Re: [netconf] Latest ietf-netconf-server draft and related modules

Kent Watsen <kent+ietf@watsen.net> Thu, 29 April 2021 18:35 UTC

Return-Path: <010001791eea5b0b-5d7df7f0-78ce-4382-b27f-3c60ab42e1a2-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20F783A1260 for <netconf@ietfa.amsl.com>; Thu, 29 Apr 2021 11:35:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCwHhRaFuoR6 for <netconf@ietfa.amsl.com>; Thu, 29 Apr 2021 11:35:48 -0700 (PDT)
Received: from a48-94.smtp-out.amazonses.com (a48-94.smtp-out.amazonses.com [54.240.48.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC22C3A125E for <netconf@ietf.org>; Thu, 29 Apr 2021 11:35:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1619721346; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=iuaw99xGTvVsV3NYeDgpAcqT4PcbSc3JUFw7pKxtAd0=; b=kqPa9lunDm3f/JUiuqGorge63uDQRuJTcMMYS/6XI+XchV38IdnyVZAcWpfwwTGb ol3mQMUxkCMaZNl8aoIBg/Br/dn3GTcHj/q+bsL4O3qnWH6XidD3hwjCuWxOpp57Tvv FT3wPjAH3nXMf9VyfW8uBCzBP1TKcvrvGY1K+zCA=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Kent Watsen <kent+ietf@watsen.net>
In-Reply-To: <20210429150928.3rwjhc3llseofssa@anna.jacobs.jacobs-university.de>
Date: Thu, 29 Apr 2021 18:35:45 +0000
Cc: =?utf-8?Q?Michal_Va=C5=A1ko?= <mvasko@cesnet.cz>, "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID: <010001791eea5b0b-5d7df7f0-78ce-4382-b27f-3c60ab42e1a2-000000@email.amazonses.com>
References: <010001791de3029b-730530a6-f4fb-4d57-9d39-a1551ab76260-000000@email.amazonses.com> <62ed-608ac900-53-32820540@104833101> <20210429150928.3rwjhc3llseofssa@anna.jacobs.jacobs-university.de>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2021.04.29-54.240.48.94
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/0sr42mIEIbC_nvJpD1i-Wfhzmq8>
Subject: Re: [netconf] Latest ietf-netconf-server draft and related modules
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2021 18:35:49 -0000

> RFC 4252 says:
> 
>   The server drives the authentication by telling the client which
>   authentication methods can be used to continue the exchange at any
>   given time.  The client has the freedom to try the methods listed by
>   the server in any order.  This gives the server complete control over
>   the authentication process if desired, but also gives enough
>   flexibility for the client to use the methods it supports or that are
>   most convenient for the user, when multiple methods are offered by
>   the server.


And the RFC goes on to say:

   The 'authentications that can continue' is a comma-separated name-
   list of authentication 'method name' values that may productively
   continue the authentication dialog.

   It is RECOMMENDED that servers only include those 'method name'
   values in the name-list that are actually useful.  However, it is not
   illegal to include 'method name' values that cannot be used to
   authenticate the user.

All of the methods returned SHOULD be productive for the client to choose next.  It doesn’t matter (from a protocol perspective) which method is selected, assuming more than one was returned.

Kent