IETF Logo Mail Archive

Re: [Netconf] Draft Charter Proposal for NETCONF WG

Kent Watsen <kwatsen@juniper.net> Tue, 21 March 2017 18:56 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37ED1270A0 for <netconf@ietfa.amsl.com>; Tue, 21 Mar 2017 11:56:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmE2iWeisdef for <netconf@ietfa.amsl.com>; Tue, 21 Mar 2017 11:56:35 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0129.outbound.protection.outlook.com [104.47.37.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3507D128ACA for <netconf@ietf.org>; Tue, 21 Mar 2017 11:56:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Fs83qC0QuHAdUHEN3XGKhyhvrvhdyBhkzH4vggvIyig=; b=Cp1+8KyDYBKpUy2KG/2r+own/aL1Ph/aPmiJ9QhfuIlTBEHoz/ukkdB1LuDEX8Hmy+529wI+1+ldeFLn4MClOj9+hAxI7RxsfklN4Xm89l8qfMkp0gQrmnEHNibBg6TmknACxs0SvjPdPQ0J33L4CIsSo5BWipd8sySBrdyOsaQ=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1444.namprd05.prod.outlook.com (10.160.117.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Tue, 21 Mar 2017 18:56:32 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.0991.013; Tue, 21 Mar 2017 18:56:32 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "t.petch" <ietfc@btconnect.com>, Mehmet Ersue <mersue@gmail.com>, 'Benoit Claise' <bclaise@cisco.com>, 'Netconf' <netconf@ietf.org>
Thread-Topic: [Netconf] Draft Charter Proposal for NETCONF WG
Thread-Index: AdKROeE3Cc7ORdXbRmOFzdaoTO5UHAAgSeNTAAMyYgAABKtfAAAmUhvuAAqrwYAAXzKn3gAB6uUAAAIQ/gAAyiJeAAAC57eAAAAVAwAAAlfsAAACJWiAAAN6WAD//+pRAIAPgnqAgATDTICAASefpIAAKg0AgABUkwD//9E3gA==
Date: Tue, 21 Mar 2017 18:56:32 +0000
Message-ID: <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net>
References: <CABCOCHSacn15vfo8MR0K-UJJo6E0AZ14Gwj3M43KYkgbtwK8Kg@mail.gmail.com> <005101d2975f$ae87ac20$0b970460$@ndzh.com> <017d01d29769$0df70b20$29e52160$@gmail.com> <010701d29771$a45f66e0$ed1e34a0$@ndzh.com> <026601d2977f$8d059600$a710c200$@gmail.com> <685B9088-7557-4C6E-9A8F-54C3208DB312@juniper.net> <7217bc23-0e1e-c250-929d-e18c3f0a800f@cisco.com> <07b601d2a197$9865d5b0$c9318110$@gmail.com> <02ee01d2a22b$295b2be0$4001a8c0@gateway.2wire.net> <BA52FB19-D4B9-4E1A-BFE5-7CCE6F5554B1@juniper.net> <20170321174358.GA36769@elstar.local>
In-Reply-To: <20170321174358.GA36769@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: jacobs-university.de; dkim=none (message not signed) header.d=none;jacobs-university.de; dmarc=none action=none header.from=juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.241.11]
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1444; 7:UX6xl8N/YV95iDD66+3HM6AHqqRsVdSSpljbqOddpdiPT2pUIXDhN2hD0ukAFJj1+BuvKGmcTKWjFDhZq/bQfwpUrKHgimHhkVQlqlGtDeLkhbdBFTuLpGb/PIFaOIXvxrkwguLWn13wLPn9MMM/zpREWHInSE4PnQvnICmlFUc5lWalMIIftLKMEkrakOjMZCjY/afSkUvv+R93di2hG5SCjd9CoM8bGLlKB+Cmq5QJS96zavd/YR8NqK8DlQ3xTHhhKP9edFwZJdex6OTPEL7aPF2IEm2vj93oDQONMKWcHMr6tyPB6EjgL52miLN5L5VQxuzhE9lucZtH2w17zw==
x-ms-office365-filtering-correlation-id: 327ff9e5-f7cc-4366-91de-08d4708bfde4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081); SRVR:BN3PR0501MB1444;
x-microsoft-antispam-prvs: <BN3PR0501MB1444878E93196E88A398283FA53D0@BN3PR0501MB1444.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(138986009662008)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123560025)(20161123562025)(20161123555025)(20161123564025)(6072148); SRVR:BN3PR0501MB1444; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1444;
x-forefront-prvs: 02530BD3AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39860400002)(39450400003)(39410400002)(39850400002)(13464003)(377454003)(45074003)(24454002)(99286003)(54906002)(305945005)(3660700001)(6246003)(122556002)(86362001)(8666007)(39060400002)(3280700002)(4326008)(110136004)(38730400002)(7736002)(53936002)(551544002)(83716003)(6436002)(25786009)(83506001)(2900100001)(6306002)(2906002)(6512007)(82746002)(8676002)(68736007)(33656002)(229853002)(561944003)(6506006)(77096006)(6486002)(93886004)(189998001)(106356001)(5660300001)(50986999)(81166006)(76176999)(54356999)(66066001)(8936002)(3846002)(6116002)(102836003)(36756003)(53546009)(2950100002)(6916009)(4001350100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1444; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <0DD787651A98CE4E9BE102916CA304AD@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2017 18:56:32.6541 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1444
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/6Hi0yqaoiwgXECbHzusmMuUMH88>
Subject: Re: [Netconf] Draft Charter Proposal for NETCONF WG
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 18:56:39 -0000

Again, a keystore is not limited to asymmetric keys.   At the moment it is exclusively asymmetric, but that's only because we (the authors) moved the passwords (read symmetric keys) that were present in the previous version to the ietf-ssh-client module, but they may return, as many real-world keystore mechanisms do manage passwords as well (e.g., Mac OSX's Keychain Access utility).

The module names are fine, but we could update the draft title. How about "A System-level Keystore Model"?

K.


-----ORIGINAL MESSAGE-----

Unfortunately, nobody likes to make the distinction symmetric keys vs
asymmetric keys clear and obvious - instead we have keystore
vs. keychain and draft titles such as 'Keystore Model' and 'Routing
Key Chain YANG Data Model'. And authors then prefer to qualify things
as 'routing' and 'system' in the abstract, which does not help either.
I meanwhile have given up on this.

/js

On Tue, Mar 21, 2017 at 04:41:17PM +0000, Kent Watsen wrote:
> Hi Tom,
> 
> We renamed our "keychain" module to "keystore" about four months ago, in part to help disambiguate it from the rtgwg's "key-chain" module.  The rtgwg's key-chain module is specific to symmetric keys used in routing protocols, whereas the netconf keystore module is primarily focused on asymmetric keys used in authentication protocols.  We discussed a while back (> 1yr ago) about potential overlap and decided that there was none.  During YANG doctor review, I encouraged Acee to add a statement about the non-relationship, but he didn't go for it.  FWIW, the PCE-PCEP module plans to use both the key-chain and keystore modules.
> 
> Kent
> 
> 
> -----ORIGINAL MESSAGE-----
> 
> What interaction, if any, is there between
> 
> draft-ietf-rtgwg-yang-key-chain-15.txt
> This document describes the key chain YANG data model.
> file "ietf-key-chain@2017-02-16.yang"
> 
> currently in IETF Last Call, and
> 
> draft-ietf-netconf-system-keychain-00
> This document defines a YANG data module for a system-level keychain
> mechanism
> file "ietf-system-keychain@2016-07-08.yang"
> 
> ?
> 
> Tom Petch
> 
> 
> ----- Original Message -----
> From: "Mehmet Ersue" <mersue@gmail.com>
> To: "'Benoit Claise'" <bclaise@cisco.com>; "'Susan Hares'"
> <shares@ndzh.com>
> Sent: Monday, March 20, 2017 4:32 PM
> 
> > Dear All,
> >
> >
> >
> > based on the recent discussion and proposals please find below the
> updated
> > charter proposal for NETCONF WG.
> >
> > Please comment before March 24, 2017.
> >
> >
> > Following Benoit's support the I2RS-related additions have been added
> as a
> > separated item.
> >
> > Being dependent on netmod-revised-datastores point 6 and 7 have been
> defined
> > as a goal without a deadline.
> >
> >
> > Mehmet
> >
> >
> > Network Configuration (netconf)
> >
> > -------------------------------
> >
> >
> >
> > Charter
> >
> >
> >
> > Current Status: Active
> >
> >
> >
> > Chairs:
> >
> >      Mahesh Jethanandani <mjethanandani@gmail.com>
> >
> >     Mehmet Ersue <mersue@gmail.com>
> >
> >
> >
> > Operations and Management Area Directors:
> >
> >      Benoit Claise <bclaise@cisco.com>
> >
> >      Joel Jaeggli <joelja@bogus.com>
> >
> >
> >
> > Operations and Management Area Advisor:
> >
> >      Benoit Claise <bclaise@cisco.com>
> >
> >
> >
> > Mailing Lists:
> >
> >      General Discussion: netconf@ietf.org
> >
> >      To Subscribe:    https://www.ietf.org/mailman/listinfo/netconf
> >
> >      Archive:
> <https://mailarchive.ietf.org/arch/browse/netconf/>
> > https://mailarchive.ietf.org/arch/browse/netconf/
> >
> >
> >
> > Description of Working Group:
> >
> >
> >
> >   Configuration of networks of devices has become a critical
> requirement
> >
> >   for operators in today's highly interconnected networks. Large and
