Re: [netconf] Last Call on Re: Today's update to client-server drafts
Kent Watsen <kent+ietf@watsen.net> Mon, 15 June 2020 14:59 UTC
Return-Path: <01000172b87e40fb-56f5a8d3-b671-4837-8ff3-4c377f720c0c-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A553A0D9B for <netconf@ietfa.amsl.com>; Mon, 15 Jun 2020 07:59:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffw2hgbILA3H for <netconf@ietfa.amsl.com>; Mon, 15 Jun 2020 07:59:43 -0700 (PDT)
Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0A8C3A0D3B for <netconf@ietf.org>; Mon, 15 Jun 2020 07:59:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1592233181; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=HF9QZydMvDpKr3DpYghSBdYwfPY7DE9ut1jNkavJAVA=; b=MJJbVoG2K6Q1+8NgcJTJlz6TrjI6kVmrsksmeK7wxgD8EPOkTbfGeeGl5xyxn0tu Q404wj+M9bb7wTFWsO6VyUXOgISFLJUl5XfqSklzOJHGSuezF6+cR3d9mo0RR6ryBvg xtWOUMRLvKdLsudm+I9T4vzve1ETeDSQihBecVhI=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000172b87e40fb-56f5a8d3-b671-4837-8ff3-4c377f720c0c-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4103BAC3-F0A1-4CA4-9553-37D5C3123845"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Mon, 15 Jun 2020 14:59:41 +0000
In-Reply-To: <DBAPR07MB701671D1E66A7C53FB559072A0810@DBAPR07MB7016.eurprd07.prod.outlook.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
To: tom petch <ietfc@btconnect.com>
References: <0100017233fe7ff7-8e22b4b1-aa03-4c8e-bf9d-fdbc7d3e41fd-000000@email.amazonses.com> <85A8ECA9-8875-45FA-839B-50CE35F6C8BA@gmail.com> <DBAPR07MB701671D1E66A7C53FB559072A0810@DBAPR07MB7016.eurprd07.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-SES-Outgoing: 2020.06.15-54.240.8.31
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4SNP-U3rGxwddk7keYkbDPwgoww>
Subject: Re: [netconf] Last Call on Re: Today's update to client-server drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 14:59:45 -0000
Hi Tom, > On Jun 12, 2020, at 12:30 PM, tom petch <ietfc@btconnect.com> wrote: > > From: netconf <netconf-bounces@ietf.org> on behalf of Mahesh Jethanandani <mjethanandani@gmail.com> > Sent: 22 May 2020 06:14 > > <tp> > I am sure I saw a Last Call but cannot now find it. It looks like you have now found/reply to that thread. :) > I wonder if there is anyone in the IETF who is familiar with this work and with RFC8635; would these I-D meet the needs of RFC8635 which I have always seen as one of the two use cases for this work? I just read the first couple pages. Yes, this work, keystore in particular, seems complementary to RFC 8635. Both the “router-driven” and “operator-driven” methods are supported though, with the recent removal of the key-generation RPCs, the “operator-driven” approach is tempered a bit. Note that the paragraph at the top of Page 3 mimics Section 5.3 (Migrating Configuration to Another Server) in the keystore draft: For example, when an operator wants to support hot-swappable routers, the same private key needs to be installed in the soon-to-be online router that was used by the soon-to-be offline router. This motivated the operator-driven method. > In passing, trust anchors registers prefix ta; logical except that the I-D uses ts Good catch. Corrected here: https://github.com/netconf-wg/trust-anchors/commit/43017b3a448d46a47526b138df551748b92df146 <https://github.com/netconf-wg/trust-anchors/commit/43017b3a448d46a47526b138df551748b92df146> > Tom Petch > > What would it take to get the remaining drafts into WGLC? I recently answered this question for Mahesh here: https://mailarchive.ietf.org/arch/msg/netconf/UDNkN5SOmeDaHA5pHYhe-v0l6MI/ <https://mailarchive.ietf.org/arch/msg/netconf/UDNkN5SOmeDaHA5pHYhe-v0l6MI/> Kent // contributor >> On May 20, 2020, at 2:30 PM, Kent Watsen <kent+ietf@watsen.net> wrote: >> >> >> The entire suite of drafts were updated today. >> The first three drafts are ready for