

	configuration for the device that will be used to replace	configuration for the device that will be used to replace
	the contents of the read-write conventional configuration	the contents of the read-write conventional configuration
	datastores during a 'factory-reset' RPC operation.";	datastores during a 'factory-reset' RPC operation.";
	}	}

	}	}]]></sourcecode>
	<CODE ENDS></artwork>
	</figure>
	</section>

	<section title="IANA Considerations">
	<t>This document registers one URI in the IETF XML Registry [RFC3688].
	The following registration has been made:</t>

	<figure align="center">
	<artwork> URI: urn:ietf:params:xml:ns:yang:ietf-factory-default
	Registrant Contact: The IESG.
	XML: N/A, the requested URI is an XML namespace.</artwork>
	</figure>

	<t>This document registers one YANG module in the YANG Module Names
	Registry [RFC6020]. The following registration has been made:</t>

	<figure align="center">
	<artwork> name: ietf-factory-default
	namespace: urn:ietf:params:xml:ns:yang:ietf-factory-default
	prefix: fd
	RFC: xxxx</artwork>
	</figure>
	</section>	</section>

		<section numbered="true" toc="default">
	<section anchor="security" title="Security Considerations">	<name>IANA Considerations</name>
	<t>The YANG module defined in this document extends the base operations	<t> IANA has registered the following URI in the "ns" subregistry within
	for NETCONF [RFC6241] and RESTCONF [RFC8040]. The lowest NETCONF layer	the "IETF XML Registry" <xref target="RFC3688" format="default"/>:</t>
	is the secure transport layer, and the mandatory-to-implement secure	<dl newline="false" spacing="compact">
	transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is	<dt>URI:</dt>
	HTTPS, and the mandatory-to-implement secure transport is TLS	<dd>urn:ietf:params:xml:ns:yang:ietf-factory-default </dd>
	[RFC8446].</t>	<dt>Registrant Contact:</dt>
		<dd>The IESG.</dd>
		<dt>XML:</dt>
		<dd>N/A; the requested URI is an XML namespace.</dd>
		</dl>
		<t>IANA has registered the following YANG module in the "YANG Module
		Names" subregistry <xref target="RFC6020" format="default"/> within the
		"YANG Parameters" registry:</t>
		<dl newline="false" spacing="compact">
		<dt>Name:</dt>
		<dd>ietf-factory-default</dd>
		<dt>Namespace:</dt>
		<dd>urn:ietf:params:xml:ns:yang:ietf-factory-default</dd>
		<dt>Prefix:</dt>
		<dd>fd</dd>
		<dt>Reference:</dt>
		<dd>8808</dd>
		</dl>
		</section>
		<section anchor="security" numbered="true" toc="default">
		<name>Security Considerations</name>
		<t>The YANG module specified in this document defines a schema for data
		that is designed to be accessed via network management protocols such
		as NETCONF <xref target="RFC6241"/> or RESTCONF <xref target="RFC8040"/>.
		The lowest NETCONF layer is the secure transport layer, and the
		mandatory-to-implement secure transport is Secure Shell (SSH)
		<xref target="RFC6242"/>. The lowest RESTCONF layer is HTTPS, and the
		mandatory-to-implement secure transport is TLS <xref target="RFC8446"/>.</t>
		<t>
		The Network Configuration Access Control Model (NACM) <xref target="RFC8341"/>
		provides the means to restrict access for particular NETCONF or RESTCONF users
		to a preconfigured subset of all available NETCONF or RESTCONF protocol
		operations and content.
		</t>
	<t>Access to the "factory-reset" RPC operation and factory default	<t>Access to the "factory-reset" RPC operation and factory default

	values of all configuration data nodes within "factory-default"	values of all configuration data nodes within the "factory-default"
	datastore is considered sensitive and therefore has been restricted	datastore is considered sensitive and therefore has been restricted by
	using the "default-deny-all" access control defined in <xref	using the "default-deny-all" access control statement defined in <xref tar
	target="RFC8341"/>.</t>	get="RFC8341" format="default"/>.</t>