> >
> >   small operators alike have developed their own mechanisms or have
> used
> >
> >   vendor specific mechanisms to transfer configuration data to and
> from
> >
> >   a device and to examine device state information which may impact
> the
> >
> >   configuration. Each of these mechanisms may be different in various
> >
> >   aspects, such as session establishment, user authentication,
> >
> >   configuration data exchange, and error responses.
> >
> >
> >
> >   The NETCONF protocol (RFC 6241) provides mechanisms to install,
> >
> >   manipulate, and delete the configuration of network devices. NETCONF
> >
> >   is based on the secure transport (SSH is mandatory to implement
> while
> >
> >   TLS is an optional transport). The NETCONF protocol is data modeling
> >
> >   language independent, but YANG (RFC 7950) is the recommended NETCONF
> >
> >   modeling language, which introduces advanced language features for
> >
> >   configuration management.
> >
> >
> >
> >   NETCONF WG recently finalized the development of RESTCONF protocol
> >
> >   (RFC 8040) which provides an interface over HTTPs for accessing data
> >
> >   defined in YANG. RESTCONF is based on the capabilities and uses the
> >
> >   datastore concept defined in the NETCONF protocol specification. In
> >
> >   support of RESTCONF the YANG-Patch (RFC 8072) mechanism has been
> >
> >   provided for applying patches to configuration datastores. The YANG
> >
> >   Module Library (RFC 7895) provides information about all YANG
> modules
> >
> >   used by a network management server.
> >
> >
> >
> >   Last but not least NETCONF and RESTCONF Call Home (RFC 8071) have
> been
> >
> >   developed, which enable a server to initiate a secure connection to
> a
> >
> >   NETCONF or RESTCONF client respectively.
> >
> >
> >
> >   In the current phase of NETCONF's incremental development the
> >
> >   workgroup will focus on following items:
> >
> >
> >
> >   1. Finalize the YANG data module for a system-level keystore
> mechanism,
> >
> >   that can be used to hold onto asymmetric private keys and
> certificates
> >
> >   that are trusted by the system advertising support for this module.
> >
> >   Based on the known dependencies this draft has the highest priority
> >
> >   for the WG.
> >
> >
> >
> >   2. Finalize Server and Client Configuration YANG modules for both
> >
> >   NETCONF and RESTCONF as well as the Client and Server Models for SSH
> >
> >   and TLS.
> >
> >
> >
> >   3. Finalize the Zero-touch provisioning for NETCONF or
> RESTCONF-based
> >
> >   Management as a technique to establish a secure network management
> >
> >   relationship between a newly delivered network device configured
> with
> >
> >   just its factory default settings, and the Network Management
> System)
> >
> >
> >
> >   4. Provide a revised version of RFC 6536 (NETCONF Access Control
> >
> >   Model) by adding support for RESTCONF and the YANG 1.1. constructs
> >
> >   like "action" and the "notification" statements.
> >
> >
> >
> >   5. Provide a set of documents enabling advanced notification/
> >
> >   subscription capabilities, which gracefully co-exist in a deployment
> >
> >   of RFC 5277. The new capabilities include e.g. transport
> independence,
> >
> >   multiple dynamic and configured subscriptions in a transport
> >
> >   session. RFC 5277 will be obsoleted in parallel to the publication
> of
> >
> >   the new document set. Following specifications will be addressed:
> >
> >    - Protocol-neutral notification framework, i.e., explaining the
> >
> >      concepts of subscriptions, filters, subscription state
> >
> >      notifications, replay, etc. and defining the associated YANG data
