Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
tom petch <ietfc@btconnect.com> Thu, 12 January 2023 12:21 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27209C151719 for <netconf@ietfa.amsl.com>; Thu, 12 Jan 2023 04:21:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5s_aSTdCKIJb for <netconf@ietfa.amsl.com>; Thu, 12 Jan 2023 04:21:18 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2100.outbound.protection.outlook.com [40.107.249.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 555A8C151711 for <netconf@ietf.org>; Thu, 12 Jan 2023 04:21:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nogz9BC0ODlfQMTBg0xPblvf3+yI5X3ajFJi6WC4OXUSStWJp8cbT3hSTKANMEQTm7GsbSKkC2BDHY41cUCdyTDKj3mmIVmzx+/ayfyplTjQBPFdQuX4ndGSNeBVtEliZq4O2XagGwBAwwwAKBSwWw8KY/6qGzdfm5VjKIP14TkyOixAuNyuCH+h8XvQ2HptbCLrwHOtLwfycj+H2+WNK6iTwn7DDBsL4cAC2D3oLd1h/jr3vI+WEEilDnf3YiB/eRm5QTxBwAvnyFa4bkZeG0QHLCa5iV5pbCv/CAgEvCtI9teBd+nm/IKPL6YpsYUpkwwl9bEC09U6ZzavSEBlrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=26h4WtErVPWTvh+yDODg+nkJrQn6xeqNishEfqkGJBQ=; b=SNeR4nalrEnBsAJ+/IpGRDwpXzkqiq0kBzdHoV39gIa/579cO14JUFQ+Y3J51DhZBSbh5OxuCDbnv9QYy9g+Lb6FyTTL55aydFKlhMdxzAZirDL5CBdTzc0Lvrbtedo3QX+D1Xcmb+kwFNoFVV6kH0if5ldXll/7um1fuGtPSD7yLSuOQFwHFYNt3h1gasJW/N2k4HjuWOus2MKO3wsh0OYFm5xYd59CexAL/qa4fJWJzHUnvQUy+CxnCJJ6ZCxs4m4r46iEoWl0E9HaFuKjHTXtd2QbQT31AccmeMXxYCadNOyjlRPVM36mL2G9/ebbU0dtgldSPCrwPG/DwGfOZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=26h4WtErVPWTvh+yDODg+nkJrQn6xeqNishEfqkGJBQ=; b=WQBdysSCWDzQ1B8F1rA6E0vH+rx1iCIQTq4OPonsZ0cC37rnmk4GDutMUKakCNSajLjA05ZAO1U8fco/rTzuNobZLrNKm1Zgm9AZW81bVWKPEb3yDKuy9mafeGUQjmQG7eyC7Ihseq4GQEUZBFxMecktJd5+HiGZnLQrpx1eV6I=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by PR3PR07MB6729.eurprd07.prod.outlook.com (2603:10a6:102:73::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.19; Thu, 12 Jan 2023 12:21:00 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::86cd:e36d:9333:8537]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::86cd:e36d:9333:8537%4]) with mapi id 15.20.5986.018; Thu, 12 Jan 2023 12:21:00 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>, Mahesh Jethanandani <mjethanandani@gmail.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
Thread-Index: AQHZJoBU1QtPmTf5aU2S8JGvSqKeCg==
Date: Thu, 12 Jan 2023 12:21:00 +0000
Message-ID: <AM7PR07MB624814A8E0C4A0CA86B2F3CFA0FD9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <BBA86E54-570B-4257-A67F-CBBD37F62CC6@gmail.com> <010001850717709c-1c366be3-81ff-461b-a35e-6ccf83b98a52-000000@email.amazonses.com>
In-Reply-To: <010001850717709c-1c366be3-81ff-461b-a35e-6ccf83b98a52-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|PR3PR07MB6729:EE_
