Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt

Kent Watsen <> Thu, 27 June 2019 00:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4DE5C120164 for <>; Wed, 26 Jun 2019 17:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oRNUUsfk0ugO for <>; Wed, 26 Jun 2019 17:05:49 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A70D412007A for <>; Wed, 26 Jun 2019 17:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;; t=1561593948; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=atm5ZOD6hzYJSq73Gq3HWzSr1SYOvekMH/4IPExt9T8=; b=KYL1kYmZV8aHD401B7XCB+gfq59JN+vzYtC6b5Aq1qbSY+ViQvPGlO9EiEa1Qrov jXE4o+UAiq9WI+vCtcVeJzLMhuXX3aLVNmuPG1o7JE3JUeGfeK5w2u4HkqRnJTMZbKS TLc7svPpfEJUmBY0GUYRmiF1aUNn5eJ/hXftpEv0=
From: Kent Watsen <>
Message-ID: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6EBD5D1E-72A1-4EFC-967E-5AFDD1EB6AA2"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 27 Jun 2019 00:05:48 +0000
In-Reply-To: <>
Cc:, "" <>
To: Martin Bjorklund <>
References: <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.06.27-
Archived-At: <>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Jun 2019 00:05:51 -0000

Hi Martin,

>> 4) to enable the SSH and TLS models to use types defined in their
>> protocol specs, mapping tables were added to those drafts to map the
>> protocol-specific types to the generic crypto-types type.
> So perhaps this is not the best solution?  The big set of types (in
> crypto-types) will change over time, and the subsets used in various
> applications will also change over time.  The best solution for such
> sets in the IETF seems to be IANA registries, with corresponding
> IANA-maintained YANG modules.

I'm hoping someone, perhaps my co-authors, can suggest a path forward.

>> 8) our efforts to normalize this may be futile, and yet we want to
>> support keystore.
> Perhaps we can take a step back and define just the types we need
> right now for keystore, in order to finish these drafts.  Then we (or
> some other WG) can immediately start to work on an update to
> crypto-types that would define more types for other purposes as well.

Maybe, depending on how that turns out, it may be trivial to extend the approach to cover everything.

Kent // contributor