> >
> >      model, RPCs, etc.
> >
> >    - Definition of notifications sent over NETCONF and how YANG
> >
> >      notifications are encoded in XML and JSON. Include considerations
> >
> >      for parallel support / implementation compatibility with
> RFC-5277.
> >
> >    - Definition of notifications sent over RESTCONF and HTTP2 and how
> >
> >      YANG notifications are encoded in XML and JSON. Include specifics
> >
> >      of call-home and heartbeat for subscriptions.
> >
> >    - The subscription and push mechanism for YANG datastores allowing
> >
> >      subscriber applications to request updates from a YANG datastore.
> >
> >
> >
> >   6. Provide a revision for the NETCONF and RESTCONF protocols and the
> >
> >   used datastore framework building on the datastore concept in NETMOD
> >
> >   revised datastores work. Bug fixing will be done and potential
> >
> >   extensions will be added. Provide guidance on how to adapt and use
> >
> >   YANG with NETCONF and RESCONF protocols. NETCONF XML Encoding Rules
> >
> >   from RFC 7950 will be moved to RFC6241bis.
> >
> >
> >
> >   7. Define capabilities for NETCONF and RESTCONF to support I2RS
> protocol
> >
> >   and ephemeral state datastore requirements.
> >
> >
> >
> >   Based on the implementation, deployment experience and inter-
> >
> >   operability testing, the WG aims to produce a NETCONF status report
> >
> >   in a later stage. The result may be clarifications for RFC6241 and
> >
> >   RFC6242 and addressing any reported errata.
> >
> >
> >
> >
> >
> > Goals and Milestones:
> >
> >   Done     Submit NETCONF/RESTCONF Call Home to AD/IESG for
> consideration as
> > Proposed Standard
> >
> >   Done     Submit YANG Library to AD/IESG for consideration as
> Proposed
> > Standard
> >
> >   Done     Submit RESTCONF to AD/IESG for consideration as Proposed
> Standard
> >
> >   Done     Submit YANG Patch to AD/IESG for consideration as Proposed
> > Standard
> >
> >
> >
> >   May 2017  WGLC for Zero-touch configuration mechanism
> >
> >   Jun 2017  Submit Zero-touch configuration to AD/IESG for
> consideration as
> > Proposed Standard
> >
> >   May 2017  WGLC for system-level keystore mechanism
> >
> >   Jun 2017  Submit keystore mechanism to AD/IESG for consideration as
> > Proposed Standard
> >
> >   May 2017  WGLC for Server and Client models for NETCONF and RESTCONF
> >
> >   Jun 2017  Submit Server and Client Configuration models to AD/IESG
> for
> > consideration as Proposed Standard
> >
> >   May 2017  WGLC for Client and Server Models for SSH and TLS
> >
> >   Jun 2017  Submit Client and Server Models for SSH and TLS to AD/IESG
> for
> > consideration as Proposed Standard
> >
> >   Jun 2017  WGLC for RFC 6536bis (NETCONF Access Control Model)
> >
> >   Jul 2017  Submit RFC 6536bis to AD/IESG for consideration as
> Proposed
> > Standard
> >
> >   Jun 2017  WGLC for advanced Notification/Subscription specifications
> >
> >   Jul 2017  Submit Notification/Subscription specifications to AD/IESG
> for
> > consideration as Proposed Standard
> >
> >
> >
> >
> >
> > From: Benoit Claise [mailto:bclaise@cisco.com]
> > Sent: Friday, March 17, 2017 4:49 PM
> > To: Kent Watsen <kwatsen@juniper.net>; Mehmet Ersue
> <mersue@gmail.com>;
> > 'Susan Hares' <shares@ndzh.com>; 'Andy Bierman' <andy@yumaworks.com>
> > Cc: 'Netconf' <netconf@ietf.org>
> >
> >
> >
> > On 3/8/2017 12:57 AM, Kent Watsen wrote:
> >
> > I agree with Mehmet, any changes to the NC/RC protocols should be done
> in
> > the NETCONF WG.
> >
> > +1.
> >
> > Regards, Benoit
> >
> >
> 
> <snip>
> 
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
> 
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email