x-ms-office365-filtering-correlation-id: aea802ff-064e-4070-2565-08daf4977760
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YjWEsdKa3sTR2/k2cDAOTfgtOtkC9A33tsGxIbDc1d/OBrWp+C3gkZ4XZHK5+MvMRNZO7pWwBC4NV45JupxuKdoztIDeeqNeZATjLqbx7Y6YYJUzrzzBXvnoArcvgFmemjSEKEddRq5Q/yDhwKq8dMOdxvbK8JShUYfkAaGXrd1/X3cyZxd67neVkJWUxp8MXmQl0zhYXh5+RoJOqeRFHUSsiKKMLTq6j/VZk0Nq84I+Vk0j1j9PU97f+UA1PyuWG46VnytBQsIxtN4N80/678yGHl717xBt+sGY5fpoDp244RvTZGByZnOmjWEXIug6DgJ7cmtZPbn2o8s7uINGoR4j0VyUql9XVDva5y7vw95vULqpO5PFi1zbIJNPCv6yHdN/Oj8K+KpDbiXRIiXEKSM7+QnjjJ7jQKfhAy0yczj0vyx+7d51KrXTEKKvIh1T5lg0WCTLNdizwS+8vd0EwEMsmcQLElh8cev/ds4R7Ll3eKgT8HunaiguhkKl4UJcngNn2SklrofcslZlG73M6OkW1JiPQocGjE7qRcH1T1v1YLX9TH8HlkscgEdZpagmc/kc1ov1swqDKkC3u53JIl9eHtxCo1wh2J9C/ww/IJCWC7C60+k0e2scPGBaWSJhUMocr03C8x3j9xpbXzC8il4Wk1GdbUGB8nzMtFj/Y8fskVOatr1ZNIoKBnzLQ+JLfJD4k2a+TDpecOK9P5zOgg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(366004)(376002)(346002)(396003)(39860400002)(136003)(451199015)(38100700002)(122000001)(83380400001)(33656002)(82960400001)(86362001)(38070700005)(5660300002)(2906002)(4326008)(66556008)(66476007)(66446008)(64756008)(52536014)(76116006)(8936002)(66946007)(8676002)(41300700001)(55016003)(26005)(6506007)(186003)(53546011)(9686003)(7696005)(110136005)(316002)(91956017)(478600001)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YwYggPQa02hCbalxkiFpXaiBCF2dRo9WPfjxrfP67zLner4HwAzWfSud40qjou4ud0o0291cDQpbeQk2RHY2x1G0z3ACE4zf/n8MrdRGxdINm1LnF1fS23WyGphZD9s5O68mtyCw0cIa5+xHtEEbEG+awJBh4EaA+1TkqrjVeAzr/G7QgSl8p3dcI7BMNBPb2L//lyGK/gVXoJqoFgwi0D/MaS9jgGZGJmTeSjG5pNoUakW11EHjBI9ElrbroWaYKVpAxbK7vrC2ktCQVXiVXZ91kSwm00Pue8rUPgEDixctEx+lgiSqTbbFoiHF/Qo2e640r3ZTmXmfFJk7lx4ODRh/Ipf2094Ugt3NvJFR7jK1KncBgvO7EU7leAY+xaXUJfs751kosh8CHL+zbAWg8lLwRgTteWl0OHB3JYtdWfufCR+6qJUw1v1E9IAgv3/IvbSglnYBp3k+VAK075EkR8XvZgX6iMXXEj5P63lTMfiaqzSUCVXo0TCiKFyXM8xdNpeWNMB1Ne7CbbDReaw+Lt2bLL2fMhE9osDiYQtYWTg5Uv0oEOE79abG43W5IeiNuOLOhZeZkWldkxDmiJxZmuIxk3FE6vf6sCRJfQ/ndmSjLQZJAt5DAaS0z7c7hmgMqJLU6jY3vji6zN3qoM2Er7BVrGM8mq7FLsCl84P764CxfA4iFcYxye5UFg/j0LQUoH39BnF2CHhHxdaiuTGPlhR+y9wtDmeSds+dsmxpqbSmxRFcxIN38Hidg2pyU9b8WocLZdXhJwHmfGgbCwrTD/G7K+1AcpemclA+x1mo1cRCRtOIjjiTZKEd+XKhTOvpXWxgf1yMT7HMJrLXEj2YB1di59QQ3A9aNJHVVdzZtrdvR2/2MC9PxVozyXkr68Ll+rvQkiJFFpOznvdIj2QBXtlFXikqjaE1sdkzXOrsTj2C00fFKx2K9yQGqxjGOB39OE+78Nl+jgC7sRxynNcnJ6mwCXDUClAHcvF5PLFQoB09nlsEGkIaml0kU+Tjd03aJWBPacjJ4AVS85k8DZOwNF5dg5ekRwESB0uwTFsQnTk9iZ3WOhDgBeLbC0atl1IYTugYXw2PioB2iJFmdTql0w0vV8z5RdmO/BIuyGsOslvjOYVQdVnbEV1i788Np/FwAqHdYKia9PDV69gAdI76h1OBi7v8yVhnAhApM3/pPSWSwRUl/S970ntEGUY4Mjlr1L4MaxuCep3BYZWZpt1HhKfntqJDbZcNShHzSb4dIjT5zllRl9G0ANS54ymgI34l5FcDKFNBcEW90McEFalPcusuWuV2518Z9onMKFENm0tUiOPSrOagO8HpoIr8SGDx1MiFwPQepN/CabtgUR1MIT+jaXTl11yNXOV9kdNdnVI5RXqkRN1aWSn8ionyqV+htX5e/8d3u11d/OuUV8YLDJRq15NJIrQe5PIgKs/6l5KV3GPP+H/m7eMmdGow12oqdHkH06//VMJDcOO0jhOIMkhFQ24AGahrQATyr39v+KdSE2WyuZc9X1bJmbECVrBtPnmlNeibr7/M0f3aLvTUWIRBfpLKaV9ak7ThoQCzUp1sOEWOkG0caP0FWXUnlskG
