[netconf] Document Shepherd Review of draft-ietf-netconf-ssh-client-server
"Per Andersson (perander)" <perander@cisco.com> Tue, 04 October 2022 14:41 UTC
Return-Path: <perander@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F0DEC1524A1 for <netconf@ietfa.amsl.com>; Tue, 4 Oct 2022 07:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.906
X-Spam-Level:
X-Spam-Status: No, score=-11.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TU3ggJoi; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=hi1JfTpC
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJwivAZfwQEU for <netconf@ietfa.amsl.com>; Tue, 4 Oct 2022 07:41:46 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D969C1522D5 for <netconf@ietf.org>; Tue, 4 Oct 2022 07:41:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9984; q=dns/txt; s=iport; t=1664894506; x=1666104106; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=FoIgsFOBslm30XmDk8pq1x3P+Z0ZQRjXlYEnIlr4D/0=; b=TU3ggJoiuZOW71qGay7DydiKJnMlMbLg+Yn0JFFe9Fz1bRXZqzDe5ZW+ ymX2dj0VVV5ZyqX8/N5Y57RcbjolzwH6BHtncEJC0et+lYikaiPhCAxmO MDDcTQHkGCw2Zoskbj/GnKKXgzqwHtGv6rhWm1ldpuQxfqqB1FVl7dpWp o=;
X-IPAS-Result: A0AwAgDpRDxjmIgNJK1agQmBT4FSUn8CWTpFiBoDhS+IF5Btin6BLBSBEQNUCwEBAQ0BATkJBAEBgVIBgzIChG0CJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR0ZBQ4QJ4VoAQyGWxUZAQE4EQGBACcEGxqCWwGCbQMwAwEPnHUBgT8Cih94gQEzgQGCCAEBBgQEgTwCEEGDAhiCOAMGgT2DMmCHboMLgUYcgUlEgRVDhgcBAQIBgTsBAQYCGoQMggwimW84A0QdQQMLdgMVAxQDBSEHAxkPIw0NBB0MAwMFJQMCAhsHAgIDAgYTBQICTTQIBAgEKyQPBQIHLwUELwIeBAUGEQgCFgIGBAQEBBUCEAgCCCYXBw0GMxkBBVkOCSEcKA0FBhMDIG8FQg8oL2krHRsKgQwqKBUDBAQDAgYTAwMiAhAqMRQEKRMSLQcrcwkCAyJrAwMEKCwDCSAEHAcoJDwHWDoFAwIQIj0GAwkDAiJZgSkmBQMNGSYIBTocBAg8AgUGVBMCChIDEw8tSg+YNoFPgU4CQQEHNxsLBBQ9AhQOLgiBOxkcBimiEZ9GCoNdizyVGRaDdqUQgzGBYYUKjHEggiuKc5RHLQ+FAQIEAgQFAg4BAQaBYTqBW3AVO4IzAQEyURkPjiwNCYNQhRSFSnU7AgYLAQEDCYdzLYIZAQE
IronPort-PHdr: A9a23:PVKUnhPO4mDteSyAKLEl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:ML1ZVaK6cfV3AZPiFE+RoJUlxSXFcZb7ZxGr2PjKsXjdYENShDcBx 2QZW27Sbv+CMDenLt5yb4i19UMCu57Sn9ZnSFMd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcIZsCCW0Si6FatANl1EkvU2zbue6WbOs1hxZH1c+En550U47wIbVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQ02/cJFd5HVXxSsBelv+gr8 PQTmc2/HFJB0q3kwIzxUjFRFyV4eKZB4rKCej60sNeYyAvNdH6EL/dGVR5te9ZGvL8sRzgVq 5T0KxhVBvyHr/q72ru9RuR2rs8iN8LseogYvxmMyBmIVKl2GsyaE/uiCdlw0ysc2YdUDNTna dsZYmJLbTeHMiNIAwJCYH45tL742iagG9FCk3qTqLY85G7d5A18zLarN8DaEuFmXu1cmkKe4 2nB5Wm8WVcRNceUznyO9XfEavLzcT3TXotDJpycrcJRhWax6kwrUiU3C3fqrqzs4qKhYO53J 0sR8ysoiKE98k23U9XwNyFURlbZ43bwvPINToUHBBGxJrn8uF3AXzdaJtJVQJl36pFpFGVCO kqhxYuBONB5jFGCpZtxHJ+9qTe/P0D5xkddOHddFmPpDzQfybzfYzrGStJlVaWylNCwQnf7w iuBq241gLB7YS83O0eToAGvb9GE/8ehousJCuP/BTrNAuRRP9TNWmBQwQKHhcus1a7AJrV7g FAKmtKF8McFBoyXmSqGTY0lRe/3u6bfaW2A2Ac3TvHNEghBHVb+Iui8BxkjdC9U3josIlcFn WeK41oKvc8PVJdURfApPepd9PjGPYC5RYi6CZg4n/JFY4N6c0ec7TpyaEuLt10BY2By+ZzTz ayzKJ72ZV5DUPwP5GPvG481j+Rxrghgnjy7eHwO50n9uVZoTCTLGe5t3ZrnRr1R0Z5oVy2Oq Y0EbpDSkUsPOAA8CwGOmbMuwZkxBSBTLfjLRwZ/K4Zv/iIO9LkdNsLs
