IETF Logo Mail Archive

Re: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Wed, 18 January 2023 12:56 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B39BEC14F736 for <netconf@ietfa.amsl.com>; Wed, 18 Jan 2023 04:56:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fE3ReVbEf6W2 for <netconf@ietfa.amsl.com>; Wed, 18 Jan 2023 04:56:28 -0800 (PST)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEAFBC14EAA3 for <netconf@ietf.org>; Wed, 18 Jan 2023 04:56:26 -0800 (PST)
X-IPAS-Result: A2FaAAB468dj/xmkZsBaGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFPgi2BB4FYhE+RHwOcEYJRAxg1CQ8BAQEBAQEBAQEIAS4NCQQBAQMEhDpFAoUZJjgTAQIEAQEBAQMCAwEBAQEBAQMBAQYBAQEBAQEGBAICgRmFLzkNg1dNOwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCQUcMQgEBAQEDAQEhDwEFCAEBLAwPCQIRBAEBAQICJgICJwsdCAYBDAYCAQGCegGCbgMxE49qmx16gTKBAYIIAQEGBASBPAIQQZo9GF2BXgMGCQGBCiyDRo1bCC+BVUSBFScMA4J0PoJiAQEBAQEXhR6CZ4ELkVqIB4E7fIEnDoFIgTMlBA4DGSsdQAIBC20KQDUGAwILSisaGweBCCoJHxUDBAQDAgYTAyACDSgxFAQpEw0nJmkJAgMiYQUDAwQoLQk/BxURJDwHVhIlAQUCDx83BgMJAwIhT3ACCSUREwUDCxUqRwQINgUGHDYSAggPEg8GJkMOQjc0EwaBBgsOEQNQgU4EL15/CgZRm1hdgSMvRgZkAQMULw4CFEcYD0NnBUaSCbAwNAeCI4FQgUsGDIl9lHkGEy6DeZMQN5EMXpdLII0smhcCBAIEBQIOCIF5gX9NJC4hgmdSGQ+OIAwWg1CFFIVLdAI5AgcBCgEBAwmMIwEB
IronPort-PHdr: A9a23:rQAjexTQw1X6au0Wlc/Y8i87stpso7PLVj580XJvo75Nc6H2+ZPkM QSf4Ph2l1bGUM3d7O4MkOvZta3sGAliqZaMuXwPatpAAhkCj8hFkwkpGsXQD0r9IbbjZDA7G 8IXUlhj8jm7PEFZFdy4aUfVpyip7CJUFA/2KAx1Ier4AMjegpff6g==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.97,226,1669071600"; d="scan'208";a="48679951"
Received: from mail-mtaf25.fraunhofer.de ([192.102.164.25]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2023 13:56:22 +0100
IronPort-SDR: 63c7ec75_I4jK9Hxs41xxpZyWMrwCn7Fp3Bb4pZ14AvYOzC+78TmAchR tB7xgl+L8YbVWjHgGfebJhd8Rd3W521xTCKDTDA==
X-IPAS-Result: A0CUAABB68dj/z6wYZlaGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQAmBRoFbUgeBAFgpV4ROg00BAYUvhX2CJAM4AZtYglEDVg8BAwEBAQEBCAEuDQkEAQGEQUUChRYCJjgTAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZWAQEBAQMBARARDwEFCAEBFBgMDwkCEQQBAQECAiYCAicLBxYIBgEMBgIBAR6CXAGCbgMxAgEBD49sjzwBgT8Cih96gTKBAYIIAQEGBASBPAIQQZo9GF2BXgMGCQGBCiyDRo1bCC+BVUSBFScMA4J0PoJiAQEBAQEXhR6CZ4ELkVqIB4E7fIEnDoFIgTMlBA4DGSsdQAIBC20KQDUGAwILSisaGweBCCoJHxUDBAQDAgYTAyACDSgxFAQpEw0nJmkJAgMiYQUDAwQoLQk/BxURJDwHVhIlAQUCDx83BgMJAwIhT3ACCSUREwUDCxUqRwQINgUGHDYSAggPEg8GJkMOQjc0EwaBBgsOEQNQgU4EL15/CgZRm1hdgSMvRgZkAQMULw4CFEcYD0NnBUaSCbAwNAeCI4FQgUsGDIl9lHkGEy6DeZMQN5EMXpdLII0smhcCBAIEBQIOAQEGgXklgVlNJC4hgmdPAxkPjiAMFoNQhRSFS0IyAjkCBwEKAQEDCYwjAQE
