Re: [netconf] Genart last call review of draft-ietf-netconf-crypto-types-28
Kent Watsen <kent+ietf@watsen.net> Fri, 26 January 2024 23:27 UTC
Return-Path: <0100018d4819a9b6-b4591198-f442-429f-8479-8c5b10a1426c-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC9BEC1654F2; Fri, 26 Jan 2024 15:27:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LIGnZHvd0W9G; Fri, 26 Jan 2024 15:27:40 -0800 (PST)
Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F1BC1782B5; Fri, 26 Jan 2024 15:27:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1706311658; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=qSQBz3ONDlItUbnwah0DcN+WR0UTG5GaJEFe9HJVPEk=; b=TdjQnT2AA40/6K0IUnJUYWTgUi3Z7kTG8rCDElWVDnL/7Q2ipNYIzCsA/QBDzJ8O Xi/UOwHCkzS3MkSLcIFSob4lWtETzK9XAiW3hmKOJ/p5V3xNAULz5e2tN2u/usRkZAS 7mjWYqGDW1uB1ZKIXEEKT+jNYveuC2THxuaCbI/Y=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018d4819a9b6-b4591198-f442-429f-8479-8c5b10a1426c-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4E64B945-0DAB-4E52-A234-7C88BB3C8781"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Fri, 26 Jan 2024 23:27:37 +0000
In-Reply-To: <170593840890.54102.14012506624636913765@ietfa.amsl.com>
Cc: gen-art@ietf.org, draft-ietf-netconf-crypto-types.all@ietf.org, last-call@ietf.org, "netconf@ietf.org" <netconf@ietf.org>
To: Dale Worley <worley@ariadne.com>
References: <170593840890.54102.14012506624636913765@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.01.26-54.240.8.31
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4REcM5QSb3rHYDci6vfqISLNVGg>
Subject: Re: [netconf] Genart last call review of draft-ietf-netconf-crypto-types-28
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 23:27:44 -0000
Hi Dale, Thank you for your review! Please see below for responses to your comments. Kent > On Jan 22, 2024, at 10:46 AM, Dale Worley via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Dale Worley > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: review-draft-ietf-netconf-crypto-types-28 > Reviewer: Dale R. Worley > Review Date: 2024-01-22 > IETF LC End Date: 2024-01-24 > IESG Telechat date: [not known] > > Summary: > > This draft is basically ready for publication, but has nits that > should be fixed before publication. > > Nits/editorial comments: > > Editorial Note (To be removed by RFC Editor) > > Tree-diagrams in this draft may use the '/' line-folding mode defined > in RFC 8792. However, nicer-to-the-eye is when the '//' line-folding > mode is used. The AD suggested suggested putting a request here for > the RFC Editor to help convert "ugly" '/' folded examples to use the > '//' folding mode. "Help convert" may be interpreted as, identify > what looks ugly and ask the authors to make the adjustment. > > Throughout this paragraph, slash '/' should be replaced by backslash > '\'. Egads, how embarrassing ;) Fixed! > 1.1. Relation to other RFCs > > The dependency relationship between the primary YANG groupings > defined in the various RFCs is presented in the below diagram. > > Perhaps there is a convention that I am not aware of, but when I see > in the figure e.g. > > crypto-types > ^ ^ > / \ > / \ > truststore keystore > > does that mean that crypto-types contains a reference to truststore, > or does it mean that truststore contains a reference to crypto-types? > The usual convention is that arrows point from referencer to > referenced, but also the usual convention is that the referenced thing > is written physically below the referencer. Perhaps add an > explanatory sentence. Added the following paragraph (to each of the nine drafts in this suite of drafts): Please note that the arrows in the diagram point from referencer to referenced. For example, the "crypto-types" RFC does not have any dependencies, whilst the "keystore" RFC depends on the "crypto-types" RFC. > Table 1: Label to RFC Mapping > > In -28, this caption appears visually to be the caption of both the > dependency diagram at the top of page 5 and the label-to-RFC mapping > table at the bottom of page 5, and so probably should be amended to > describe both of them together. s/Label in Diagram to RFC Mapping/Label to RFC Mapping/ Good enough? > 1.4. Conventions > > Various examples used in this document use a placeholder value for > binary data that has been base64 encoded (e.g., "BASE64VALUE="). > > This would be clearer if it stated directly that the (only) > placeholder value used is "BASE64VALUE=". Perhaps > > Various examples in this document use "BASE64VALUE=" as a > placeholder value for (usually binary) data has has been base64 > encoded. Agreed, but since it’s always only used for binary data, I elided the “usually” bit, so the sentence now reads: Various examples in this document use "BASE64VALUE=" as a placeholder value for binary data has has been base64 encoded. > 2.1.2. Identities > > +-- csr-format > +-- p10-csr-format {p10-csr-format?