IronPort-HdrOrdr: A9a23:Z9VBt66MsTFoJJFpPQPXwXCBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhI03I6urwQpVoJkmsv6KdgLNhdotKOTOGhILGFvAa0WKP+UyDJ8SczJ8R6U 4DSdkHNDSYNzET5qyWgHjaLz9K+qjizEncv5a5854bd3AMV0gP1XYdNi+rVmlNACVWD5swE5 SRouBdoSC7RHgRZsOnQlEYQunqvbTw5d7bSC9DIyRixBiFjDuu5rK/OQOfxA0iXzRGxqpn2X TZkjb++r6ov5iAu1DhPi7ontprcenau5t+7f+3+4sow/LX+0SVjbFaKvy/VfYO0aSSARgR4Z 3xSlwbTrlOAjvqDx2ISF3Wqk7dOPJE0Q669bde6kGT5/ARDQhKdfaoie9iA2Tkwltls9dm3K 1R2WWF85JREBPbhSz4o8PFThdwiyOP0AwfeMMo/ghiuLElGchshJ1a+FkQHIYLHSr85oxiGO 5yDNvE7PITdV+BdXjWsmRm3dTpBx0Ib1+7a1lHvtbQ3yldnXh/wUddzMsDnm0Y/JZ4T5Vf/e zLPqlhibkLRM4LaqB2AvsHXKKMeyXwaAOJNHjXLUXsFakBNX6Io5nr4K8t7OXvY5AMxItaou W1bLqZjx9BR6vDM7z84HQQyGG9fIyUZ0Wc9v1j
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.95,158,1661817600"; d="scan'208";a="917834186"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Oct 2022 14:41:43 +0000
Received: from mail.cisco.com (xfe-rtp-002.cisco.com [64.101.210.232]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 294EfgEq010251 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <netconf@ietf.org>; Tue, 4 Oct 2022 14:41:43 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Tue, 4 Oct 2022 10:41:41 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Tue, 4 Oct 2022 09:41:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MAGm4qTNHM9+VeVSU45Yz+RU+2JLXzC5b8c+j/M2D0ytqTk6x4Mma/V0GT73ewgH1a7rQnkJNux1lW2DM94esiLwAXtyW7F078Kay7f3CZ4aDtLXXqLgCNJPu51Odze3DQU84NLWJxJ46BZtdzc0F2a9ZHT9xARfFa6gSci+/gaLeb8P55jNu5hQN00J11FLL6E4s4PVhUUwtEhtQxNjZUGxQTSE91Sj35tzO5oWIhND/vk2ZQ5dQJYewlIi8m139OWzxScdi8FirwG8cBvEW1C0N1OsbaSk+Inwl2eb4MvxEIsC6W1TPccliw3RnhTAnGUMYMAqfxfkFYZO+Y/H6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7YzV26SfWzjI0jR9uDoQX4L6TxyT992jy3SbjpjRCQw=; b=GTIzDomdiFP2rqORwzaemkPIhZLBzMxS0iZ1Ipy1n3Oxd6r6rV4a1mCJ9oH4Ru2qeNlnlhV5fN7HOzEcFXlxqFT/ery77U2gfIEOvr47Ij220I6sFXcOs1tqixlAzNub/BZ7l/oyTqJJrnIc6qDlMjExpuFzGAEtAMbdrp4o4dOBTcy6w7Ft/FH27OuY6WOqGMl6dvEAmxr+QW5aLYP/mSSFq00iDUoccpw5M6qMrvcMEvPdYe5mmd2SUqVh38IvZpx6cl7FqQEJ48CSFY/m6WmAAuEEfRfWthaepLBZISVr1V79WXb0h0jMvJVk1nLP1GnKgIAWdsBu5/B+g8WgIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7YzV26SfWzjI0jR9uDoQX4L6TxyT992jy3SbjpjRCQw=; b=hi1JfTpCbDmepufZS9pHJEZAB+/93pXcWsgm6e1ybxPIq4NxYawXhVi0Ayi1berQVIGRjsgfmY5rfM6OAzv9H64nF9NZ+IBjUn16gsnoFWmYCN0BblS+oSNm8AjixmUGlce32CgtJK4QbAw7l6vkbSlOt76+x6oK7UEu8ZWvTmc=
Received: from DM6PR11MB4708.namprd11.prod.outlook.com (2603:10b6:5:28f::12) by DM4PR11MB6067.namprd11.prod.outlook.com (2603:10b6:8:63::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.31; Tue, 4 Oct 2022 14:41:40 +0000
Received: from DM6PR11MB4708.namprd11.prod.outlook.com ([fe80::f490:125e:171b:4260]) by DM6PR11MB4708.namprd11.prod.outlook.com ([fe80::f490:125e:171b:4260%7]) with mapi id 15.20.5676.031; Tue, 4 Oct 2022 14:41:40 +0000
From: "Per Andersson (perander)" <perander@cisco.com>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Document Shepherd Review of draft-ietf-netconf-ssh-client-server
Thread-Index: AQHY1/yKlmLc7+Z26Eae5r9baVw6Cg==
Date: Tue, 04 Oct 2022 14:41:40 +0000
Message-ID: <DM6PR11MB47083FE47C2F3C86FADC89B2DB5A9@DM6PR11MB4708.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR11MB4708:EE_|DM4PR11MB6067:EE_