IronPort-PHdr: A9a23:Ipn6thbV1uqRtqKDuTckjG//LTAhhN3EVzX9orIriLNLJ6Kk+Zmqf EnS/u5kg1KBW4LHo+lFhOzbv+GFOyQA7J+NvWpEfMlKUBkI2skTlhYrVciCD0CzJfX2bis8S cJFUlIt/3yyPUVPXsjkYFiHuXyuqzAIEwj5NQ17K/6zFoOB5/k=
IronPort-Data: A9a23:ZX41Pa3iQ23dH60SXfbD5TN3kn2cJEfYwER7XKvMYLTBsI5bpzBUy 2pMDT3XaPiLYWf1e9p2aYrlph4F6MXdytRmHQFr3Hw8FHgiRegpqji6wuccGwvIc6UvmWo+t 512huHodZxyFDmFzvuUGuCJhWFm0q2VTabLBufBOyRgLSdpUy5JZShLwobVuaY1x4nma++xk Ymq+ZaHYQb1g2Ic3l88sspvljs/5JwehxtF5jTSVdgT1HfCmn8cCo4oJK3ZBxMUlaENQ4ZW7 86apF2I1juxEyUFU7tJoZ6nGqE+eYM+CCDV4pZgtwhOtTAZzsA6+v5T2PPx8i67gR3R9zx64 I0lWZBd1W7FM4WU8NnxXSW0HAlVGIh43L35DUSBsOi55ECfXCbRne9HWRRe0Y0woo6bAElV8 OAAbj0dZRDFifi/3bS7TedhnIIvIaEHPqtG5yomnG6fVKl4B86ZK0nJzYcwMDMYhs1IHrDUZ tAaaT1rfjzbYgEJNE0eFZQ+m+mlnD/zflW0rXrM9PBmszCDl1cZPL7FDdjKPYKNdOJuhxzIt znY1njbCUlLHYnKodaC2jf27gPVpgv6VZ4cH5Wy6vVthluezXBVAxoTPXO9rOWyjUiwc9NSN 0JS/TAhxZXe72TyE4K4DkL9+SHa+0BGHcRVVeZ85huE16zU5AiUHC4IQ1atdeAbiSP/fhRyv nfhoj8jLWAHXGS9GCrDpISH5yi/IzYUJmIkbCoJB1lNqdr6rY15ylqFQt9/GeTnxpf4CBPh8 QCs9SIevrQ0idJU9qOZ+VucvSmgiKKURSEI5yLWfFmf0CVHWKCfabeF02PrtcR7EN7BT32qn mQ1pMyF3eVfUbCPjHOsRcsOLpGI5tGEEi/VsWdyLZ8D9ziSpnmpJ7JU6zAjJ3VSE90lfAXxa xT5ojJh5550PVqrY5RoYom3Nd8Y8Kj4GfnhVdHWdtBrcLEoUCOmpQZAPVWx2ULpm2gSyZAPA 4+RK5uQPCxLGJZZwyqTbMZD970SnwQV537ZHLL/xDSZiYuuXmafE+o5AQHff9ICzf22pSvO+ IxiLOqM8RJUVdP+bgTx8YI+KVMrL2AxNavpqv54J/KyHQ57JF4PU/Ph46stW4hArZRnku3l+ nKcWEgBxmHv2lzBCwGBMU54ZJ3VAJ1QkHMcPA4XB2iO5UQNW4iUwZk6S4oWZpgirexq8u51R aIKeuKGGfV+dQ7E8DU8M7j7ipBuVD22tzKOPSOOPT00erA5TQnJ5O3hQBrL8RMKLyuotPkRp 6+r+RPbTKEiGSVjLpfyQ9C+w2yhuUMynLpJYHLJBd1IaWPQ8IROAA7gvM8des0jB03K+WqH6 lywHxwdm9jon6Y019v43Ya/sIajFrpFLHpwRmX0w+6/CnjHwzCF34RFbeeveALdXkPS/IGJR 71c79P4Ac09sGd6iahOOJc18vtm/PrqnaFQ8Sp8FnaSb1iLNKJpEkPb4eZx7J9y1p1rkirof HLX4dRLG6S7COW8Gn4rGQcVROCi1/YVpzrs0coIMHjKvBFQwr7WfnhRbj+tiTNcJoRbKIkK4 /ksk+9I5h2diigFCMenjCdV/D6IdlgFYbQWhq8HCaC6jzgb60xwTqHdLgTU45i/TcpGHWd3A z2ThYvE3699wGibeVUNNHH958hvrrVQhwJv03k5OEWvptrJotQVzS9h2207YSoNxyoWzt8pH HZgMnNEAJmn/hBqtZBlZH+tEQQQPy+p0BX95HVRnVKIUnTycHLGKVA8HuO//Eo51WZ4VRoD9 ZG6zFfVaxrbTPvT7AATB3E88+fCSOZv/DLsgMqkRsSJP6craArf35OBWzA6lAvFM+gQ2mv3/ OVkxbMlI+mzfysduLYyBISmxKwdAkLMbnBLRfZ6urgFByfAcTW1wiKDMF21ZtgLHfHR7EukE IZ7E6qjjfhlOPqm9Vj33ZIxHoI=
