Re: [netconf] WGLC on draft-ietf-netconf-ssh-client-server

Kent Watsen <kent@watsen.net> Thu, 01 April 2021 16:39 UTC

Return-Path: <010001788e4e1852-363d7bb3-2022-4f3c-9d68-1c2fe51bcaa2-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79A2A3A1AF9 for <netconf@ietfa.amsl.com>; Thu, 1 Apr 2021 09:39:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Level:
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAI39K4RFP6v for <netconf@ietfa.amsl.com>; Thu, 1 Apr 2021 09:39:47 -0700 (PDT)
Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACA493A1AED for <netconf@ietf.org>; Thu, 1 Apr 2021 09:39:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1617295186; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=Gn65SANamwI1W1nowM0BSKNDNLAcoN5aksfqxNUJjBM=; b=Tz0cpVouj99F4od4jmf9d8+LNai7G+C51SgbJU/y/eugUdvyWnhqfRfbqz0xkL82 HXg6fl/Jxs2l0xBFyBiv5C2DHHgBQEQAo70zgFZ78jji26oWXkBeougZU7qMVzO8yjr BKtdsJ0LUzHxE/cNIdW226Y0AiJsdjmX+QGeSwbg=
From: Kent Watsen <kent@watsen.net>
Message-ID: <010001788e4e1852-363d7bb3-2022-4f3c-9d68-1c2fe51bcaa2-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6AC52391-5938-413F-95A8-BE4EC37EF898"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Thu, 1 Apr 2021 16:39:46 +0000
In-Reply-To: <451-60617580-a3-57300800@87220951>
Cc: "netconf@ietf.org" <netconf@ietf.org>
To: =?utf-8?Q?Michal_Va=C5=A1ko?= <mvasko@cesnet.cz>
References: <451-60617580-a3-57300800@87220951>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-SES-Outgoing: 2021.04.01-54.240.8.96
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/HLwyML2aJ2mNIsVBgMJI-QO9x6M>
Subject: Re: [netconf] WGLC on draft-ietf-netconf-ssh-client-server
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 16:39:49 -0000

[Just back from PTO]

Hi Michal,


> Hi,
> 
> I have raised some questions regarding this draft on the 5th of March and even though I got the email bounced back from netconf@ietf.org, I did not get any replies and cannot find it in the archive. In any case, the original email is below.

Strange.  Here’s my response from  before: https://mailarchive.ietf.org/arch/msg/netconf/4gXyyI5SB0jWVXz1qpOAlt1e-qM/ <https://mailarchive.ietf.org/arch/msg/netconf/4gXyyI5SB0jWVXz1qpOAlt1e-qM/>

Cheers,
Kent



> 
> I had a chance to look at these modules again and have 2 questions regarding some recent changes.
> 
> - ietf-ssh-server, ssh-server-grouping/client-authentication/supported-authentication-methods
> 
> Since the "other" leaf-list was removed there is no way to support some other methods than those specified. I am not sure whether this was the intention and if so, what is the reason for it? If nothing else, we support "interactive" authentication method but there are some others that I see no reason why they could not be used. For a robust and extendible solution, why not use an identityref leaf-list with all the methods as identities? One could then simply add new ones with specific "if-feature" statements.
> 
> - ietf-netconf-server, grouping netconf-server-grouping/client-identity-mappings
> 
> The "if-feature" on this container is strange. The practical problem is that if one wants to support certificates only for TLS, both one of the TLS features and "ssh-x509-certs" must be enabled. This then results in the container being defined for both SSH and TLS so there is no way to support it only for TLS or SSH.
> 
> Thanks for any input.
> 
> Regards,
> Michal
> 
> On Friday, March 26, 2021 23:30 CET, Mahesh Jethanandani <mjethanandani@gmail.com> wrote: 
> 
>> We are starting a 2 week WGLC for draft-ietf-netconf-ssh-client-server version 23.
>> 
>> https://datatracker.ietf.org/doc/draft-ietf-netconf-ssh-client-server/ <https://datatracker.ietf.org/doc/draft-ietf-netconf-sztp-csr/>
>> 
>> Please respond on this thread indicating your support or concerns about why this document should/should not be adopted.
>> 
>> We are particularly interested in statement of the form:
>> 
>> - I have reviewed the draft and found no issues. 
>> - I have reviewed the draft and found the following issues …
>> 
>> This WGLC will conclude on Friday, April 9. An IPR call will be issued separately.
>> 
>> Thank you.
>> 
>> Mahesh & Kent (as co-chairs)
>> 
>> 
>> 
>> 
>> 
>> 
> 
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf