IETF Logo Mail Archive

Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13

Sean Turner <sean@sn3rd.com> Thu, 03 March 2022 14:05 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98FD63A08BD for <netconf@ietfa.amsl.com>; Thu, 3 Mar 2022 06:05:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oQj0ZxoSC8z4 for <netconf@ietfa.amsl.com>; Thu, 3 Mar 2022 06:04:58 -0800 (PST)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4E3C3A09D0 for <netconf@ietf.org>; Thu, 3 Mar 2022 06:04:58 -0800 (PST)
Received: by mail-qv1-xf35.google.com with SMTP id e22so4148799qvf.9 for <netconf@ietf.org>; Thu, 03 Mar 2022 06:04:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qfTXIMeM/PdNN++WLmPl+mkLUiDcyPyOT7qKKuyKGu0=; b=HW7KvnPoS3GPjV6X4dz0bqBM0N8omOOow3Kix0tRQWXAqhT+BSA2N54S10gUARjDAT nq3cnfCxb3lbsGPNrvLKv8Y752AaruQiQuB5dhrtWpOv4dzIqLL9Q+SG20ufVVp3AcbF c0owR42cMyYrIf+zkzJfJ7yctD3bvFbEB4Q4Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qfTXIMeM/PdNN++WLmPl+mkLUiDcyPyOT7qKKuyKGu0=; b=Tsh+LPlRI4RPbDUvtyXo345LAyDTq8bymlnHqRcDWc9yYrC5W/YOJMFYNQwLYQr0ax 4qxxrpj4R7FqjuTzQ1Dh/2+i2lklAIeNZ6lt2ffQz7AcRjAcUoadPCtqwI0SiebGIIIc BOjXs76CgiJA8ZL6Be4jdBZ2jdmcj2irhcqaTSGoc8xmC+/UdKtKWl71mOA02fcIVIYx dLUeslUlzBZdALXMnIkdNKYE7HMdlM07E8t6iZFCBOR28BlmkYWhN7WqOz+5DEUdpMh4 FyCaX9ZTO656HhC9Znkk8wLnWZHFLNx+Nv22NCI3ylsaXEpxf/A7rAWNqr1zS6NFTLap R2Wg==
X-Gm-Message-State: AOAM533wWwLYCHJk2AB5XL9E5bKI/6wXNmB6v381MmXNDy4hQL2t603e wxF2lI065NN2+iG2rGbkMOA38w==
X-Google-Smtp-Source: ABdhPJxhvofeFhj3o59iqwm8ssw7xkMiZCU+gQKQCyDK2X9vLj5d4miq6b2Qf6Bi9FIIhghh+ZdJvg==
X-Received: by 2002:a05:6214:f22:b0:432:f68f:7b7a with SMTP id iw2-20020a0562140f2200b00432f68f7b7amr16113253qvb.95.1646316297320; Thu, 03 Mar 2022 06:04:57 -0800 (PST)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id r13-20020ac85c8d000000b002de72dbc987sm1554463qta.21.2022.03.03.06.04.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Mar 2022 06:04:56 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <DU0PR10MB5196F309D580C291C486FC6FF3049@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM>
Date: Thu, 03 Mar 2022 09:04:55 -0500
Cc: Kent Watsen <kent+ietf@watsen.net>, "Rob Wilton (rwilton)" <rwilton@cisco.com>, "draft-ietf-netconf-sztp-csr@ietf.org" <draft-ietf-netconf-sztp-csr@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <91F0FDEE-DF58-489C-A175-99F5482E720B@sn3rd.com>
References: <DU0PR10MB5196969030E39300696054D0F3349@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM> <0100017f2210e849-73639b73-109c-46bb-be2f-5f52f96449e6-000000@email.amazonses.com> <DU0PR10MB5196D760CD7247B21B255664F33B9@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM> <DB6PR1001MB126956FBB638EC719DBE9ADFFE3C9@DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM> <BY5PR11MB419617B1A3F400C2A0DD4BEAB5029@BY5PR11MB4196.namprd11.prod.outlook.com> <0100017f4d6d64e0-48dc9ee9-af9c-4c17-8e06-3f49f94ecb66-000000@email.amazonses.com> <DU0PR10MB5196F309D580C291C486FC6FF3049@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM>
To: "Fries, Steffen" <steffen.fries@siemens.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/-R7aE1Cakv4UpNb6qRCiKmQW2nE>
Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 14:05:05 -0000