	<t>The "factory-reset" RPC can prevent any further management of the	<t>The "factory-reset" RPC can prevent any further management of the
	device when the server is reset back to its factory default	device when the server is reset back to its factory default

	condition,e.g., the session and client config are included in the	condition, e.g., the session and client configurations are included in the
	factory default contents or treated as dynamic files on the nonvoliatile	factory default contents or treated as dynamic files in nonvolatile
	storage and overwritten by the the "factory-reset" RPC.</t>	storage and overwritten by the "factory-reset" RPC.</t>
		<t>The operational disruption caused by setting the configuration to facto
	<t>The operational disruption caused by setting the config to factory	ry
	default contents or lacking appropriate security control on factory	default contents or the lack of appropriate security control on the factor
	default configuration varies greatly depending on the implementation and	y
	current config.</t>	default configuration varies greatly, depending on the implementation and
		current configuration.</t>
	<t>The non-volatile storage is expected to be wiped clean and reset back	<t>The nonvolatile storage is expected to be wiped clean and reset back
	to the factory default state, but there is no guarantee that the data is	to the factory default state, but there is no guarantee that the data is

	wiped according to any particular data cleansing standard, and the owner	wiped clean according to any particular data-cleansing standard, and the o
	of the device MUST NOT rely on any sensitive data (e.g., private keys)	wner
	being forensically unrecoverable from the device's non-volatile storage	of the device <bcp14>MUST NOT</bcp14> rely on any sensitive data (e.g., pr
	after a factory-reset RPC has been invoked.</t>	ivate keys)
	</section>	being forensically unrecoverable from the device's nonvolatile storage
		after a "factory-reset" RPC has been invoked.</t>
	<section title="Acknowledgements">
	<t>Thanks to Juergen Schoenwaelder, Ladislav Lhotka, Alex Campbell, Joe
	Clarke, Robert Wilton, Kent Watsen, Joel Jaeggli, Lou Berger, Andy
	Bierman, Susan Hares, Benjamin Kaduk, Stephen Kent, Stewart Bryant,
	Éric Vyncke, Murray Kucherawy, Roman Danyliw, Tony Przygienda,
	John Heasley for reviewing this draft and providing important input to
	this document.</t>
	</section>

	<section title="Contributors">
	<figure>
	<artwork> Rohit R Ranade
	Huawei
	Email: rohitrranade@huawei.com</artwork>
	</figure>
	</section>	</section>


	<!---->
	</middle>	</middle>


	<back>	<back>

	<references title="Normative References">
	<?rfc include="reference.RFC.2119.xml"?>


	<?rfc include="reference.RFC.8174.xml"?>	<!-- draft-ietf-anima-bootstrapping-keyinfra (MISSREF) -->
		<displayreference target="I-D.ietf-anima-bootstrapping-keyinfra" to="BRSKI"/>
	<?rfc include="reference.RFC.7950.xml"?>

	<?rfc include="reference.RFC.8342.xml"?>

	<?rfc include="reference.RFC.8341.xml"?>

	<?rfc include="reference.RFC.3688.xml"?>

	<?rfc include="reference.RFC.6020.xml"?>

	<?rfc include="reference.RFC.8525.xml"?>
	</references>

	<references title="Informative References">
	<?rfc include="reference.RFC.6241.xml"?>

	<?rfc include="reference.RFC.6242.xml"?>

	<?rfc include="reference.RFC.8040.xml"?>

	<?rfc include="reference.RFC.8446.xml"?>


	<?rfc include='reference.I-D.ietf-anima-bootstrapping-keyinfra'?>	<references>
		<name>References</name>
		<references>
		<name>Normative References</name>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.2119.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8174.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.7950.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8342.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8341.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.3688.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.6020.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8525.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.6241.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.6242.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8040.xml"/>
		<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
		FC.8446.xml"/>
		</references>
		<references>
		<name>Informative References</name>
		<xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-ietf-an
		ima-bootstrapping-keyinfra.xml"/>
		</references>
	</references>	</references>