x-ms-office365-filtering-correlation-id: c3c00e65-0403-412b-cd3c-08daa6168cb4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0pRm59HoALrxBP1oPoNCqj0Ki5bkhbKFSc2ZkbCE9cNWnHXkAjKRn4K3Q9eIo/hCwf0oysry2vCb1g+455c7Os0l7htKHedRkYhpR+C7F1Quz/xogEstQHxGvj1dcpZqC6CJntQK5IQuXXHbtjasbFnjNsO0/7CC7YNxkrXTH5iaE9CvbVwd9PNJTm51f9wHqGVf4WcPZnqy3IZRKaZJQKwNi4Cv8DDE2wLhuD5rBSZD3/qGbaP64MmMy65UE+TkAdVXykAYe8qa9cb6fXZd4I5WZw7OoyYoaATrwlC+uZcX8ht66445gh0S+0Jli2GJdDd/SvmQypgwBWt+nzcmaU5jjq1qypkE0RGxHrMuNXfATLufyaLkYhlhr6CSDFFmJEA0h03WaVmtLSPoQdfd7ltfb4uHnl142nmM5tknHJolZNcVubgzDyzd9y2yj58YAJ3KDKr9PQ/5IirpYyZYArPUGndQbfnDzsc8xJNc6JyTd4u1OhLUBvQVDIBxny3BYcqXDFgbd6XpuoKbVFtr5VRRx1JOH0FIDcIQwkPwvxMXPJWh9zoZVVW5/6wtYfVXrnW1sqowOzSTqbr7AXHKWuHwNz4RYzFFMy2EZzusKIl+QZwOyMfu2909fyq/PbMTXWK6xVRgbzZD6P9FaqbAqK99YK787tQfc9d38M91oAHIJUbHZEf1GXlNZuBsm5yu27YCdA4Lfr3nXElzSeKVGzQqfAmxcVrMYAmPca1nvlQQAgFv1NEP1vFRW4+AqADk1u9KQJUWMj1otRuEAznmhDO1UoPihPK35Reqeh3tSiEXulFjHQDhmaromMZUVMO2WmmOo8/0ZZfTof/1SQIVtQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4708.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(136003)(396003)(39860400002)(376002)(366004)(451199015)(91956017)(38100700002)(122000001)(41300700001)(186003)(76116006)(9686003)(26005)(66476007)(316002)(66556008)(71200400001)(64756008)(5660300002)(66446008)(8936002)(7696005)(6506007)(33656002)(52536014)(8676002)(86362001)(66574015)(83380400001)(66946007)(966005)(2906002)(478600001)(6916009)(38070700005)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ScjHd0NFCDeqTCsDB5RjRGFXNSvZQDuoOh9+MzRb2H4zzwMKmEIKaUUt/oWILljaH11kan7eYjxmnZ08aW8D/U+6YSIdgQDCAmfATMqDys/HrkrIALcWatxGxo2BJnbED+BRLSh+Q49ERw9ffQODqcN2ZeobxbLJr1pRTigZqeoM6fjFETnCYrsUwfEwqJ2NTojboVZHQVRKS0wNnAj9Gz14AjgjAZALLYVnQKW32eZ8dt6l6CiHZRVIJ2OU6+RJm8Z0iVkRAs5hspWllFQrH+VloSpXEamVW40J0NtPyURPzi1ULpSu7Qgzgc25/ze1R/heJu8FSBQxLy22TvWP6t4sGMRgG7hwt88szv1fFOQnhwOsP8vMBmPsJtLTS1c4UBdXqBpqoB0k5vXdaGTliTYKXNKP+5aPeWJoXfOM26Oq72Kgtg9XhSF6N9SQeeN5X91aV6AdmmgaB9Ro05yEPiUhlcUSZnI81E6gwEC43o0hi8y93w5YqHULjSAvRHQN42OOn4w92Qiqdb8MCh7t2dyVrHUup2ZsDh/dcmnKU0UeoIKjEUjLqtY+dt8UwE6/Ofa+DqZNyMFP57HZxM8MuwcP1tdWFG9OQicpO/gmgH3iiIFfd287hllJyMLsg5Ln7fwFsIsi43bh6NKp6mvdVuj+YVRaNUS+orQgVjz+ZtIGsrV7k1NE7wAhQYC7a3QvN+bIMnpT4Et7l9yEju8NPQFMB2qJeFXmPp/IxnIPrzmHwO9YDwaKrB1afc5aiYwCeXbFZj7HsAI09/AePmGY4L1pzGwuDStD6x33Zj7bO+L+Hn0J8hA/7B5Ufe02mCittrGt+rCPhH78a6wUFbcoc8w7Bv5Yt1umGcdO/VH+5fCe1qONkbwwhG2by8VqW9kZ+XZnzjFDu895s0ZV8dtUJf6BZ7OxNzlMs1ohDWPIfpPxVImA1MKUdT4L9DMzQBKnp5mUyz4/gHBiRZnU/hOkYKTIlyoUEF50zCIx+Lo+bBEDPckTaQnasjEH94LLHIFam9AFZkl5XdrtRGmhRtVeEPh1xBppG95Pwfal7hbIjHu1rBAYTRww2dYXRWkRXI0lhXO1MCJxjXD81PP35aXBaU2OJrCb0qAkherkMXOmODAbDCSUB0/akN+xpZjfiRiaXNr7Ntk84O/B9JiB3sQwaorwxllTTWApq1EQ2N1X+9wkxS1GtwpgnALpY8VUpdBxY0PqwCf23I/C4iYlDI7T8CE6I5o7QEHlFebD2z2Gap/V5nFga+H/wqzgcx3GGZzjUu2S8Bas5rmGxrKTNZFoXZfGvKF0IEWUJAJ0KfUW5XLJK6Ne9ZKYrZ7NMETraMG6WyDn+ImDWcdsJR24531QYF41pfaUALQy3PUgIEChpE4BhZ0Z0MrZOG8kUWop/UpyefuWOc4coukMaxSHLCNL8IC603dmPzy+PjLAMjSQDCqLosrUVzgRR+k8VeDOjRuQpsy5meKb8ttg4lPuPVfsTjZlM6alXLJ7cD8N78FaljYv1jYg4dY7g7kc17li3uNX6WzrPgclKhhHwmGyFi0GQ3TtuzuzgEew3REmItOkwtY=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4708.