IronPort-HdrOrdr: A9a23:/pH116v8kMGbINd2J/9lYEYr7skC54Mji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJh5o6H5BEDyewKmyXcV2/hZAV7GZmfbUQSTXedfBOfZsl7d8k7Fh6ZgPM VbAtFD4bTLZDAQ56eb3ODRKadj/DDtytHMuQ6q9QYLcegcUdAF0+4WMHf4LmRGAC19QbYpHp uV4cRK4xC6f24MU8i9Dn4ZG8DeutzijvvdEFU7Li9izDPLoSKj6bb8HRTd9AwZSSlzzbAr9n WAuxDl55+kr+qwxnbnpiXuBtVt6ZbcI+l4dYOxY/suW3vRY8GTFcVcsoi5zXwISSeUmRYXeZ f30lQd1o9ImgnslymO0GbQMk/boXMTAjbZuCOlqGqmrsrjSD0gDc1dwYpfbxvC8kIl+Mpxya RRwguixu5q5D777VbADuLzJmRXv1vxpWBnnf8YjnRZX4dbYLhNrZYH9EcQFJsbBir15I0uDe ErVajnlYBrWELfa2qcsnhkwdSqUHh2FhCaQlIassjQ1zRNhnh2w0YR2cRalHYd85A2TYVC+o 3/Q9NVvaALStVTYbN2Be8HT8fyAmvRQQjUOGbXOljjHLFvAQO/l3c22sRE2AiHQu148HJpou W/bLpxjx9NR37T
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.97,226,1669071600"; d="scan'208";a="192980833"
Received: from 153-97-176-62.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.176.62]) by mail-mtaF25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2023 13:56:21 +0100
Received: from XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.20; Wed, 18 Jan 2023 13:56:21 +0100
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.171) by XCH-HYBRID-02.ads.fraunhofer.de (10.225.8.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.20 via Frontend Transport; Wed, 18 Jan 2023 13:56:21 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ILFxEvM5hsYDOdSjXW4gut3fWb490ua+T7R3R1qFXxHDKYOmYDfRECy1d4Ere4bdBPYsj0dvLPy7/UYhrJvmFkrVA07+REWpnKtZ/WSJ47sXN54a0LHT8ENGrU1SqYDH8HYDIdtrq2EQfYEKDAYdVDTF+9IGf21KfJ2ax+DB5xZjl5Ii3GkB57Ki5GQLLrtJxWbbImVfVFCiktuUt5uWpEkhI/riZ6w52n2eZW1ZfLOueJOUG/7kfGOSXfWGupCtk7c2NUC7RoGjTLC4Ie4qWqaYWE9+MioXNW5mYgGH1uenyDriS15ipHvkWzq1KJxY20zhIcF3p8fo1FLgTMSwmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c5BFC1G4DImR6vqd4ZlXm7ca9d1Oww4993d2bGsAk+E=; b=Q+Ee3enIWPSvMrPAk+iFPEJc6w/0lIsIQ48oGlOb2jHQ88jD4ifdh6Xvlan/lC0SrhyheS5OpNJE+/DMtELbzyZpWPmis5vmWnX8ER5ud37cgut1ya8pOK2ZP0H+Wej7/OwMQatYXzH8FXZpuVPAI9IXwm8U6OA8HFdrh6LJPCSCpyLAus2hAW6WASG45+jImtrSidBEfcUKrfOjj6ZYnHNyeQ3DHPQtEQEz8FawHhFytpkxgBd+EN+1RCoRsAZtVjOcNJxFQpqcHtvNzS4UM2NsjOPCuoPtEgog1C8HuWflN5lXxUSwFzF3rc/EnXaG1YogCSvea9QOtzmXLg5DRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sit.fraunhofer.de; dmarc=pass action=none header.from=sit.fraunhofer.de; dkim=pass header.d=sit.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c5BFC1G4DImR6vqd4ZlXm7ca9d1Oww4993d2bGsAk+E=; b=b53A07az/sHTqSXh4Opp9hR3mHw0lzYeExsuG467YsMFKacba2bgkKelavWC3K6snOa1N3OKm9peUciOnoMdwSs3Z0vn3rKsN8RkhOct9THE2CC++y9W78BXPgYV8WQLARQpX6C5biNAovz05CoWzzyJs+COUSptHXt9wqSt3SA=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=sit.fraunhofer.de;
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8) by FRYP281MB2473.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:70::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.24; Wed, 18 Jan 2023 12:56:19 +0000
