Re: [Netconf] Adoption poll for crypto-types and trust-anchors

Kent Watsen <kwatsen@juniper.net> Tue, 01 May 2018 21:57 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B974126BF6 for <netconf@ietfa.amsl.com>; Tue, 1 May 2018 14:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BvVDsLzemH6 for <netconf@ietfa.amsl.com>; Tue, 1 May 2018 14:57:27 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 602481200C5 for <netconf@ietf.org>; Tue, 1 May 2018 14:57:27 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w41Lu8tv010364 for <netconf@ietf.org>; Tue, 1 May 2018 14:57:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=PYGfmovh4fQ70SPIz48aq1RZ3HzKIU0EsoMeOZzrb0g=; b=RTmDIiMy0ZiMw6+894RGAuUbi/mXCw/bzsQvTrl1x9IjsKfkautdtf1AJM5OX8fCOhTx vCuq6OvNQjo4rKUdW61Jk3e+cwYi2Q8Y9M56BzWujtn//OikBeIjSrBq1z5txCsUrYhg C488Gyq1tWVsdHNlSn8iRe2MWy9Yu+3vc3LZoMDU6wNusuPuTiELV0+4KOoTf2+g5G45 Zkm8K120dQ/4ujc6CeSlm/8rF6SLagLQgfvWLKmajpUhAC0SwujChv5wjwvfBJGCH2m8 Po7yoIDL/xVWh/NikGmFzr5eYmpJ973WBGkGHSztO3FN41J7IDW5on2vISmcGKdfjFjk Jw==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp0018.outbound.protection.outlook.com [216.32.181.18]) by mx0b-00273201.pphosted.com with ESMTP id 2hpxcmg7fp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <netconf@ietf.org>; Tue, 01 May 2018 14:57:26 -0700
Received: from BYAPR05MB4230.namprd05.prod.outlook.com (52.135.200.153) by BYAPR05MB4134.namprd05.prod.outlook.com (52.135.199.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.735.12; Tue, 1 May 2018 21:57:24 +0000
Received: from BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::44ac:d4a9:49d0:101e]) by BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::44ac:d4a9:49d0:101e%13]) with mapi id 15.20.0735.006; Tue, 1 May 2018 21:57:24 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [Netconf] Adoption poll for crypto-types and trust-anchors
Thread-Index: AQHT4ZdiE1StDHKmY0ObCbLSRyDgog==
Date: Tue, 1 May 2018 21:57:24 +0000
Message-ID: <D972EDFC-AEF6-4BC7-82A9-BE1DA350FDAA@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4134; 7:X2f+XrMjDupPoHjWAJv539JKHAplWS75hucCOqZ/jNx6qxYGfyU8Le+uHnEdqftsyM73WV9ERernN73/OjPNo7c1t/RvddyCSitGwbM2xxLLt+1VdCaXYe4mfPP+paDjCCk2YVYBv2v9pZzuTFe5ZZy6GhbmnAuTgfKLQhxuoVoEKO5IiF9rUb7oBcWbF8cCkYfikv+/aFbFccGJrzn7/yxvbDg6JkXXwKo588w/Lo7GZM7B9pRZI5xODuCtge/Z
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4134;
x-ms-traffictypediagnostic: BYAPR05MB4134:
x-microsoft-antispam-prvs: <BYAPR05MB413459F7B3C406D3997E69CFA5810@BYAPR05MB4134.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(10436049006162)(788757137089);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231254)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(6041310)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:BYAPR05MB4134; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4134;
x-forefront-prvs: 06592CCE58
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(39380400002)(366004)(376002)(346002)(189003)(199004)(6916009)(966005)(86362001)(82746002)(575784001)(478600001)(33656002)(14454004)(8676002)(81156014)(8936002)(81166006)(1730700003)(36756003)(305945005)(6116002)(3846002)(5250100002)(83716003)(2501003)(58126008)(316002)(7736002)(2900100001)(2906002)(2616005)(105586002)(486006)(476003)(186003)(59450400001)(2351001)(53936002)(26005)(6486002)(6512007)(6306002)(3280700002)(99286004)(66066001)(25786009)(3660700001)(6246003)(5660300001)(97736004)(6436002)(6506007)(106356001)(102836004)(229853002)(68736007)(5640700003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4134; H:BYAPR05MB4230.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 2BTCnwZyM2j2ms4r57WsRbWUxHuHal8hkMODM1+t/jo1odFUPjOeYmL3mSXlfBIF2eVJWSGFIu+dvqWO35K1BxiAL/+mRyGHd65LxOfUAxBVONNVaf0VqDauq+jqcHyW8ve8j/xdSsiIbYodDLl6pFqXQrRa8ho6oGf0UBQGTQIpxJ7CCH/1XZP49TPcfPF1
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <F395996AEF835B48A2A0889DD2C03ECF@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 4cb0d816-ff6e-48bb-4f14-08d5afae8598
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 4cb0d816-ff6e-48bb-4f14-08d5afae8598
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2018 21:57:24.3002 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4134
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-01_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805010210
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4iiXVBi4H9Brs9R1E1POIWiSBsg>
Subject: Re: [Netconf] Adoption poll for crypto-types and trust-anchors
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 21:57:30 -0000

[I'll get the ball rolling, please, others chime in too]

I support the adoption of these two drafts to replace the existing keystore draft.

Regarding the "certificate-expiration" notification defined in ietf-crypto-types, I would like to discuss removing it, or moving it to be a descendent of the "certificates-grouping" grouping (also in ietf-crypto-types) and maybe also place a copy of the notification in the ietf-trust-anchors module.  That said, I don't like having several otherwise identical notifications in different namespaces, but I do like how the server can incrementally add support for expirations on a feature-by-feature basis.

Kent // contributor


===== original message =====

This is the start of a *two* week poll for adopting the following two drafts as working group documents, specifically to replace draft-ietf-netconf-keystore, which would be removed as a working group document: 

  draft-kwatsen-netconf-crypto-types-00
  draft-kwatsen-netconf-trust-anchors-00

This call for adoption is the result of the Keystore draft presentation given in London.  When the various options were discussed, most preferred to move forward with these two drafts, as opposed to looking to do more factoring or extending to scope to include things not needed by our various client/server drafts.  No one expressed interest in moving forward with draft-ietf-netconf-keystore.  While we could separately confirm this result again on the list, we believe that an adoption call more efficiently achieves two goals at once.

Please send email to the list indicating "yes/support" or "no/do not support".  If indicating no, please state your reservations with the document.  If yes, please also feel free to provide comments you'd like to see addressed once the document is a WG document.

Kent (and Mahesh and Ignas)




_______________________________________________
Netconf mailing list
Netconf@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netconf&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=qXS002RrOOkzqTDm70cWjg7eJeWqtpC_anWUcc9a_3I&s=1W689R8ht-U3FoffJ5uTT24SAPRtiQ9a9B3VxQxM_Wg&e=