[netconf] draft-ietf-netconf-keystore-09.txt

Nick Hancock <nick.hancock@adtran.com> Tue, 30 April 2019 15:40 UTC

Return-Path: <nick.hancock@adtran.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFA051202D6 for <netconf@ietfa.amsl.com>; Tue, 30 Apr 2019 08:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oohaALrOJd4H for <netconf@ietfa.amsl.com>; Tue, 30 Apr 2019 08:39:59 -0700 (PDT)
Received: from us-smtp-delivery-128.mimecast.com (us-smtp-delivery-128.mimecast.com [216.205.24.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 039F91202DB for <netconf@ietf.org>; Tue, 30 Apr 2019 08:39:57 -0700 (PDT)
Received: from ex-hc2.corp.adtran.com (ex-hc3.adtran.com [76.164.174.83]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-17-Ca9LWsK4OA68MqxobueGpQ-1; Tue, 30 Apr 2019 11:39:55 -0400
Received: from ex-mb1.corp.adtran.com ([fe80::51a3:972d:5f16:9952]) by ex-hc2.corp.adtran.com ([fe80::a019:449b:3f62:28e5%10]) with mapi id 14.03.0382.000; Tue, 30 Apr 2019 10:39:54 -0500
From: Nick Hancock <nick.hancock@adtran.com>
To: Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] draft-ietf-netconf-keystore-09.txt
Thread-Index: AdT/Ypeae5Jx2/tnSQGaoI1kbpVxTQ==
Date: Tue, 30 Apr 2019 15:39:53 +0000
Message-ID: <BD6D193629F47C479266C0985F16AAC7011EA6CCF7@ex-mb1.corp.adtran.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0FEVFJBTiIsImlkIjoiM2EwMWQ4OWUtZThkNC00YjMzLWE2MTMtMGM3ZTA3Y2E5MTVhIiwicHJvcHMiOlt7Im4iOiJDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiR0IifV19LHsibiI6IlF1ZXN0aW9uMSIsInZhbHMiOltdfSx7Im4iOiJRdWVzdGlvbjIiLCJ2YWxzIjpbXX0seyJuIjoiUXVlc3Rpb24zIiwidmFscyI6W119XX0sIlN1YmplY3RMYWJlbHMiOltdLCJUTUNWZXJzaW9uIjoiMTcuMi4xMS4wIiwiVHJ1c3RlZExhYmVsSGFzaCI6IjE2UXV4ZGlKcXY4MHd0dmdxVnptZjBkSkh0OWk1K1BKS2JBcnZ6bzZlUmRFTExpbE51MGxPUVBxbWF0azFXUjYifQ==
x-originating-ip: [172.20.48.41]
x-c2processedorg: 13f501ad-3ef3-410f-a3f9-976ea23ce952
MIME-Version: 1.0
X-MC-Unique: Ca9LWsK4OA68MqxobueGpQ-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/BJKKm30K9INptTm68dyimMNIKSE>
Subject: [netconf] draft-ietf-netconf-keystore-09.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 15:40:09 -0000

Hi Kent,

I have just noticed a issue with the leaf 'keystore-reference' used 
in the grouping 'local-or-keystore-end-entity-cert-with-key-grouping' 
in ietf-keystore.

This leafref uses the typedef 'asymmetric-key-certificate-ref', but, 
unless I am missing something, this alone will not work, because a 
predicate for the list 'asymmetric-key' is missing. 

I would expect something like the following:

case keystore {
  if-feature "keystore-supported";
  leaf asymmetric-key-name {
    type ks:asymmetric-key-ref;
      description
        "A reference to an asymmetric key that exists in
         the keystore. "; 
  }
  leaf certificate-name {
    type leafref {
      path 
        "/ks:keystore"
        + "/ks:asymmetric-keys"
        + "/ks:asymmetric-key"
        + "[ks:name=current()/../" 
        + "asymmetric-key-name]" 
        + "/ks:certificates" 
        + "/ks:certificate/ks:name";
    }
    description
     "A reference to a specific certificate associated 
      with the given private key, stored in the keystore.";   
  }
}

Regards
Nick