Re: [netconf] crypto-types fallback strategy
tom petch <ietfc@btconnect.com> Fri, 04 October 2019 12:10 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305BA120864 for <netconf@ietfa.amsl.com>; Fri, 4 Oct 2019 05:10:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.246
X-Spam-Level:
X-Spam-Status: No, score=0.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zo5rKeEnJ7BC for <netconf@ietfa.amsl.com>; Fri, 4 Oct 2019 05:10:14 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30112.outbound.protection.outlook.com [40.107.3.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85DD112084F for <netconf@ietf.org>; Fri, 4 Oct 2019 05:10:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GvXly9rNLayfdLpetPp8/Y1js9wEXmNL+m6+Q63AIu5UvrfC5zdFXJbGKiBz7EjHwpUz/lKENnf3nPb8vfMqDk072jij6xsdR26999PZbw+p12sfREx2s7hKfw7RH6SWIkFiiVzA0uSCvJIqD9Ab1y0Jhpj8ODKcTKpJetJjn7GsWd1BGIa2XB6eAoHcyKaaghG3paeajlMhIycMgeMaczIt81dh83qy2p8YV6tvVxehChSsEVi5E7VaMYW05yzgmv0RcZRzlQ5jJjBZN5AEq4UcSOXzi4NvYECncoAKNsvLlQSPhlncWId7s9iDgbBoY42X1KANbc4dyTlnz6cRaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=GTx1gEaN+LYDUy/ll24PPIHiK5J4Z0ZFk8Me2XEnQ5gEI8LIFIo44CcK/3UQqexoQDkJy3/z0BKp0dIMdIqU6rBMGQ3ZgQlPRQmCEKFhW8Xx4aOa/SnMyN9D/EFwaJGoC0e9/NQnJkfp0vd0ycIutaFeR2P4NRpr1bRALBo4WaCuQ2z6qesqjVI5nKLjdQ5JcUxZCS6CJg/LEu0UossX+IEmGQ1axkAlKuW+fiXSbr1BRFLSi5qGCPreZINs0FeabVpnqrtSh2LO1VoY2E+IjB+0oapHkfXGPS5fdde5Q0Wp4h29Q/7QSEAOo92uAJse7rw77fb76dYV7+LKasP5XQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=o1eBwR0bw0DNCoFoW5bna7Cs9o5Wba7sriWf7ViZXcwOxELwxQWj/s+SIi1KLhroDuNDZpg/FxDpLGPxY5v7vAGUNlcQHqhHdQg4y39Jfv65NUkk1UwUqP5AXaBj6dCUEkAJlfaGgTB9tbQ3EXoeBgLv7SajzxAJBbpGTP1dFtE=
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com (20.178.91.205) by AM6PR07MB5141.eurprd07.prod.outlook.com (20.177.191.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.21; Fri, 4 Oct 2019 12:10:10 +0000
Received: from AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142]) by AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142%7]) with mapi id 15.20.2327.004; Fri, 4 Oct 2019 12:10:10 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVeEcpxg99sP1vx0ePyapv0CmMzw==
Date: Fri, 04 Oct 2019 12:10:10 +0000
Message-ID: <01d701d57aac$6160e000$4001a8c0@gateway.2wire.net>
References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <MN2PR11MB4366E914816F6C3D9515A31DB5890@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <MN2PR11MB4366C30CE4650421CE915840B5810@MN2PR11MB4366.namprd11.prod.outlook.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0243.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::15) To AM6PR07MB5944.eurprd07.prod.outlook.com (2603:10a6:20b:90::13)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Microsoft Outlook Express 6.00.2800.1106
x-originating-ip: [86.139.211.103]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a
x-ms-traffictypediagnostic: AM6PR07MB5141:
x-microsoft-antispam-prvs: <AM6PR07MB51413C3D2E7795227D356773A09E0@AM6PR07MB5141.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 018093A9B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(396003)(346002)(376002)(13464003)(199004)(189003)(44736005)(66946007)(66476007)(66556008)(5660300002)(66446008)(6436002)(64756008)(14496001)(99286004)(14444005)(229853002)(81686011)(486006)(76176011)(81816011)(2906002)(1556002)(14454004)(66066001)(86362001)(8936002)(52116002)(53546011)(6506007)(386003)(44716002)(4326008)(62236002)(476003)(50226002)(8676002)(446003)(25786009)(6486002)(4720700003)(9686003)(186003)(26005)(66574012)(3846002)(6116002)(256004)(81156014)(102836004)(61296003)(6246003)(81166006)(478600001)(6512007)(71190400001)(71200400001)(316002)(305945005)(7736002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR07MB5141; H:AM6PR07MB5944.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CuBPpb43jo0qgCBi2+Q7vCMwpcW6cENTrDVVUB73DQb10Abk8fSfQGhZP1RLVvfyyoTvY+LhnEpFZsicdCo4dnhTy5A7GSXrqaKJ/s4WsdBdPtJekKHNqTaecxAVTp7pWNEr9jYugk/0fcfzpLML9QYkBOR9FTcpTfL7XMNmwaMmcug4lx6vVP4dO38E/dECsIJZu1xtvubyFat4Ng5UJLFYN6R0fBJRP7NDarEi+dStZ6AcJnaQTBzBQkF5s8ksIIA/bv3IyN+wiTqZVg5uiYA11jLEe57J9+mQ5nJngW1BFPikNBIACOYmxd9wur49yhSN8jZ49uyvam4LyNk6HiDy5vJUz5l0liEwjLLUlCf6kDxJld8CzjBTFCVtWTaRhBENLPhuLXBZXpTW+0JMamciZhh+QB8E/qQfZRskhTE=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D0228D97822E264A828D45B55F208EB0@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2019 12:10:10.2473 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N/FeM6M/kkRENh/BsC0zf9V4cNYAcqWY99bFirKaHHITjRWBMKuimRkwCkSNpgrWbr5Yakv79p7kIT3NGTkCMg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5141
