IETF Logo Mail Archive

Re: [Netconf] Draft Charter Proposal for NETCONF WG

Kent Watsen <kwatsen@juniper.net> Thu, 23 March 2017 20:40 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE2F1296BE; Thu, 23 Mar 2017 13:40:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzSqqT965aXe; Thu, 23 Mar 2017 13:40:10 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0108.outbound.protection.outlook.com [104.47.34.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09A02127F0E; Thu, 23 Mar 2017 13:40:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+qu8w3nW+2iaLwS3LW4zp3WhyRj6dtVpsXKSxtgLINc=; b=jLAkuXSPejkzHYFYibbyhmQ9VgkhJ4t2iKylINaBgwra/vz/nu7M4lrm+lRgSGAZMiFsicIPU5otSSHC2pLM7Mfec6R2sVwn6h7IDTAhrsem+RleNrKgwgwz/WFACIQDBG1pcyJl8q7fhn3YPDSc1I48te4DpKGWga2wnPCr4H0=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Thu, 23 Mar 2017 20:40:08 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.0991.017; Thu, 23 Mar 2017 20:40:08 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "t.petch" <ietfc@btconnect.com>, Mahesh Jethanandani <mjethanandani@gmail.com>
CC: "draft-ietf-rtgwg-yang-key-chain.all@ietf.org" <draft-ietf-rtgwg-yang-key-chain.all@ietf.org>, Netconf <netconf@ietf.org>
Thread-Topic: [Netconf] Draft Charter Proposal for NETCONF WG
Thread-Index: AdKROeE3Cc7ORdXbRmOFzdaoTO5UHAAgSeNTAAMyYgAABKtfAAAmUhvuAAqrwYAAXzKn3gAB6uUAAAIQ/gAAyiJeAAAC57eAAAAVAwAAAlfsAAACJWiAAAN6WAD//+pRAIAPgnqAgATDTICAASefpIAAKg0AgABUkwD//9E3gIACAQEA///Hy4CAAALPAIABiKX1///tXIA=
Date: Thu, 23 Mar 2017 20:40:08 +0000
Message-ID: <C429E3CA-891F-4EEF-B96C-B85EE0F64FC4@juniper.net>
References: <CABCOCHSacn15vfo8MR0K-UJJo6E0AZ14Gwj3M43KYkgbtwK8Kg@mail.gmail.com> <005101d2975f$ae87ac20$0b970460$@ndzh.com> <017d01d29769$0df70b20$29e52160$@gmail.com> <010701d29771$a45f66e0$ed1e34a0$@ndzh.com> <026601d2977f$8d059600$a710c200$@gmail.com> <685B9088-7557-4C6E-9A8F-54C3208DB312@juniper.net> <7217bc23-0e1e-c250-929d-e18c3f0a800f@cisco.com> <07b601d2a197$9865d5b0$c9318110$@gmail.com> <02ee01d2a22b$295b2be0$4001a8c0@gateway.2wire.net> <BA52FB19-D4B9-4E1A-BFE5-7CCE6F5554B1@juniper.net> <20170321174358.GA36769@elstar.local> <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net> <FF00B7D1-0418-49C5-93AF-59D837354879@gmail.com> <4A73C3C3-61F3-4988-B163-264B29EE1BA0@juniper.net> <445D4A52-0EC8-4AAD-ABC4-22CAC3B3169A@juniper.net> <03a101d2a3fd$35353ae0$4001a8c0@gateway.2wire.net>
In-Reply-To: <03a101d2a3fd$35353ae0$4001a8c0@gateway.2wire.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: btconnect.com; dkim=none (message not signed) header.d=none;btconnect.com; dmarc=none action=none header.from=juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.241.11]
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1442; 7:Si+dfHwpsIEAOZaK0+buK5WQJWl1OXIB7TFipzDC0HIpB8gklhv4cuQr5SY1LRBzYm9tiVDTSy1+UYxEqJtLjeYq+S2ChNDl09A3StTW7b2bGTyOxk9QT2kFgW2Mee7YfTRPx9Vq8wguEFBroZSlhryxvvYmhfYNAYbS3Od14nrNJA78KFuOrBp4oRGIQDalboGUonqs22apTHvjo6tEoR6LKsRG+nihyGn2wCsX/mk/o3BUmfP2xW/iMaTZQZQ7qeX/Yc9OJeQIExTDnD/d+jz0Y5zrUz4KNaO9gVkVgYYROrfsu9ijRydIdX5nO7lzk7ZDZC5mBGlOL9rCRSTVKA==
x-ms-office365-filtering-correlation-id: 8b061620-06b9-4915-8133-08d4722ccb96
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081); SRVR:BN3PR0501MB1442;
x-microsoft-antispam-prvs: <BN3PR0501MB14425D2CAAE2122B99D1D6BEA53F0@BN3PR0501MB1442.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558025)(20161123564025)(20161123562025)(6072148); SRVR:BN3PR0501MB1442; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1442;
x-forefront-prvs: 0255DF69B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39450400003)(39840400002)(39850400002)(39860400002)(83506001)(39060400002)(5660300001)(82746002)(2906002)(38730400002)(6246003)(305945005)(122556002)(7736002)(54356999)(50986999)(4326008)(5890100001)(76176999)(97736004)(25786009)(3280700002)(3660700001)(4001350100001)(36756003)(83716003)(6116002)(8666007)(189998001)(3846002)(102836003)(6506006)(6486002)(77096006)(86362001)(229853002)(6436002)(6512007)(53936002)(551544002)(66066001)(2900100001)(93886004)(33656002)(8676002)(2950100002)(81166006)(54906002)(8936002)(99286003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1442; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <0C41E6128DB46C429A1AE8CCB802EEAE@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2017 20:40:08.4437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1442
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/22zUKehdaQ6Y2g2fDKd40bwoAmM>
Subject: Re: [Netconf] Draft Charter Proposal for NETCONF WG
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 20:40:12 -0000


