Re: Genart last call review of draft-ietf-rtgwg-yang-key-chain-17
"Acee Lindem (acee)" <acee@cisco.com> Sat, 08 April 2017 22:55 UTC
Return-Path: <acee@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5A912714F; Sat, 8 Apr 2017 15:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.623
X-Spam-Level:
X-Spam-Status: No, score=-12.623 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cXtyUZw2JLQz; Sat, 8 Apr 2017 15:55:40 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98F6F1250B8; Sat, 8 Apr 2017 15:55:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2806; q=dns/txt; s=iport; t=1491692140; x=1492901740; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=zkVtu0DpB2Azi2hOQXUF+XPu8DkbyNAYSk2OO6g01JI=; b=e2S1wqGEecRZhBbvHwIf0oWaumhFFzA91H4dQs4rGQwESOPZ62Qms7w4 c8iZlU5/GiTXxY+XfEDVjHWbGmPQpeksgIvleBU6UDnlfFkqt+I7bp6HA SzJXzf8Q8SHffB0mJwXUsNXHxscCPPs+QETtu7qWpyCwbR5+cPf+9+Mz3 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AUAQCfaelY/4ENJK1CGhkBAQEBAQEBAQEBAQcBAQEBAYNTYYELB41ykUCVV4IPLIV4AoNePxgBAgEBAQEBAQFrKIUWAQQBeQULAgEIFDIyJQIEAQ0FCYl+CA4xqW+KXAEBAQEBAQEBAQEBAQEBAQEBAQEBAR2LQIJwgUIkhWUFkCuFdYZbAYZ/i1mBf4UuihSKNYlKAR84gQVbFYUdG4FjdQGGb4EwgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.37,174,1488844800"; d="scan'208";a="409393167"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Apr 2017 22:55:39 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v38MtdX4015015 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 8 Apr 2017 22:55:39 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 8 Apr 2017 18:55:35 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1210.000; Sat, 8 Apr 2017 18:55:36 -0400
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Matthew Miller <linuxwolf+ietf@outer-planes.net>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-rtgwg-yang-key-chain.all@ietf.org" <draft-ietf-rtgwg-yang-key-chain.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Subject: Re: Genart last call review of draft-ietf-rtgwg-yang-key-chain-17
Thread-Topic: Genart last call review of draft-ietf-rtgwg-yang-key-chain-17
Thread-Index: AQHSr8ihxBldHKjCb0K6BYj9/alinKG8FuQA
Date: Sat, 08 Apr 2017 22:55:35 +0000
Message-ID: <D50ED999.A7F47%acee@cisco.com>
References: <149158793224.11224.1489071223626497682@ietfa.amsl.com>
In-Reply-To: <149158793224.11224.1489071223626497682@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.197]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <F3C8E32FD63BFD4A9794F21646ED72BA@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lvakcGUY18t31u2YLT1IzksPGJA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2017 22:55:43 -0000
Hi Matt, Thanks for the review. On 4/7/17, 1:58 PM, "Matthew Miller" <linuxwolf+ietf@outer-planes.net> wrote: >Reviewer: Matthew Miller >Review result: Almost Ready > >I am the assigned Gen-ART reviewer for this draft. The General Area >Review Team (Gen-ART) reviews all IETF documents being processed >by the IESG for the IETF Chair. Please treat these comments just >like any other last call comments. > >For more information, please see the FAQ at > ><https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > >Document: draft-ietf-rtgwg-yang-key-chain-17 >Reviewer: Matthew A. Miller >Review Date: 2017-04-07 >IETF LC End Date: 2017-04-07 >IESG Telechat date: 2017-04-13 > >Summary: > >This document is almost ready to be published as a Proposed Standard, >once the issues noted herein are resolved. > >Major issues: > >NONE > >Minor issues: > >* Forgive me for my limited knowledge of YANG, but is there a reason >key-strings are only representable as either a YANG string or >hex-string type, and not the YANG binary type? Let me ask why I¹d want to use this type? I can get all the entropy I want with a hex string and implementations are familiar with this representation. I¹m not really fond of the obscure base64 representation used by the YANG type and if one consults Benoit¹s search tool, the type is not widely used. http://www.yangcatalog.org/yang-search/yang-search.php > >* This document does not provide much guidance around AES key wrap >other than it can be used and the KEK is provided >out-of-band/-context. >For instance, AES key-wrapped key-strings probably require using >"hexidecimal-string". Yes - I¹ll add that. > Also, assuming I'm reading the model >correctly, >it appears this feature applies to the whole chain, which I think is >worth calling out. In YANG, if you support a feature, it is for the entire model. The per-chain boolean indicates whether or not it is applies to all the keys in that particular key-chain. I will clarify this. > >* This document warns against using the "clear-text" algorithm, which >the >reader is lead to understand is for legacy implementation reasons. >However, is there not a similar concern with cryptographically weak >algorithms, such as md5 and (arguably) sha1? I can add something for MD5. > >Nits/editorial comments: > >* In Section 3.2. "Key Chain Model Features", the word "of" is >missing >between "configuration" and "an" in the phrase "support configuration >an >acceptance tolerance". Good catch. I will fix. > >Non-nits: > >* I note that idnits is calling out some odd spacing issues, but I >think >they are safe to ignore. Though the line numbers don¹t match the draft, I was able to fix these. Thanks, Acee >
- Re: Genart last call review of draft-ietf-rtgwg-y… Acee Lindem (acee)
- Re: Genart last call review of draft-ietf-rtgwg-y… Matthew A. Miller
- Genart last call review of draft-ietf-rtgwg-yang-… Matthew Miller