IETF Logo Mail Archive

Re: [I2nsf] [yang-doctors] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 05 April 2019 17:32 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1231205F9; Fri, 5 Apr 2019 10:32:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNhLHU7i8u9e; Fri, 5 Apr 2019 10:32:44 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 192291205FD; Fri, 5 Apr 2019 10:32:44 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id s7so5624217iom.12; Fri, 05 Apr 2019 10:32:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=fcK7jssQdEkUFfcx4xchwNUWey+tgUUTGWMvHqNov8I=; b=KMDbqR4Ww/X3si5qfZtAzWUDnTjfgICdEOqOYrtIVM8oLKLLhPungMvuUHn4OdiqbL cHP4rwhrgvhJnkPJIqkAk6BOfLTH5CKsD7NLtOp0VHoxXqXqLvMQgF7zzmxAuiOkJ10Q YXFCouQ9jxb6N9WUU4ns5vkRyEAeRzjQZId38Kx6FbYf37dIIgOrI8MsnBNx1YKErm/y nnQ8tabMJ4Ybysr7qlMa5pKC1cpnLyAs92NdDG3T9AJRlVM3ySbFuvwDO4KLI83qGhOl 1T8/5KqmPO9vXkpmiv5yvz0rFsJQVDwMedrVAk020esmkveN4DEAK0BZd3J+zi47tzLc jTSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=fcK7jssQdEkUFfcx4xchwNUWey+tgUUTGWMvHqNov8I=; b=rGEvm/J97JWogKV8ckBKGCNORU/Ej9LCgsueMWXy0PqAD2zS2iv/fKyRcCCPonrE7G i5+3witRY+NnpftIW/CrlVrEl26LrhhwWYrjwzWc3/EaVgN3cuT+/oQLhfQmUtSmQzhH Oq+y5gslnUiWmp4lYpaKL50e53pNvbPE/GEtwoHtrEksVDd1d/1vQv9BTa8iRA2vnasY +TAFfjxCv+oN7AJxZcj/B6d3L2rxVJvKtEE1tbvPAH9ihzkme0NQMlCGd4HIdT5mDfIO TRg2HUpfWghGRtzCalZy2t9DIrvweifTmzuHliefqBP0BrIHRzlIDNUciZvQPtqLLkUs DyAQ==
X-Gm-Message-State: APjAAAW9nKPyER+dbZrHR5OEIB+U6s/pKxZ7VLuLmZ4cCX4HsdODaKZz criygsD8dsIhuulASWmna5k=
X-Google-Smtp-Source: APXvYqwf+SdVDwOJS8dqYSGFSwNeGjkOT/tq5QP2uoP4eGsKNdNbolFEWoAJxCl4yfQNjqPloBhCeg==
X-Received: by 2002:a6b:d307:: with SMTP id s7mr9442021iob.81.1554485562781; Fri, 05 Apr 2019 10:32:42 -0700 (PDT)
Received: from ?IPv6:2601:647:5600:5020:b9c9:28b5:a353:3404? ([2601:647:5600:5020:b9c9:28b5:a353:3404]) by smtp.gmail.com with ESMTPSA id p7sm9022187ioh.70.2019.04.05.10.32.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Apr 2019 10:32:41 -0700 (PDT)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <420D3E9A-9E3C-4575-9C92-200CAA0B868C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EECB677C-0B8D-4CB6-B852-E3CA733FF0C0"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 05 Apr 2019 10:32:40 -0700
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F66B363EB2@sjceml521-mbs.china.huawei.com>
Cc: "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>
To: Linda Dunbar <linda.dunbar@huawei.com>
References: <4A95BA014132FF49AE685FAB4B9F17F66B363EB2@sjceml521-mbs.china.huawei.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/rIWGBh4icpqhB9SfSk5eoBXGFko>
Subject: Re: [I2nsf] [yang-doctors] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2019 17:32:57 -0000

Hi Linda,


> On Apr 5, 2019, at 9:51 AM, Linda Dunbar <linda.dunbar@huawei.com> wrote:
> 
> Dear YANG Doctor:
>  
> We need your help in reviewing the YANG model in draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF WG is about to call WGLC.
>  
> In particular, we need your advice on the following issue:
>  
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04 imports from draft-ietf-netconf-crypto-types, which appears to be a generic list of algorithms.
> The problem is that the list in draft-ietf-netconf-crypto-types could contain algorithms that are not suitable for IPsec (such as secp192r1 for key agreement), and right now it seems to lack some older algorithms that have fallen out of fashion (3DES) but is still needed in IPsec.  

All the algorithms in draft-ietf-netconf-crypto-types are defined as identities. If you do not find the algorithm you are looking for in the list of defined algorithms, you can go ahead and define your own in your own draft, using the same base identity from the ietf-crypto-types module.

>  
>  
> Questions to the YANG Doctor:
> 1.       Is it better to list the IPsec specific algorithms in draft-ietf-i2nsf-sdn-ipsec-flow-protection (which is a subset of draft-ietf-netconf-crypto-types? Or to import all crypto algorithms many of which are not relevant to IPsec? What is the common practice? 

Importing ietf-crypto-types does not mean you have to implement every algorithm listed in the module. You can import the module and chose to implement the algorithms you want to implement, including defining any new ones.

> 2.      If we do import from draft-ietf-netconf-crypto-types, does it mean draft-ietf-i2nsf-sdn-ipsec-flow-protection cannot be published until draft-ietf-netconf-crypto-types is published?

Yes. The i2nsf draft will hit the state of MISSREF in the RFC Editor queue. But that should not prevent anyone from starting implementation of the module. As a side note, the NETCONF WG is planning on sending the crypto-types draft to IESG shortly. What you do not want is to duplicate the definition of the algorithms in your own draft.

HTH.

>  
>  
> Thank you very much, 
>  
> Linda & Yoav
>  
> _______________________________________________
> yang-doctors mailing list
> yang-doctors@ietf.org <mailto:yang-doctors@ietf.org>
> https://www.ietf.org/mailman/listinfo/yang-doctors <https://www.ietf.org/mailman/listinfo/yang-doctors>
Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email