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aea802ff-064e-4070-2565-08daf4977760
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2023 12:21:00.6062 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 86238B9UGTfGkr5g+ZwibK3tmfCitpZE2rVs4hIXkQz+/IlOZIanS1uVtfoSdOSFAv4PDY22HRgEjGMdPG33FQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6729
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/8vpPepEUOxTKFmP4e6XuCT3_plQ>
Subject: Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2023 12:21:20 -0000
Some additional comments unrelated to those of the Shepherd
RFC6960 is in the module so needs adding to I-D references
X.690 in the module lacks a date which makes the reference ambiguous
X.690 in the I-D Refs is -2015. This is not the latest version - I do not know what has changed.
RFC6125 has a bis in WGLC
The IETF has abolished the page number which makes s.2.2.1 10 pages of stream of consciousness. I suggest introducing subsections. I see some obvious places for them
In the same vein I suggest including the subsections of s.2.1 in the ToC.
I find the use of -grouping in the identifier of a grouping prolix.
2.1.3. Typedefs
The following diagram illustrates the relationship amongst the
"typedef" statements defined in the "ietf-crypto-types" module:
Well no it does not illustrate for me without a crib to tell me what is going on
s.2.2.1
OLD
The diagram above uses syntax that is similar to but not defined in
suggest here and elsewhere
The diagram above uses syntax that is similar to but not the same as that in
feature p10-based-csrs {
description
"Indicates that the erver implements support
/erver/server/
OLD
How the associated algorithm is known is outside the
scope of this module. This statement also applies when
the octet string has been encrypted.";
Seems clumsy; I suggest
NEW
The identity of the associated algorithm is outside the
scope of this specification. This is also true when
the octet string has been encrypted.";
grouping asymmetric-key-pair-with-cert-grouping {
grouping asymmetric-key-pair-with-certs-grouping {
These are both described as
' Implementations SHOULD assert that certificates contain '
ie plural in both cases. I think a more comprehensive description is needed of what the difference is between the two. Also, here is a case where that terminal -grouping is not just redundant but is likely to cause errors.