Received: from FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::dd22:895f:ddeb:241c]) by FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM ([fe80::dd22:895f:ddeb:241c%5]) with mapi id 15.20.6002.012; Wed, 18 Jan 2023 12:56:19 +0000
Message-ID: <c95d0f80-9ee9-8960-098c-1ec8060eb98d@sit.fraunhofer.de>
Date: Wed, 18 Jan 2023 13:56:18 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: tom petch <ietfc@btconnect.com>, "netconf@ietf.org" <netconf@ietf.org>
References: <167087094875.45631.5752947059896213334@ietfa.amsl.com> <AM7PR07MB6248CDDEA380E553031F4622A0C79@AM7PR07MB6248.eurprd07.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <AM7PR07MB6248CDDEA380E553031F4622A0C79@AM7PR07MB6248.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: FR2P281CA0088.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9b::13) To FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4c::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: FR0P281MB2879:EE_|FRYP281MB2473:EE_
X-MS-Office365-Filtering-Correlation-Id: afe9e1e4-4f5e-4636-d3c4-08daf95364e2
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: UqNhzV9UBR903BwjjGiTwq+jFT1uAnOfTlD+iHHDXB/SGD500WEa9MqayCQ00nuj+V7ZX9z58U04XYjLhH96ffuLtGfLxbDxrPz9YMLszzsYEoo0cvUYkPTZGJOggDRxwQxppwuHZZq4wjOsxMBDIXjmcYTvNR++nOoHWfZO9onNX0mm2d405SD8h012FP9pjY4yw+SfIW9U8An2mttd7NOOVcn1y8PAQlidT/cPjCpHWWp4itLjuASqUxLcEKvHBjP9RrfsnOUzlAlCVEM0Sapj8EZjG4FIHIrcuVSrNnD++g4mk5c1PDTG/lfQjTnvZD+iFFlhM1yTD5DrUHGMZCITFXu9M5HU8yyLMEZeJ9tjUX0/b6PzwvTZoe0FCP9IFxlCt6j6MbSFytwV8jFJ7IQ/2zoevYh23KUFlsEqa9W6KSTpqVMjJswclbyiAu4Xle2EFWVtWGhWwG04HKryXgfGPbVVaWEcLV1JzPVqRFshnIgipakBOO3kUILsuqymBs7IpVUemZv1HGe4Z9Sd9pT5T7tgi0I0x0nlYqYLrOzRnoNFHvH9ek3lWOf0EHaQXazN49m7scbn6x8IrVF8obCZYC4zEjcTZJ+upoXRi99g2u3a+oJrHsm7Di3g8u+rwitOND86FkHHUuZiR3piuZNhxvvxvftxcO7qrW6wZbXH7WrLpruTE3furgfLDDI27KgW1gnyjwHkr0nusnGxg/C/MUal1Sa7vsHayWJrRtc9HqBwoWbBYrItgO9k+09pymue+7pxQhJxnRaLz/5Whz+FUnRMgiblii2u7o/Tbqw=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(396003)(376002)(39860400002)(346002)(366004)(136003)(451199015)(82960400001)(38100700002)(31696002)(86362001)(66476007)(5660300002)(8936002)(2906002)(4001150100001)(44832011)(66946007)(66556008)(8676002)(41300700001)(2616005)(186003)(6512007)(83380400001)(296002)(66574015)(52116002)(53546011)(316002)(110136005)(6506007)(6486002)(966005)(478600001)(66899015)(31686004)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: LYKpDsxaA1WAiVRQMaEzzVrTUJZgdd2nkI5GCLNx9d8qqdYDqAd3JmAeQuVc9oaZUaOuR271urzfjOiZNS6L/BOPp54uFWlD8dAxPipQWhDJwVEHJIKVRLitOjnOxqP9yYoq9fik5fdLGbo4T2gnqIeokaYTdCTIERxkghCeM8txBjKgafWSZyBwr8C8v/dONE0K7DI7yxv0esdk66AObxxyyV1ncFFIqRiB4BTh2uZr8a3aFXcwK9K0EYXjHCe9/V0zgcPqM+qnbViD/yYgB0GFY70TiJ0U/Red9iHdV31jLGk6u2TcsKlswUI+oW0MO/6YJxDFGxbkCn68/2Qjcvy5Tj/Docfjixseq9m3ECMI4nuhyyzB9LNfdi1Lfsf00uBo10Mgb0pktk9vpqA/PpMKS62qUQ0LreShMEQ5fwCFWXNeTp3GFmPjG+um4vR7zoMXp+LHAJl00VmfLh7O6Oh8f54jbV6MS02zg599Hj+YaILfJFa2sdqdbmUHkw4AvpuYY7TA0f6spiGpZwIyohjwNV/VqvsQ0aQwyREluuwWF2pEoQ+gGf5pq+g0ZWsV0wrmKmKU0LO7BjzaiAxuj0rPZOTFNGGp/hwSBAtsyxToYUled0DXzus74+UJ1ErbYfve7IB6tHcq2gHNDwpG0afBcgOb50ewx6yg20zWuCFyZwE6P85T3J1JfpmdRVwlNoZReHKddugezdZaP0+Fkr0Hz8SY+44Ukr2X+vZgOlYN4QR2LaFwcnaElcqqsdQD10o5PVPSmkYISlda3UeUK+5J7I/IFZSIVQ4mjhZ/y+Tx8ksGMcrtgw3Ko3bjujPPHZF52p5ZICwmp9rm4W4fCTUn9D3w4VXyUUeOIeC78I+GusgAc16bRdvTQXUET8Lw+3AGAC90OUj++KaECod6aYtvLa9arM74dm9AfRVP9GythOJgEjKZi82pfVRaAwH7YvZX3D8vWh5A0VhIcFDSn+s719ZTyWuvdYJBIbKquz13lnihOWCwOGQsUiSepdvPSooJivtQrQkFNRcqmPs1VTwNTJEurCOjyfq80xZbzmRwgLrfSFLZJbMoR8HK0a5IvG6b1YgG60NiMxrG5kH7NSDcmWVUDn6zTvHd74n8iRcY//wym0acGdmFPxV7p9mkzhwktMm4rbRwP+t2ZDYqzBbffFtDqhX86skSMTkRYwEYnpijrDQx/jm4CU/UjMECkXqZn/l5Yw/wHlnISRYJZ+yIXL557rkqvYwVPSDXXkso4l3ONuv7rZlPLwRlK58sbdMSSKJ/plzgPEjz19+aAggPEcLAsjPuNC/Qt4FpYvnv+foJQuqUefOczfloWNF9nQbW/lDRg8M48GPF7xidC7JvUpJw06Og8fYjb++IMRfx1Ph65jKAd8pXQYaIANROQ5JwBwaRgfeUKO3OkYX2Re38M/3YSLZBMSt5DPwMe2Ttrbpv9gm+febsQqtUAaPNu+H6Bqh/8w5MgmIECkcfb+lKRH69TddgqTMwnRYeolgh7VXOnEfki1JE/jphl5QzbUYYkWm//2XCCn89M0lZwmY3cZWprDGeKWSXmAUgKbUzIzaUICAAle4NHque0FuO6TyK+m4kB8ElLnTxNVEDFbj98QD1twjzmXXjGsiDWxpCSYis6Z/nIHqwVsSTxh3VONIf26st6eybz5+etwDR2CNaKy0pPhX28ljahQv6+Nw=
X-MS-Exchange-CrossTenant-Network-Message-Id: afe9e1e4-4f5e-4636-d3c4-08daf95364e2
X-MS-Exchange-CrossTenant-AuthSource: FR0P281MB2879.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jan 2023 12:56:19.8097 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Cnn2Pp9FD/TVw9riiUR/jGxA+mDObqW9MbIA4zX6tz7SvnRJ9x4u8w+8oM6bdtY78iXOQdp77tjoWiz4hWTO9klmmrwu/2YN1TeYMc2wrMY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRYP281MB2473
X-OriginatorOrg: sit.fraunhofer.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/D7-bxLH5v0FYqTfjbxzhPQyUQ1Y>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2023 12:56:30 -0000

Hi Tom,

to your comment on "Security 101" content. I do not see that basic 
repetition as a flaw considering the scope of audience, as implementers 
might occasionally tend not to read all useful, but only the minimal 
essential documents.

