[I2nsf] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC

Linda Dunbar <linda.dunbar@huawei.com> Fri, 05 April 2019 16:51 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C77771205FE; Fri, 5 Apr 2019 09:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34ZgBldS_mem; Fri, 5 Apr 2019 09:51:45 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E22F1205F9; Fri, 5 Apr 2019 09:51:45 -0700 (PDT)
Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id A6685F7D894B531D39EC; Fri, 5 Apr 2019 17:51:12 +0100 (IST)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 5 Apr 2019 17:51:12 +0100
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.52]) by SJCEML703-CHM.china.huawei.com ([169.254.5.214]) with mapi id 14.03.0439.000; Fri, 5 Apr 2019 09:51:05 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "yang-doctors@ietf.org" <yang-doctors@ietf.org>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC
Thread-Index: AdTrz5KLjfuPM7QZRTatYAMxHHsREA==
Date: Fri, 5 Apr 2019 16:51:04 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B363EB2@sjceml521-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.109]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F66B363EB2sjceml521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/XZevQcuifa_PN6OeZMLaMch3mAo>
Subject: [I2nsf] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2019 16:51:48 -0000

Dear YANG Doctor:

We need your help in reviewing the YANG model in draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF WG is about to call WGLC.

In particular, we need your advice on the following issue:

draft-ietf-i2nsf-sdn-ipsec-flow-protection-04 imports from draft-ietf-netconf-crypto-types, which appears to be a generic list of algorithms.
The problem is that the list in draft-ietf-netconf-crypto-types could contain algorithms that are not suitable for IPsec (such as secp192r1 for key agreement), and right now it seems to lack some older algorithms that have fallen out of fashion (3DES) but is still needed in IPsec.


Questions to the YANG Doctor:

1.       Is it better to list the IPsec specific algorithms in draft-ietf-i2nsf-sdn-ipsec-flow-protection (which is a subset of draft-ietf-netconf-crypto-types? Or to import all crypto algorithms many of which are not relevant to IPsec? What is the common practice?

2.      If we do import from draft-ietf-netconf-crypto-types, does it mean draft-ietf-i2nsf-sdn-ipsec-flow-protection cannot be published until draft-ietf-netconf-crypto-types is published?



Thank you very much,

Linda & Yoav