[netconf] today's updates to the client-server suite of drafts

Kent Watsen <kent+ietf@watsen.net> Sat, 02 November 2019 20:55 UTC

Return-Path: <0100016e2de6a66d-ff5aea75-edfc-4d98-8c0e-95674c411430-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6ECE12002F for <netconf@ietfa.amsl.com>; Sat, 2 Nov 2019 13:55:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZbtC6WB_r20r for <netconf@ietfa.amsl.com>; Sat, 2 Nov 2019 13:55:22 -0700 (PDT)
Received: from a8-64.smtp-out.amazonses.com (a8-64.smtp-out.amazonses.com [54.240.8.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F30D12001E for <netconf@ietf.org>; Sat, 2 Nov 2019 13:55:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1572728121; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:To:Feedback-ID; bh=j9uNOcCakKFFzl6+Nu6USujMmk1DZAeAQQSh52BU9rc=; b=EhdsQ9E1LphegI8EMoYF6z1Km3aFmpEGnS1UUbFjVvn4++100luu76xDKJ3qDeEg Ly6fzMZGXuMKf8d0Wa7Cs5+8qsY8YeYuLYdxoAjEm+NqgUttA6Pg9xBYgSS7vGj+vaR hCh3wRtbXghWE4jPZ/yHsE+vGjS0F3M2tkDUc1Vg=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_625C5E71-45EE-4CEA-A9D1-E576E844CECA"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-ID: <0100016e2de6a66d-ff5aea75-edfc-4d98-8c0e-95674c411430-000000@email.amazonses.com>
Date: Sat, 2 Nov 2019 20:55:21 +0000
To: "netconf@ietf.org" <netconf@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.11.02-54.240.8.64
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/5fDueNaKCXAR8CsOsY_Pyf2Op1g>
Subject: [netconf] today's updates to the client-server suite of drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2019 20:55:25 -0000

The biggest change is in the crypto-types draft, as it continues to try to grapple with the "algorithm" problem.  

I don't think there is consensus for having distinct "iana-" modules for each type of algorithm yet.  For one, if it were a module to be be supported by IANA, one might expect more of a template but, as the algorithm-lists pull from numerous RFCs, how to make a template wasn't clear to me and, besides, having a distinct module for each type of algorithm became a convenient way to define a "config false" list for the algorithms supported by the server.

In any case, I offer this update to the WG for discussion.  Below are the change logs for each draft.

Kent // contributor


===== change logs =====

crypto-types:

   o  Removed all non-essential (to NC/RC) algorithm types.

   o  Moved remaining algorithm types each into its own module.

   o  Added a 'config false' "algorithms-supported" list to each of the
      algorithm-type modules.



trust-anchors (truststore):

   o  Added Henk Birkholz as a co-author (thanks Henk!)

   o  Added PSKs and raw public keys to Truststore.



keystore:

   o  Updated YANG module and examples to incorporate the new
      iana-*-algorithm modules in the crypto-types draft.



tcp-client-server

   o  No update.




ssh-client-server

   o  Removed unnecessary if-feature statements in the -client and
      -server modules.

   o  Cleaned up some description statements in the -client and -server
      modules.

   o  Fixed a canonical ordering issue in ietf-ssh-common detected by
      new pyang.



tls-client-server

   o  Removed unnecessary if-feature statements in the -client and
      -server modules.

   o  Cleaned up some description statements in the -client and -server
      modules.

   o  Fixed a canonical ordering issue in ietf-ssh-common detected by
      new pyang.



http-client-server

   o  Removed "protocol-version" leaf in http-client-grouping.



netconf-client-server

   o  Added refinement to make "cert-to-name/fingerprint" be mandatory
      false.

   o  Commented out refinement to "tls-server-grouping/client-
      authentication" until a better "must" expression is defined.



restconf-client-server

   o  Added refinement to make "cert-to-name/fingerprint" be mandatory
      false.

   o  Commented out refinement to "tls-server-grouping/client-
      authentication" until a better "must" expression is defined.

   o  Updated restconf-client example to reflect that http-client-
      grouping no longer has a "protocol-version" leaf.