Hi Tom,

> Sorry about mixing up keystore and keychain - I did download the
> updated draft last week but failed to find it when I was drafting
> my post. However, while I know the English semantics of store and
> chain, I do find it more difficult to attach different semantics
> to keystore and key-chain, and I do find the Abstracts of the two
> I-Ds rather similar which leaves me uncertain about the scope of
> the work in Netconf.

understood.


> When the proposed charter says
> "  1. Finalize the YANG data module for a system-level keystore
>       mechanism, that can be used to hold onto asymmetric private
>       keys and certificates that are trusted by the system 
>       advertising support for this module."
>
> I am still uncertain.

understood.


> You are saying symmetric keys may come in future but should this
> be part of the charter now? I am divided on this.

I'm also divided on it, but it is the case that we had passwords 
(read "symmetric keys") in the previous version of the keystore 
draft and, the reason that they're not there now is because we 
moved the passwords to the ietf-ssh-client module in the current
version of the draft...a decision that I consider to be "under 
review" and to be discussed in Chicago.


> You are saying you are unsure about system-level but what is it
> then, not that I have ever realised what is meant by system-level
> (unless it means not just for routers, but then the Abstract of 
> key-chain, for the first five sentences, sounds like a system-wide
> model with sentence six only saying it is commonly used for routing
> protocols, it does not say it is not also for system-wide use!).
>
> I would then avoid system-level, since I do not understand it:-(

I agree, for the reasons you mentioned, hence why I've resisted 
putting "system" into the draft's or the module's name.  Admittedly,
the draft's abstract/intro currently say "system", which should 
probably be removed.


> "Generic keystore mechanism" perhaps.

Perhaps, or just "keystore" with some more words around its 
common uses, kind of like how Acee's key-chain draft says that
it's commonly used in routing protocols.


> I note that the charter does say 'asymmetric' which I think needs
> saying and also adding to the I-D; and I do think that the Netconf
> I-D should recognise the existence of other I-Ds relating to the
> storage of  keys, although that detail is not a matter for the
> charter.

The draft currently says "private keys", which a veiled reference
to asymmetric keys.  It certainly can say this more overtly.

The draft used to have some words regarding the key-chain draft,
but Acee didn't think such sections were useful and so I took it
out in the most recent version.  If we add something back in now,
it would be along the lines of how the key-chain module is
specialized for a narrow purpose, while the keystore module is
useful in several contexts.


Kent

v2.23.0 | Report a Bug | By Email