		<section numbered="false" toc="default">
	<section title="Changes between revisions">	<name>Acknowledgements</name>
	<t>Editorial Note (To be removed by RFC Editor)</t>	<t> Thanks to <contact fullname="Juergen Schoenwaelder"/>,
		<contact fullname="Ladislav Lhotka"/>, <contact fullname="Alex
	<t>v14 -15<list style="symbols">	Campbell"/>, <contact fullname="Joe Clarke"/>, <contact
	<t>Address comments raised in IESG review.</t>	fullname="Robert Wilton"/>, <contact fullname="Kent Watsen"/>,
	</list></t>	<contact fullname="Joel Jaeggli"/>, <contact fullname="Lou
		Berger"/>, <contact fullname="Andy Bierman"/>, <contact
	<t>v13 - 14<list style="symbols">	fullname="Susan Hares"/>, <contact fullname="Benjamin Kaduk"/>,
	<t>Address additional issues raised during AD review.</t>	<contact fullname="Stephen Kent"/>, <contact fullname="Stewart
	</list></t>	Bryant"/>, <contact fullname="Éric Vyncke"/>, <contact
		fullname="Murray Kucherawy"/>, <contact fullname="Roman
	<t>v12 - 13<list style="symbols">	Danyliw"/>, <contact fullname="Tony Przygienda"/>, and <contact
	<t>Address issues raised during AD review.</t>	fullname="John Heasley"/> for reviewing, and providing
	</list></t>	important input to, this document.</t>
		</section>
	<t>v11 - 12<list style="symbols">	<section numbered="false" toc="default">
	<t>Fix IDnits and reference issues from Shepherd review.</t>	<name>Contributors</name>
	</list></t>	<contact fullname="Rohit R Ranade" >
		<organization>Huawei</organization>
	<t>v10 - 11<list style="symbols">	<address>
	<t>Incorporate additional Shepherd review's comments.</t>	<email>rohitrranade@huawei.com</email>
	</list></t>	</address>
		</contact>
	<t>v09 - 10<list style="symbols">
	<t>Incorporate Shepherd review's comments.</t>
	</list></t>

	<t>v08 - 09<list style="symbols">
	<t>Provide some guideline for operators and implementor who
	implement factory defaut method.</t>
	</list></t>

	<t>v07 - 08<list style="symbols">
	<t>Provide clarification and recommendation on the relationship
	between factory-reset RPC and reboot.</t>

	<t>Nits fixed based on YANG Doctor Review.</t>
	</list></t>

	<t>v06 - 07<list style="symbols">
	<t>Remove Factory default content specification;</t>

	<t>Remove reference to YANG instance data file format and zero touch
	provision [RFC8573];</t>

	<t>Remove copy-config operation extension on factory-default
	datastore</t>
	</list></t>

	<t>v05 - 06</t>

	<t><list style="symbols">
	<t>Additional text to enhance security section.</t>

	<t>Add nacm:default-deny-all on "factory-reset" RPC.</t>

	<t>A few clarification on Factory default content specification.</t>
	</list></t>

	<t>v03 - 04<list style="symbols">
	<t>Additional text to clarify factory-reset RPC usage.</t>
	</list></t>

	<t>v02 - 03<list style="symbols">
	<t>Update security consideration section.</t>
	</list></t>

	<t>v01 - v02<list style="symbols">
	<t>Address security issue in the security consideration section.</t>

	<t>Remove an extension to the NETCONF <copy-config> operation
	which allows it to operate on the factory-default datastore.</t>

	<t>Add an extension to the NETCONF <get-config> operation
	which allows it to operate on the factory-default datastore.</t>
	</list></t>

	<t>v00 - v01<list style="symbols">
	<t>Change YANG server into server defined in NMDA architecture based
	on discussion.</t>

	<t>Allow reset the content of all read-write configuraton datastores
	to its factory default content except <candidate>.</t>

	<t>Add clarification text on factory-reset protocol operation
	behavior.</t>
	</list></t>

	<t>v03 - v00<list style="symbols">
	<t>Change draft name from draft-wu to
	draft-ietf-netmod-factory-default-00 without content changes.</t>
	</list></t>

	<t>v02 - v03<list style="symbols">
	<t>Change reset-datastore RPC into factory-reset RPC to allow reset
	the whole device with factory default content.</t>

	<t>Remove target datastore parameter from factory-reset RPC.</t>

	<t>Other editorial changes.</t>
	</list></t>

	<t>v01 - v02<list style="symbols">
	<t>Add copy-config based on Rob's comment.</t>

	<t>Reference Update.</t>
	</list></t>

	<t>v03 - v00 - v01<list style="symbols">
	<t>Changed name from draft-wu-netconf-restconf-factory-restore to
	draft-wu-netmod-factory-default</t>

	<t>Removed copy-config ; reset-datastore is enough</t>
	</list></t>

	<t>v02 - v03 <list style="symbols">
	<t>Restructured</t>

	<t>Made new datastore optional</t>

	<t>Removed Netconf capability</t>

	<t>Listed Open issues</t>
	</list></t>

	<t>v01 - v02 <list style="symbols">
	<t>-</t>
	</list></t>

	<t>v00 - v01 <list style="symbols">
	<t>-</t>
	</list></t>
	</section>	</section>
	</back>	</back>
	</rfc>	</rfc>

End of changes. 67 change blocks.
	435 lines changed or deleted	291 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/