WGLC. >> All of the other drafts are almost ready for WGLC. >> Below is the Change Log entry for each draft. >> >> K. >> >> >> For all drafts: >> >> o Added a "Note to Reviewers" note to first page. >> >> >> For crypto-types: >> >> o Removed the IANA-maintained registries for symmetric, asymmetric, >> and hash algorithms. >> >> o Removed the "generate-symmetric-key" and "generate-asymmetric-key" >> RPCs. >> >> o Removed the "algorithm" node in the various symmetric and >> asymmetric key groupings. >> >> o Added 'typedef csr' and 'feature certificate-signing-request- >> generation'. >> >> o Refined a usage of "end-entity-cert-grouping" to make the "cert" >> node mandatory true. >> >> >> For trust-anchors: >> >> o Removed "algorithm" node from examples. >> >> o Removed the no longer used statements supporting the old "ssh- >> public-key" and "raw-public-key" nodes. >> >> >> For keystore: >> >> o Removed augments to the "generate-symmetric-key" and "generate- >> asymmetric-key" groupings. >> >> o Removed "generate-symmetric-key" and "generate-asymmetric-key" >> examples. >> >> o Removed the "algorithm" nodes from remaining examples. >> >> o Renamed/updated the "Support for Built-in Keys" section. >> >> o Added new section "Encrypting Keys in Configuration". >> >> >> For tcp-client-server: >> >> o Removed commented out "grouping tcp-system-grouping" statement >> kept for reviewers. >> >> >> For ssh-client-server: >> >> o Updated the "keepalives" containers to address Michal Vasko's >> request to align with RFC 8071 >> >> o Removed algorithm-mapping tables from the "SSH Common Model" >> section >> >> o Removed 'algorithm' node from examples. >> >> o Added feature "client-identity-publickey" >> >> o Removed "choice auth-type", as auth-types aren't exclusive. >> >> o Renamed both "client-certs" and "server-certs" to "ee-certs" >> >> o Switch "must" to assert the public-key-format is "subject-public- >> key-info-format" when certificates are used. >> >> >> For tls-client-server: >> >> o Updated the "keepalives" containers in part to address Michal >> Vasko's request to align with RFC 8071 and in part to better align to RFC 6520 >> >> o Removed algorithm-mapping tables from the "TLS Common Model" >> section >> >> o Removed the 'algorithm' node from the examples. >> >> o Renamed both "client-certs" and "server-certs" to "ee-certs" >> >> >> For http-client-server: >> >> o Removed "protocol-versions" from ietf-http-server based on HTTP WG >> feedback. >> >> o Slightly restructured the "proxy-server" definition in ietf-http- >> client. >> >> o Added http-client example show proxy server use. >> >> >> For netconf-client-server: >> >> o Updated examples to remove the 'algorithm' nodes. >> >> o Updated examples to reflect the new TLS keepalives structure. >> >> o Added keepalives to the tcp-client-parameters section in the >> netconf-server SSH-based call-home example. >> >> o Added a TLS-based call-home example to the netconf-client example. >> >> >> For restonf-client-server: >> >> o Updated examples to remove the 'algorithm' nodes. >> >> o Updated examples to reflect the new TLS keepalives structure. >> >> o Removed the 'protocol-versions' node from the restconf-server >> examples. >> >> >> >> >> _______________________________________________ >> netconf mailing list >> netconf@ietf.org >> https://www.ietf.org/mailman/listinfo/netconf > > Mahesh Jethanandani (as co-chair) > mjethanandani@gmail.com > > > > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf
- Re: [netconf] Today's update to client-server dra… Mahesh Jethanandani
- [netconf] Today's update to client-server drafts Kent Watsen
- Re: [netconf] Today's update to client-server dra… Kent Watsen
- [netconf] Last Call on Re: Today's update to clie… tom petch
- Re: [netconf] Last Call on Re: Today's update to … Kent Watsen