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/CuIa_6OwxT45IuP8TLagfQRTI2k>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2019 12:10:16 -0000
<inline tp> ----- Original Message ----- From: "Kent Watsen" <kent+ietf@watsen.net> Sent: Tuesday, October 01, 2019 5:43 PM Thanks for pointing that out, Tom. I was going to say something along these lines in a response to Juergen. The net is that partitioning identities along protocol boundaries is misdirected. We need to focus on the algorithms, not the cipher suites. Going back to the primary goal, we care about is how to use the "algorithm" field to identify the format of the public and private key fields. To this end, the field could be called a "key-format" instead. There is a secondary goal to pass an "algorithm" parameter into the 'generate-symmetric-key' and 'generate-asymmetric-key' actions, but maybe the problems can be separated? In OpenSSL, the commands are: 1) `openssl genrsa -out rsa_private_key.pem 2048` creates an RSAPrivateKey (from RFC3447) 2) `openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem` creates a SubjectPublicKeyInfo (from RFC5280) 3) `openssl ecparam -genkey -name prime256v1 -out ec_private_key.pem` creates an ECPrivateKey (from RFC5915) 4) `openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem` creates a SubjectPublicKeyInfo (from RFC5280) OpenSSH, the commands are: 1) `ssh-keygen -t rsa -b 4096 -C "your_email@example.com"` creates an RSAPrivateKey (from RFC3447) and a proprietary public key file format. 2) `ssh-keygen -t ed25519 -b 4096 -C "your_email@example.com"` creates an ECPrivateKey (from RFC5915) and a proprietary public key file format. 3) `ssh-keygen -e [-m RFC4716] -f <private-key-file>` exports the public key format described by RFC 4716. Disclaimer: (2) is just a guess, based on (1), which I haven't tested myself yet. In order to just identify the format, perhaps we use something like the following, which could be in ietf-crypto-types: (Note I added OneSymmetricKey and OneAsymmetricKey formats as well. That is, with this approach, it's not an "either-or" tradeoff, both can be defined.) /*** all key format types ****/ identity key-format-base {} identity public-key-format { base "key-format-base" } identity private-key-format { base "key-format-base" } identity symmetric-key-format { base "key-format-base" } /**** for private keys ****/ identity rsa-private-key-format { // used by SSH and TLS base "private-key-format"; description "An RSAPrivateKey (from RFC 3447)."; } identity ec-private-key-format { // used by SSH and TLS base "private-key-format"; description "An ECPrivateKey (from RFC 5915)"; } identity one-asymmetric-key-format { base "private-key-format"; description "A OneAsymmetricKey (from RFC 5958)."; } identity encrypted-private-key-format { base "private-key-format"; description "A CMS EncryptedData structure (RFC 5652) containing a OneAsymmetricKey (RFC 5958)."; } /**** for public keys ****/ identity ssh-public-key-format { base "public-key-format"; description "The public key format described by RFC 4716."; } identity subject-public-key-info-format { base "public-key-format"; description "A SubjectPublicKeyInfo (from RFC 5280)."; } /**** for symmetric keys ****/ identity symmetric-key-format { base "symmetric-key-format"; description "An OctetString from ASN.1."; // Knowing that it is an "OctetString" isn't really helpful. // Knowing the length of the octet string would help a little, as it relates to the algorithm's block size // We may want to only (for now) use "one-symmetric-key-format" for symmetric keys. // ^---- the usability issues Juergen mentioned before only applies to asymmetric keys? } identity one-symmetric-key-format { base "symmetric-key-format"; description "A OneSymmetricKey (from RFC6031)."; } identity encrypted-symmetric-key-format { base "symmetric-key-format"; description "A CMS EncryptedData structure (RFC 5652) containing an OneSymmetricKey (RFC 6031)."; } then, the public-key grouping might look like: grouping public-key-grouping { description "A public key and its associated algorithm."; leaf key-format { nacm:default-deny-write; type