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c3c00e65-0403-412b-cd3c-08daa6168cb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2022 14:41:40.6028 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W652nlR7bCH4DrXrV5SQwYiTctkO3v3YxuNX3Qs/BHgGcvVySF9r554brL4DiQ4xPXQZaugLZbG1+xYUCLA4dQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6067
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.232, xfe-rtp-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Jqhh3364VDzZHUWWQnTUEo0oucA>
Subject: [netconf] Document Shepherd Review of draft-ietf-netconf-ssh-client-server
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 14:41:50 -0000
Hi! The following issues were identified during the Document Shepherd Review of draft-ietf-netconf-ssh-client-server-13. The description for the server-authentication/ca-certs container in the ssh-client-grouping contains a double space, harmless but gives a sloppy impression. is authenticated if its certificate has a valid chain -> is authenticated if its certificate has a valid chain Regarding iana-ssh-key-exchange-algs.yang: The identities for key exchange methods diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 should be marked with "status deprecated;", as other identities for deprecated algorithms (such as gss-gex-sha1-*) are marked as such per from e.g. RFC 8732. If the modules listing algorithms are going to be updated in the future, and if the data format from the IANA Protocol Registries is stable, it would be helpful to also include a method or script for generating updated modules. This work probably exists somewhere already, and there has been discussions on list including it in the document, but no method is presented in the document. This is especially important if an algorithm moves to the "MUST NOT" state in the "OK to Implement". In the mail thread discussing creating IANA defined modules, a script is attached for iana-tls-cipher-suite-algs.yang. Direct link: https://mailarchive.ietf.org/arch/msg/netconf/TTMwp3veeBixD5k3NwHL2gyoCGs/ Similar work for the SSH IANA modules probably exist. Further discussion about using XSLT template to create and update the IANA modules: https://mailarchive.ietf.org/arch/msg/netconf/cmudFQxPMQD67HIEjyT6BhapKFI/ The Internet Draft draft-boucadair-netmod-iana-registries [A] suggests that pre-RFC, a document should include in an appendix XSLT templates or scripts; which are to be removed by the RFC editor upon publication. -> Suggest to publish the methods that generated the initial IANA modules in a new revision. Furthermore, [A] suggests adding to IANA maintained modules a motivation for why identities or enumerations have been chosen for the module contents. This is missing from the document. -> Suggest introducing a section called "YANG Considerations" and presenting why identities are chosen over enumerations. Possibly add it as a sub section to the introduction, since it will probably be rather short. See Section 3 Guidelines