Thanks all ‘round!

spt

> On Mar 3, 2022, at 05:51, Fries, Steffen <steffen.fries@siemens.com> wrote:
> 
> Hi Kent,
>  
> Thank you for the prompt reaction. This definitely ensures broader applicability of the CMP features.
>  
> Best regards
> Steffen 
>  
> From: netconf <netconf-bounces@ietf.org> On Behalf Of Kent Watsen
> Sent: Donnerstag, 3. März 2022 02:38
> To: Rob Wilton (rwilton) <rwilton@cisco.com>
> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org
> Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
>  
>  
> Rob et. al., 
>  
> An -14 update was posted with the changes proposed by Hendrik.
> Thank you Hendrik for providing simple to apply edits!
>  
> Kent (on behalf of the authors)
>  
>  
> 
> 
> On Mar 1, 2022, at 4:50 PM, Rob Wilton (rwilton) <rwilton@cisco.com> wrote:
>  
> Hi Kent, authors,
>  
> Given that I haven’t get approved this draft from the IESG review yet, then even though it is late, these changes look useful but relatively minor.  If the authors think that these changes are appropriate then I am happy for you to post an updated draft revision with these changes then ping me and I’ll check it before sending it on its way to the RFC editor.
> Regards,
> Rob
>  
>  
> From: netconf <netconf-bounces@ietf.org> On Behalf Of Brockhaus, Hendrik
> Sent: 23 February 2022 08:44
> To: Kent Watsen <kent+ietf@watsen.net>
> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org
> Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
>  
> Kent
>  
> I understood that this change request comes very late, but to male the change request more concrete I looked into the document and identified four places where p10cr is referenced. In all theses places “p10cr” would need to be replaced with “ir, cr, kur, or p10cr”.
>  
> Finally this is the proposed change:
> ** Section 3.2.
> In identity cmp-csr:
> s/PKIBody containing only the p10cr structure/PKIBody containing only the ir, cr, kur, or p10cr structure/
> And three times in grouping csr-grouping:
> s/The body element contains a p10cr CHOICE of type CertificationRequest./The body element contains a ir, cr, kur, or p10cr CHOICE of type CertificationRequest./
>  
> But I understood that such change can only be processed if there is a DISCUSS.
>  
> Hendrik
>  
> Von: netconf <netconf-bounces@ietf.org> Im Auftrag von Fries, Steffen
> Gesendet: Dienstag, 22. Februar 2022 17:52
> An: Kent Watsen <kent+ietf@watsen.net>
> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org
> Betreff: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
>  
> Hi Kent, 
>  
> Thank you for your answer.
> I agree, it is very late in the process for such a comment. I should have realized it earlier. Nevertheless, I wanted to raise that point as it would allow for more functionality. If there is no DISCUSS, the proposal with an additional definition is probably the easiest way forward.
>  
> Best regards
> Steffen
>  
> From: Kent Watsen <kent+ietf@watsen.net> 
> Sent: Dienstag, 22. Februar 2022 16:33
> To: Fries, Steffen (T CST) <steffen.fries@siemens.com>
> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org
> Subject: Re: Question to draft-ietf-netconf-sztp-csr-13
>  
>  
> Hi Steffen,
>  
> Yes, the CMP-CSR is bound to P10.  
>  
> 
> This draft is currently in the final stage of IESG Last Call review.  Comments such as these should have been received during WG Last Call.  Unless an IESG member throws a DISCUSS, the draft will proceed as is.  In such case, a future work may define something like a "cmp-csr-2” leaf to contain an expanded definition.
>  
> 
> Kent // contributor
>  
>  
>  
> 
> On Feb 15, 2022, at 1:46 PM, Fries, Steffen <steffen.fries@siemens.com> wrote:
>  
> Hello Kent,
>  
> I’ve got a short clarification question regarding the latest draft. I realized in the description of the YANG modules that there is a difference in section 3.2 between CMC and CMP in the description what can be contained in the respective CSR. Based on the description of the YANG module, CMC seems to be open for different types of certification requests, while CMP is bound to a wrapped P10 not leaving any further choice (like ir, cr, kur). Did I got this right or did I misinterpret the description for the cmc-csr? Sorry for realizing this so late.  
>  
> Best regards
> Steffen

v2.23.0 | Report a Bug | By Email