Having said that. Maybe the "Security 101" problem can be avoided by 
some well-selected references to the extend of "Security Considerations 
about key management of RFC-XXXX apply"? That could avoid the repetition 
a bit.

Viele Grüße,

Henk

On 18.01.23 13:37, tom petch wrote:
> Some thoughts, editorial mostly, on this version of this I-D.
> 
> Generally, I find many of the identifiers cumbersome, up to nine hyphen separated elements; I would see three or four as good and five as tolerable, more than that error prone,
> 
>       grouping local-or-keystore-end-entity-cert-with-key-grouping
> As ever, I see -grouping as prolix.  I would also like to shorten local-or-keystore as a generic term for well, locality, or location, or place or site or   .... there are lots of possible synonyms.  Also where the grouping is about a cert then I think that that should come before locality.  To me it is the cert that matters not the option about its locality
> 
> I would also like to shorten 'cert-with-key' which occurs many times but do not have an alternative to offer.
> 
> The other general comment is that in places this reads as Security 101, which I do not think that the Netconf WG should be publishing (even if the text has come from Security ADs or such like).  The changes here would be small, deletions mostly,  but I think should be made.  Thus comments about built-in keys SHOULD NOT be cleartext are nothing to do with a YANG module, they are or they are not and no YANG module is going to change that.   There are several such statements in sections 3, 4 and 5 which to me belong in a BCP from the Security Area.
> 
> Some less contentious points.
> 
>       grouping asymmetric-key-pair-with-cert-grouping
>       grouping asymmetric-key-pair-with-certs-grouping
> I think an unfortunate pairing; that letter 's' buried in the middle will be missed.  Even
>       grouping asymmetric-key-pair-with-cert
>       grouping asymmetric-key-pair-with-certs
> could cause erors.
> 
>     The term "keystore" is defined in this /draft /document/
>            
> The term "key" may be used to mean one of three things in this /draft:/document/
> Well, four to be picky - you also have it from RFC2119
> 
> In the tree diagrams. the type 'string' seems to wander around, as in 2.1.3.7, and not stay in a predictable place
> 
> What happens to choice/case if no features are defined?  I do not know if YANG can enforce or cope with that.
> 
> s.2.1.4
> 'The protocol-accessible nodes for the "ietf-keystore" module are an instance'
> perhaps instances
> 
> s.2.2.3
>   a big section when there are no pages numbers - worth splitting into subsections IMHO
> 
> prefix eku
> we could do with a documentation-only YANG prefix; to me this looks too real, perhaps ex-eku
> 
> s.3
> built-in keys
> Built into what?  The YANG module?  suggest 'built into the device' or some such.
> 
> I-D.ma-netmod-with-system
> needs to be Normative IMHO - I cannot understand system without it
> 
> copied into <running>
> copied from where?
> 
> all key types may be copied
> again, copied from where?
> 
> built-in key
> lacks a terminal period
> 
> <running> data tree
> Why data tree here when every else is just <running>?
> 
> s.4 Nothing to do with Netconf IMHO!
> 
> s.5.3
> SSH, TLS lack references
> 
> Tom Petch
> 
> _______________________________________
> From: netconf <netconf-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: 12 December 2022 18:49
> To: i-d-announce@ietf.org
> Cc: netconf@ietf.org
> Subject: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Configuration WG of the IETF.
> 
>          Title           : A YANG Data Model for a Keystore
>          Author          : Kent Watsen
>    Filename        : draft-ietf-netconf-keystore-27.txt
>    Pages           : 52
>    Date            : 2022-12-12
> 
> Abstract:
>     This document defines a YANG module called "ietf-keystore" that
>     enables centralized configuration of both symmetric and asymmetric
>     keys.  The secret value for both key types may be encrypted or
>     hidden.  Asymmetric keys may be associated with certificates.
>     Notifications are sent when certificates are about to expire.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-netconf-keystore-27.html
> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-netconf-keystore-27
> 
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> ____________________________
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email