for IANA-Maintained Modules in [A]. [A] https://datatracker.ietf.org/doc/html/draft-boucadair-netmod-iana-registries-04 The examples below did not validate correctly with yanglint, even though they seem to be well formed and fulfill the must requirements. Perhaps it is an operator error during review? Note that the generated ietf-ssh-*@*.yang modules from the refs are used, wherein they create a container which uses the grouping, used in respective example. refs/ex-ssh-client-local.xml: $ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \ ../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \ ietf-ssh-client@2022-09-16.yang \ ex-ssh-client-local.xml \ ../../trust-anchors/refs/ex-truststore.xml \ ../../keystore/refs/ex-keystore.xml Segmentation fault refs/ex-ssh-client-keystore.xml: $ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \ ../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \ ietf-ssh-client@2022-09-16.yang \ ex-ssh-client-keystore.xml \ ../../trust-anchors/refs/ex-truststore.xml \ ../../keystore/refs/ex-keystore.xml Segmentation fault refs/ex-ssh-server-local.xml: $ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \ ../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \ ietf-ssh-server@2022-09-16.yang \ ex-ssh-server-local.xml \ ../../trust-anchors/refs/ex-truststore.xml \ ../../keystore/refs/ex-keystore.xml Segmentation fault refs/ex-ssh-server-keystore.xml: $ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \ ../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \ ietf-ssh-server@2022-09-16.yang \ ../../trust-anchors/refs/ex-truststore.xml \ ../../keystore/refs/ex-keystore.xml \ ex-ssh-server-keystore.xml Segmentation fault A minor editorial change is that the iana-*.yang set of modules could squash the current two revisions to only one revision, i.e. "Inital version", since they will be officially released when the document is published. Should the iana-*.yang modules be regenerated before the document is published and then replace "June 16th, 2022" with the new date; and the same for the YANG module revision date? Or should it be kept as is with 2022-06-16 as the date? The YANG modules for the IANA algorithm listings should contain a section with information corresponding to the first paragraph of Section 2.3, listing the normative references in the following YANG module. All such references should also be listed in Section 7.1 Normative References. For iana-ssh-encryption-algs.yang include normative references: * FIPS-46-3 * RFC 4253 * RFC 4344 * RFC 5647 * RFC 8758 For iana-ssh-key-exchange-algs.yang include normative references: * RFC 4419 * RFC 4432 * RFC 8268 * RFC 8308 * RFC 8731 * RFC 8732, since RFC 5656 is listed * RFC 9142, since RFC 5656 is listed For iana-ssh-mac-algs.yang include normative references: * RFC 4253 * RFC 5647 * RFC 6668 For iana-ssh-public-key-algs.yang include normative references: * RFC 4253 * RFC 4462 * RFC 5656 * RFC 6187 * RFC 8332 * RFC 8709 For ietf-ssh-common.yang include normative references: * RFC 8732, since RFC 5656 is listed * RFC 9142, since RFC 5656 is listed