Re: [netconf] WG LC for three drafts
Kent Watsen <kent+ietf@watsen.net> Mon, 15 June 2020 14:35 UTC
Return-Path: <01000172b867d075-422297fc-0982-4464-91f3-edd5c9bce6fb-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E8A3A0E26 for <netconf@ietfa.amsl.com>; Mon, 15 Jun 2020 07:35:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ulJYfphcDvrZ for <netconf@ietfa.amsl.com>; Mon, 15 Jun 2020 07:35:24 -0700 (PDT)
Received: from a48-90.smtp-out.amazonses.com (a48-90.smtp-out.amazonses.com [54.240.48.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A49D3A0DF0 for <netconf@ietf.org>; Mon, 15 Jun 2020 07:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1592231711; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=oUV0B7OApnDGyeXl371NSyVJA+PwrVrLtoEH5KvAaTw=; b=TQasTFZiMo3oh9LIbCoKM4K5PEaxEq8M/e508Dst34fe6Zf40BM4rjK/Jgy7Jl0M 8xhZItbBSz6jAeH/CuYexm6hhc9mrg+oG4LzSCa+tiU4v2eN5yTwcFAvTe7VbtN+ORo ZKtNfS7J0lD9Bpd/6pZtSGt5QRDY/3+4shCcFhko=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000172b867d075-422297fc-0982-4464-91f3-edd5c9bce6fb-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_904B8E49-53BB-4EB5-BA38-46B0A2878A52"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Mon, 15 Jun 2020 14:35:10 +0000
In-Reply-To: <BL0PR11MB3122B9D49C37501D64E762C6A1810@BL0PR11MB3122.namprd11.prod.outlook.com>
Cc: "netconf@ietf.org" <netconf@ietf.org>
To: "Eric Voit (evoit)" <evoit@cisco.com>
References: <A1A5BD42-AB3F-477A-B291-81E213A2F0DB@gmail.com> <BL0PR11MB3122ABE4CF14BAF3805DFF2FA1810@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR11MB3122B9D49C37501D64E762C6A1810@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-SES-Outgoing: 2020.06.15-54.240.48.90
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Dl4TxZsaaYAPnJz4B4WtAtxtwxQ>
Subject: Re: [netconf] WG LC for three drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 14:35:32 -0000
Hi Eric, Thank you for your review. This message addresses both your prior messages… > On Jun 12, 2020, at 4:03 PM, Eric Voit (evoit) <evoit@cisco.com> wrote: > > Hi Kent, > > I have been reading farther, and I see that the full iana-hash-algs@2020-03-08.yang has been removed from -v15. That is where the TCG identity algorithms might have been merged in my thread below. > > A few thought based on that: > > (1) In the draft-ietf-netconf-crypto-types, in the YANG model you should likely remove the description text which claims support for "algorithm" in three of the grouping statements. Good catch! Fixed here: https://github.com/netconf-wg/crypto-types/commit/690c016b201241e13a1e324b49ba5e9db0d6c417 <https://github.com/netconf-wg/crypto-types/commit/690c016b201241e13a1e324b49ba5e9db0d6c417> > (2) Are there plans to evolve iana-hash-algo.yang anywhere? In your May 14th message, you say : "Assuming a future effort mimicked Option #2, then "yes”, as I’d expect an "ietf-ssh-common:generate-asymmetric-key” RPC to contain an “input” node that is an identityref to the “ssh-asymmetric-algorithm” identity.". I would be willing to help on that work. I have no plans to work on the "algorithms” problem again. Not that I wouldn’t like to, but I need to scale back how much unsupported time I volunteer for. Generally speaking, I’m gracefully winding down my work in progress, while being hyper-cautious about signing up for new work. This is why, e.g., I’m not pushing "YANG-next” or “restconf-collections” anymore, though both are really important to me. That said, I’m open to contract-work, if that makes sense at all... More below. > > Thanks, > Eric > > > > > -----Original Message----- > > From: netconf <netconf-bounces@ietf.org> On Behalf Of Eric Voit (evoit) > > Sent: Friday, June 12, 2020 1:42 PM > > To: Kent Watsen <kent+ietf@watsen.net> > > Cc: Netconf <netconf@ietf.org> > > Subject: Re: [netconf] WG LC for three drafts > > > > Hi Kent, > > > > I have been reading draft-ietf-netconf-crypto-types, and the thread: > Virtual > > "hum" for the "key generation" issue discussed at virtual meeting. > > > > I have a couple questions on the previous "asymmetric-algorithm-type" and > > what is now in "asymmetric-key-pair-grouping". My reading is that instead > > of the previous ENUMs of -v14, other applications/WGs will now need to > > create identities for the various algorithm types. And this is fine. That was the idea at the time but, as you noticed, we since ditched the “algorithms” node altogether :sigh: > > If I have this correct, then each of the TCGAlgorithm Registry ID values > of > > TPM2 specifications in Table 9 > > https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0- > > Part-2- > > Structures-01.38.pdf > > could have its own identity. And there would be no barrier to each of > > these identities also having another base identity that might be "tpm2- > > algorithm". In this correct? I believe so. I haven’t looked at the TCG Algorithm Registry, but certainly, "identity-stmt” allows multiple "base-stmt". Some might be concerned for interoperability, but a solution might support polymorphic definitions. Regardless, the original plan was (and I assume would be again, if/when the work is picked up) to enable the server to specify (e.g., via a “config false” list) which algorithms it supports. > > If this is correct, my second question is whether there will be an attempt > to > > ask other YANG models to import these application identities elsewhere? > > As you and Rob note in the thread, trying to predict the desired identity > > inheritance hierarchy is non-trivial. I’m unsure about this, but I think polymorphism would go a long way to alleviate the issue... Kent // as a contributor > > > > Thanks, > > Eric > > > > > -----Original Message----- > > > From: netconf <netconf-bounces@ietf.org> On Behalf Of Mahesh > > > Jethanandani > > > Sent: Tuesday, June 2, 2020 7:48 PM > > > To: Netconf <netconf@ietf.org> > > > Subject: [netconf] WG LC for three drafts > > > > > > NETCONF WG, > > > > > > The authors of > > > > > > - draft-ietf-netconf-crypto-types > > > - draft-ietf-netconf-keystore > > > - draft-ietf-netconf-trust-anchors > > > > > > have indicated that these drafts are ready for Last Call (LC). > > > > > > This kicks of a 2 week WG LC for the three drafts. Please review and > > > send > > any > > > comments to the WG mailing list or by responding to this e-mail. > > > Comments can be statements such as, I read/reviewed the document and > > > believe it is ready for publication, or I have concerns about the > > > document. For the > > latter, > > > please indicate what your concerns are. > > > > > > Any reports on implementation status or plans to implement are also > > > very useful. > > > > > > Thanks. > > > > > > Mahesh Jethanandani (as co-chair) > > > mjethanandani@gmail.com > > > > > > > > > > > > _______________________________________________ > > > netconf mailing list > > > netconf@ietf.org > > > https://www.ietf.org/mailman/listinfo/netconf
- Re: [netconf] WG LC for three drafts or two of th… tom petch
- [netconf] WG LC for three drafts Mahesh Jethanandani
- Re: [netconf] WG LC for three drafts Eric Voit (evoit)
- Re: [netconf] WG LC for three drafts Eric Voit (evoit)
- Re: [netconf] WG LC for three drafts Kent Watsen
- Re: [netconf] WG LC for three drafts or two of th… Kent Watsen
- Re: [netconf] WG LC for three drafts or two of th… Eric Voit (evoit)
- Re: [netconf] WG LC for three drafts Mahesh Jethanandani
- Re: [netconf] WG LC for three drafts tom petch
- Re: [netconf] WG LC for three drafts Juergen Schoenwaelder
- Re: [netconf] WG LC for three drafts Salz, Rich
- Re: [netconf] WG LC for three drafts or two of th… tom petch
- Re: [netconf] WG LC for three drafts Kent Watsen
- Re: [netconf] WG LC for three drafts Juergen Schoenwaelder
- Re: [netconf] WG LC for three drafts Juergen Schoenwaelder
- Re: [netconf] WG LC for three drafts tom petch
- Re: [netconf] WG LC for three drafts or two of th… tom petch
- Re: [netconf] WG LC for three drafts Salz, Rich
- Re: [netconf] WG LC for three drafts or two of th… Kent Watsen
- Re: [netconf] WG LC for three drafts or two of th… tom petch
- Re: [netconf] WG LC for three drafts tom petch
- Re: [netconf] WG LC for three drafts Eric Voit (evoit)
- Re: [netconf] WG LC for three drafts Salz, Rich
- Re: [netconf] WG LC for three drafts Kent Watsen
- Re: [netconf] WG LC for three drafts or two of th… Kent Watsen