[netconf] [ssh/tls]-client-server updates
Kent Watsen <kent+ietf@watsen.net> Fri, 18 June 2021 17:46 UTC
Return-Path: <0100017a203b3fbe-94e25349-4cf7-4b3a-b726-9d837f4c0841-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD613A1C20 for <netconf@ietfa.amsl.com>; Fri, 18 Jun 2021 10:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l91y9oYCWysh for <netconf@ietfa.amsl.com>; Fri, 18 Jun 2021 10:46:33 -0700 (PDT)
Received: from a48-94.smtp-out.amazonses.com (a48-94.smtp-out.amazonses.com [54.240.48.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26A863A1C1F for <netconf@ietf.org>; Fri, 18 Jun 2021 10:46:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1624038391; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Message-Id:Date:To:Feedback-ID; bh=b8mYCJ2qAxSXQaoVM0y5ienpsB2hoV/1udvjJ6yy/YU=; b=VxVm1QAqYc1dp2yCb2XScMsJ45Mjzf8pMyo93HpaGp5tyZDeTtOijUtJBrBrka8g qJ/lg041GuT/xlR/F+wnn0Z17L37VlBxDH+qn7APJo1KFllDgnI0bfuqkmKCvjUqAVK KX1ZVf07UiVxfOqBwgvhzrbkWdE4j//raFGSN3jA=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Message-ID: <0100017a203b3fbe-94e25349-4cf7-4b3a-b726-9d837f4c0841-000000@email.amazonses.com>
Date: Fri, 18 Jun 2021 17:46:31 +0000
To: "netconf@ietf.org" <netconf@ietf.org>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2021.06.18-54.240.48.94
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/B0I3eoRWP8TsKNxYM9mNI_mYcuI>
Subject: [netconf] [ssh/tls]-client-server updates
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2021 17:46:35 -0000
Detailed change logs for the just-published updates are at bottom, but the primary update is the creation of IANA-maintained modules for protocol-specific algorithms. Key points:
1) identities are used (not enumerations)
2) the “container” and “list” names are simply
“supported-algorithm[s]” as the module’s
namespace disambiguates them from
each other.
3) deprecated and obsolete algorithms have
their “status” node set accordingly.
After waiting a sufficient amount of time for WG-review, it would be appropriate to request SecDir reviews, per Tom’s comment from before.
Thanks,
Kent
ssh-client-server:
* Renamed "{ietf-ssh-client}userauth-*" to "client-ident-*"
* Renamed "{ietf-ssh-server}userauth-*" to "local-user-auth-*"
* Moved algorithms in ietf-ssh-common (plus more) to IANA-maintained
modules
* Added "config false" lists for algorithms supported by the server.
* Fixed issues found during YANG Doctor review.
tls-client-server:
* Added TLS 1.3 references.
* Clarified support for various TLS protocol versions.
* Moved algorithms in ietf-tls-common (plus more) to IANA-maintained
modules
* Added "config false" lists for algorithms supported by the server.
* Fixed issues found during YANG Doctor review.
- [netconf] [ssh/tls]-client-server updates Kent Watsen
- [netconf] X.690 was Re: [ssh/tls]-client-server u… tom petch
- Re: [netconf] X.690 refs Kent Watsen
- Re: [netconf] X.690 refs tom petch