} > > This construct ends with "?}", whereas a number of other constructs > end with "}?". Are all of these correct? Fixed (great catch!) > 2.1.3. Typedefs > > * Additionally, all the typedefs define a type for encoding an ASN.1 > [ITU.X680.2021] structure using DER [ITU.X690.2021]. > > It seems like it would be useful to have a typedef "asn-1-der" that > extends "binary", to be used specifically for DER-encoded ASN.1 data, > and which in turn is extended here. E.g. > > binary > +-- asn-1-der > +-- csr-info > +-- csr > +-- x509 > | +-- trust-anchor-cert-x509 > ... > > Unfortunately, what would make such an extended type valuable is that > DER-encoded ASH.1 strings are used in a number of RFCs, which means > that this document might not be the best place to introduce such an > extended type. I think I’ll not make this change. > 2.3. YANG Module > > I am no expert on Yang, so my examination of the module itself was > superficial. The Datatracker says that Yang doctors looked at -18 on > 2021-01-12, which presumably means that -19 reflected their report. > The differences between the module in -19 and -28 appear to me to to > be minor. Ack. > 3.5. Strength of Keys Conveyed > > ... it is desireable ... > > Wiktionary describes "desireable" as "an archaic form of desirable". > The RFC Editor's opinion on this should probably be sought. Fixed. > 3.10. The "ietf-crypto-types" YANG Module > > The title of this section seems to be uninformative given that 'The > "ietf-crypto-types" YANG Module' is the subject of the entire > document. Is this title what was intended? For the most part, yes, I see your point. Maybe s/The/For the/ or s/The/Regarding the/? In any case, be aware that there exists an IETF-defined template for the Security Considerations section that is to be used for each YANG module defined in a draft. So, if a draft defines the three modules: ietf-foo-common, ietf-foo-client, and ietf-foo-server, the Security Considerations section contains the three subsections: The “ietf-foo-common" YANG Module The “ietf-foo-client" YANG Module The “ietf-foo-server" YANG Module Each containing an instance of the template for that YANG module. > Some of the readable data nodes defined in this YANG module may be > considered sensitive or vulnerable in some network environments. It > is thus important to control read access (e.g., via get, get-config, > or notification) to these data nodes. These are the subtrees and > data nodes and their sensitivity/vulnerability: > > The use of "These" in the last sentence does not have an unambiguous > referent as I read it. Perhaps "These subtrees/data nodes have these > particular sensitivities/vulnerabilities:" Similar considerations > apply to the last sentence of: > > Some of the operations in this YANG module may be considered > sensitive or vulnerable in some network environments. It is thus > important to control access to these operations. These are the > operations and their sensitivity/vulnerability: This text comes from the aforementioned template. That said, I agree that it’s not great. Perhaps, even better, “*The following* subtrees and data nodes have particular sensitivities/vulnerabilities”? > [END] Thanks again, Kent
- [netconf] Genart last call review of draft-ietf-n… Dale Worley via Datatracker
- Re: [netconf] [Last-Call] Genart last call review… Salz, Rich
- Re: [netconf] Genart last call review of draft-ie… Kent Watsen
- Re: [netconf] [Last-Call] Genart last call review… Kent Watsen
- Re: [netconf] Genart last call review of draft-ie… worley
- Re: [netconf] Genart last call review of draft-ie… Kent Watsen
- Re: [netconf] Genart last call review of draft-ie… worley
- Re: [netconf] [Gen-art] Genart last call review o… Lars Eggert
- Re: [netconf] [Gen-art] Genart last call review o… mohamed.boucadair