grouping asymmetric-key-pair-with-cert {
grouping asymmetric-key-pair-with-certs {
would make the difference slightly more obvious but depending on what the difference is meant to be, which I do not see in the description clause, I think one or both identifiers need changing
Tom Petch
________________________________________
From: netconf <netconf-bounces@ietf.org> on behalf of Kent Watsen <kent+ietf@watsen.net>
Sent: 12 December 2022 16:07
Thank you Mahesh for your comments.
See below for responses.
K.
On Dec 4, 2022, at 10:40 PM, Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>> wrote:
Hi Kent,
The YANG Data Types and Grouping for Crypto Types draft is short, well written, and easy to understand. Thanks for including plenty of examples on how to use the model.
There are however a few minor comments that would nice to address before forwarding the document for AD review.
Thanks again.
Section 1.1 - Relation to other RFCs
Now that the set of modules and drafts in the “client-server” suite of drafts is known, can the language in this section be updated to reflect it. Specifically, can the second paragraph be removed or replaced because you list the drafts (if not the modules themselves) in the dependency graph.
Removed, and cleaned-up the language in the next paragraph. Now reads:
This document presents one or more YANG modules [RFC7950]
that are part of a collection of RFCs that work together
to, ultimately, enable the configuration of both the clients
and servers of both the NETCONF [RFC6241] and
RESTCONF [RFC8040] protocols.
The normative dependency relationship between the various RFCs
in this collection is presented in the below diagram. The labels
in the diagram represent the primary purpose provided by each
RFC. Hyperlinks to each RFC are provided below the diagram.
This change will effect all in the suite of drafts.
Section 2.1.1 Features
This is more of a nit, and would not mind if the comment is ignored. Can we remove the leading | (pipe symbol) in front of the sentence - “The diagram above uses syntax …”. The same is true for other “tree diagrams” that follow RFC 8340 syntax. I do understand that other documents in the cluster follow that format, but it is not clear what the pipe symbols mean or why the text needs to be formatted differently from the rest of the text in the document.
This is how the <aside> element, in the xml2rfc file, renders. I wish that it rendered as a box but, alas, such is not the case. In any case, Juergen made the same comment before, so it seems pretty annoying, so I removed all of them, in the entire suite of drafts.
Section 2.1.1 Identities
s/format that key data/format for key data/
Fixed.
Section 2.1.4.* Groupings
Most of the grouping display an abridged and a full tree diagram. But the difference between them are a few extra lines. If the diagrams were truly different in size, i.e., the extra number of lines in the full tree diagram was more the size of the abridged tree diagram, I could have understood displaying both of them. Are the two diagrams really necessary in every section?
Not necessary. I just removed the "expanded" diagrams. Now this draft is more like others in the suite of drafts
Thanks again,
Kent // author
- [netconf] Shepherd's comments on draft-ietf-netco… Mahesh Jethanandani
- Re: [netconf] Shepherd's comments on draft-ietf-n… Kent Watsen
- Re: [netconf] More comments was Shepherd's commen… tom petch
- Re: [netconf] More comments was Shepherd's commen… Kent Watsen
- Re: [netconf] More comments was Shepherd's commen… tom petch
- Re: [netconf] More comments was Shepherd's commen… Kent Watsen
- Re: [netconf] More comments was Shepherd's commen… Kent Watsen
- Re: [netconf] More comments was Shepherd's commen… tom petch
- Re: [netconf] More comments was Shepherd's commen… tom petch
- Re: [netconf] More comments was Shepherd's commen… Kent Watsen
- Re: [netconf] More comments was Shepherd's commen… Kent Watsen