public-key-format; mandatory true; description "Identifies the format key's binary data value."; } leaf public-key { nacm:default-deny-write; type binary; mandatory true; description "The binary value of the public key. The interpretation of the value is defined by the 'key-format' field."; } } and the key-pair grouping might look like: grouping asymmetric-key-pair-grouping { description "A private key and its associated public key."; uses public-key-grouping; choice private-key-type { mandatory true; description "Choice between key types."; leaf private-key { nacm:default-deny-all; type binary; description "The binary value of the private key. The interpretation of the value is defined by the 'key-format' field."; } leaf hidden-private-key { nacm:default-deny-write; type empty; description "A permanently hidden key. How such keys are created is outside the scope of this module."; } } } and the symmetric grouping might look like: grouping symmetric-key-grouping { description "A symmetric key and algorithm."; leaf key-format { nacm:default-deny-write; type public-key-format; mandatory true; description "Identifies the symmetric key's format."; } choice key-type { mandatory true; description "Choice between key types."; leaf key { nacm:default-deny-all; type binary; description "The binary value of the key. The interpretation of the value is defined by the 'key-format' field."; } leaf hidden-key { nacm:default-deny-write; type empty; description "A permanently hidden key. How such keys are created is outside the scope of this module."; } } } To put an end to this email, recall above it was said that the secondary goal is to pass an "algorithm" parameter into the 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what kind of key to generate, right?). Most of the above regards the key formats (not algorithms, though the OneSymmetricKey and OneAsymmetricKey structs do self-identify their algorithms). I don't have an answer for this yet, but maybe we can mimic some aspect of the above for it? Comments? <tp> Kent I am still unclear about the big picture. Are you saying that the other lists of algorithms - MAC, hash, signature etc - would no longer be in this I-D? Or if they are still there, how are they going to be used I see the role of what you list above in the client-server modules but not a usage for the other lists. Tom Petch Kent // contributor > On Oct 1, 2019, at 6:58 AM, tom petch <ietfc@btconnect.com> wrote: > > <inline tp> > > ----- Original Message ----- > From: "Kent Watsen" <kent+ietf@watsen.net> > To: "Juergen Schoenwaelder" <J.Schoenwaelder@jacobs-university.de> > Cc: <netconf@ietf.org>; <wang.haiguang.shieldlab@huawei.com>; > <rifaat.ietf@gmail.com> > Sent: Tuesday, October 01, 2019 1:38 AM > >> On Sep 27, 2019, at 1:46 PM, Schönwälder, Jürgen > <J.Schoenwaelder@jacobs-university.de> wrote: >> >> On Fri, Sep 27, 2019 at 03:53:51PM +0000, Rob Wilton (rwilton) wrote: >>> I basically agree with what Martin is saying. >> >> So do I. > > Hmmm... > >>> Either one YANG module containing all of the crypto identities, or a > few YANG modules as previously suggested. >> >> It may make sense to split by security protocol. > > That would go some towards addressing Rich's concern. Presumably we > would have one module each for SSH and TLS algorithms. That said, to > Rich's concern, there is a constant churn with them. This churn > concerns two activities: the removal and addition of algorithms. Both > occur at protocol-version boundaries and, perhaps, other times as well. > This suggests to me that we could further refine the identities by > protocol version, something like this: > > In ietf-crypto-types: > > identity base-alg {} > identity tls-alg { base "base-alg" } > identity ssh-alg { base "base-alg" } > > In ietf-tls-1.1-types: > > identity tls-1.1-alg { base "ct:tls-alg" } > <a bunch of tls-1.1 identities here> > > In ietf-tls-1.2-types: > > identity tls-1.2-alg { base "ct:tls-alg" } > <a bunch of tls-1.2 identities here> > > etc. > > <tp> > > Kent >
- [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- [netconf] FW: crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Holland, Jake
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] [Taps] crypto-types fallback strate… tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Wang Haiguang
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund