[Netconf] #14: notification termination mechanism considered dangerous

["Netconf" <trac@tools.ietf.org>]

#14: notification termination mechanism considered dangerous
---------------------------------------------+------------------------------
 Reporter:  ietf@andybierman.com             |       Owner:     
     Type:  defect                           |      Status:  new
 Priority:  major                            |   Milestone:     
Component:  draft-ietf-netconf-notification  |     Version:     
 Keywords:  notification-08                  |  
---------------------------------------------+------------------------------
 There needs to be a safe mechanism to terminate
 a session that is in notification delivery mode.
 The manager must be able to invoke <close-session>
 in this mode, rather than terminating the
 session by other means.

 Currently a manager must start another session,
 determine the correct session number the kill,
 (don't get that wrong!) and invoke the <kill-session>
 operation, then close the new session.

 The current '<kill-session> method', as the standard mechanism
 to terminate notifications, is dangerous.  Imagine a unix
 program that could only be turned off with a 'kill -9 pid'
 command.  That is a really dangerous sysadmin practice.
 The <kill-session> should be used sparingly, just like
 the unix 'kill' command.

 The other standard way to terminate notifications is for
 the manager to close the transport connection (unexpectedly
 in the agent's POV).  This is even worse than <kill-session>
 because the agent might (incorrectly) generate event
 notifications about a network problem (lost session).

-- 
Ticket URL: <http://www3.tools.ietf.org/wg/netconf/trac/ticket/14>
Netconf <http://tools.ietf.org/wg/netconf/trac/>
Issue tracker for the NETCONF Working Group�������zǧu���Ơz�z�����l���0����ۧ����z)ڲ)�b�欶�z����w&�r�zm����������w