For ietf-ssh-client.yang include normative references: * RFC 4252 * RFC 4254 * RFC 8341 * I-D.ietf-crypto-types For ietf-ssh-server.yang include normative references: * RFC 4252 * RFC 4254 * RFC 8341 * I-D.ietf-crypto-types Regarding the ietf-ssh-common grouping transport-params-grouping referencing Section 5 Security Considerations later in the document, for host-key algorithm compatibility with the private key; there is no such presentation of compatible combinations in the current revision, -30, of the document. This compatibility matrix was added in revision -08 and subsequently removed in revision -19. This compatibility matrix might however be out of scope for this document, but another reference to relevant RFCs is suitable. Whatever path is taken, the reference needs to be updated. The ietf-ssh-client container keepalives should reference unresponsive SSH servers in the description, not TLS servers. the aliveness of the SSH server. An unresponsive TLS server is dropped after approximatively max-wait * -> the aliveness of the SSH server. An unresponsive SSH server is dropped after approximatively max-wait * Likewise the ietf-ssh-client leaf max-wait in the keepalives container should reference SSH not TLS. no data has been received from the SSH server, a TLS-level message will be sent to test the aliveness of the SSH server."; -> no data has been received from the SSH server, an SSH-level message will be sent to test the aliveness of the SSH server."; The user "mary" in ex-ssh-server-local.xml has two public keys listed, they are listed as "User A" and "User B". Suggest naming them differently to indicate that they are used by the same user "mary" on different devices, e.g. "Key #1" and "Key #2". The ietf-ssh-server container keepalives should reference unresponsive SSH clients in the description, not SSL clients. the aliveness of the SSL client. an unresponsive SSL client is dropped after approximately max-wait * -> the aliveness of the SSH client. an unresponsive SSH client is dropped after approximately max-wait * Likewise the ietf-ssh-server leafs seconds and max-attempts in the keepalives container should reference SSH not SSL. keepalives/seconds description: if no data has been received from the SSL client, a SSL-level message will be sent to test the aliveness of the SSL client."; -> if no data has been received from the SSH client, an SSH-level message will be sent to test the aliveness of the SSH client."; keepalives/max-attempts description: the SSL client before assuming the SSL client is -> the SSH client before assuming the SSH client is Section 6.6 Also mention the "status" statement "obsolete", since it is present in the YANG module identities listing. Furthermore, the column to track algorithm status seems to be present alreday in the IANA Protocol registry for the SSH Protocol. -- Per
- [netconf] Document Shepherd Review of draft-ietf-… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Kent Watsen
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Kent Watsen
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)