[netconf] Document Shepherd Review of draft-ietf-netconf-ssh-client-server
"Per Andersson (perander)" <perander@cisco.com> Tue, 04 October 2022 14:41 UTC
Return-Path: <perander@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F0DEC1524A1 for <netconf@ietfa.amsl.com>; Tue, 4 Oct 2022 07:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.906
X-Spam-Level:
X-Spam-Status: No, score=-11.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TU3ggJoi; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=hi1JfTpC
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJwivAZfwQEU for <netconf@ietfa.amsl.com>; Tue, 4 Oct 2022 07:41:46 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D969C1522D5 for <netconf@ietf.org>; Tue, 4 Oct 2022 07:41:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9984; q=dns/txt; s=iport; t=1664894506; x=1666104106; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=FoIgsFOBslm30XmDk8pq1x3P+Z0ZQRjXlYEnIlr4D/0=; b=TU3ggJoiuZOW71qGay7DydiKJnMlMbLg+Yn0JFFe9Fz1bRXZqzDe5ZW+ ymX2dj0VVV5ZyqX8/N5Y57RcbjolzwH6BHtncEJC0et+lYikaiPhCAxmO MDDcTQHkGCw2Zoskbj/GnKKXgzqwHtGv6rhWm1ldpuQxfqqB1FVl7dpWp o=;
X-IPAS-Result: A0AwAgDpRDxjmIgNJK1agQmBT4FSUn8CWTpFiBoDhS+IF5Btin6BLBSBEQNUCwEBAQ0BATkJBAEBgVIBgzIChG0CJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR0ZBQ4QJ4VoAQyGWxUZAQE4EQGBACcEGxqCWwGCbQMwAwEPnHUBgT8Cih94gQEzgQGCCAEBBgQEgTwCEEGDAhiCOAMGgT2DMmCHboMLgUYcgUlEgRVDhgcBAQIBgTsBAQYCGoQMggwimW84A0QdQQMLdgMVAxQDBSEHAxkPIw0NBB0MAwMFJQMCAhsHAgIDAgYTBQICTTQIBAgEKyQPBQIHLwUELwIeBAUGEQgCFgIGBAQEBBUCEAgCCCYXBw0GMxkBBVkOCSEcKA0FBhMDIG8FQg8oL2krHRsKgQwqKBUDBAQDAgYTAwMiAhAqMRQEKRMSLQcrcwkCAyJrAwMEKCwDCSAEHAcoJDwHWDoFAwIQIj0GAwkDAiJZgSkmBQMNGSYIBTocBAg8AgUGVBMCChIDEw8tSg+YNoFPgU4CQQEHNxsLBBQ9AhQOLgiBOxkcBimiEZ9GCoNdizyVGRaDdqUQgzGBYYUKjHEggiuKc5RHLQ+FAQIEAgQFAg4BAQaBYTqBW3AVO4IzAQEyURkPjiwNCYNQhRSFSnU7AgYLAQEDCYdzLYIZAQE
IronPort-PHdr: A9a23:PVKUnhPO4mDteSyAKLEl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:ML1ZVaK6cfV3AZPiFE+RoJUlxSXFcZb7ZxGr2PjKsXjdYENShDcBx 2QZW27Sbv+CMDenLt5yb4i19UMCu57Sn9ZnSFMd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcIZsCCW0Si6FatANl1EkvU2zbue6WbOs1hxZH1c+En550U47wIbVv6Yx6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eC/5UhN6/zEInqR5fOria4KcbhL wrL5OnREmo0ZH7BAPv9+lrwWhVirrI/oWFih1IOM5VOjCSuqQQ02/cJFd5HVXxSsBelv+gr8 PQTmc2/HFJB0q3kwIzxUjFRFyV4eKZB4rKCej60sNeYyAvNdH6EL/dGVR5te9ZGvL8sRzgVq 5T0KxhVBvyHr/q72ru9RuR2rs8iN8LseogYvxmMyBmIVKl2GsyaE/uiCdlw0ysc2YdUDNTna dsZYmJLbTeHMiNIAwJCYH45tL742iagG9FCk3qTqLY85G7d5A18zLarN8DaEuFmXu1cmkKe4 2nB5Wm8WVcRNceUznyO9XfEavLzcT3TXotDJpycrcJRhWax6kwrUiU3C3fqrqzs4qKhYO53J 0sR8ysoiKE98k23U9XwNyFURlbZ43bwvPINToUHBBGxJrn8uF3AXzdaJtJVQJl36pFpFGVCO kqhxYuBONB5jFGCpZtxHJ+9qTe/P0D5xkddOHddFmPpDzQfybzfYzrGStJlVaWylNCwQnf7w iuBq241gLB7YS83O0eToAGvb9GE/8ehousJCuP/BTrNAuRRP9TNWmBQwQKHhcus1a7AJrV7g FAKmtKF8McFBoyXmSqGTY0lRe/3u6bfaW2A2Ac3TvHNEghBHVb+Iui8BxkjdC9U3josIlcFn WeK41oKvc8PVJdURfApPepd9PjGPYC5RYi6CZg4n/JFY4N6c0ec7TpyaEuLt10BY2By+ZzTz ayzKJ72ZV5DUPwP5GPvG481j+Rxrghgnjy7eHwO50n9uVZoTCTLGe5t3ZrnRr1R0Z5oVy2Oq Y0EbpDSkUsPOAA8CwGOmbMuwZkxBSBTLfjLRwZ/K4Zv/iIO9LkdNsLs
IronPort-HdrOrdr: A9a23:Z9VBt66MsTFoJJFpPQPXwXCBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhI03I6urwQpVoJkmsv6KdgLNhdotKOTOGhILGFvAa0WKP+UyDJ8SczJ8R6U 4DSdkHNDSYNzET5qyWgHjaLz9K+qjizEncv5a5854bd3AMV0gP1XYdNi+rVmlNACVWD5swE5 SRouBdoSC7RHgRZsOnQlEYQunqvbTw5d7bSC9DIyRixBiFjDuu5rK/OQOfxA0iXzRGxqpn2X TZkjb++r6ov5iAu1DhPi7ontprcenau5t+7f+3+4sow/LX+0SVjbFaKvy/VfYO0aSSARgR4Z 3xSlwbTrlOAjvqDx2ISF3Wqk7dOPJE0Q669bde6kGT5/ARDQhKdfaoie9iA2Tkwltls9dm3K 1R2WWF85JREBPbhSz4o8PFThdwiyOP0AwfeMMo/ghiuLElGchshJ1a+FkQHIYLHSr85oxiGO 5yDNvE7PITdV+BdXjWsmRm3dTpBx0Ib1+7a1lHvtbQ3yldnXh/wUddzMsDnm0Y/JZ4T5Vf/e zLPqlhibkLRM4LaqB2AvsHXKKMeyXwaAOJNHjXLUXsFakBNX6Io5nr4K8t7OXvY5AMxItaou W1bLqZjx9BR6vDM7z84HQQyGG9fIyUZ0Wc9v1j
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.95,158,1661817600"; d="scan'208";a="917834186"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Oct 2022 14:41:43 +0000
Received: from mail.cisco.com (xfe-rtp-002.cisco.com [64.101.210.232]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 294EfgEq010251 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <netconf@ietf.org>; Tue, 4 Oct 2022 14:41:43 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Tue, 4 Oct 2022 10:41:41 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Tue, 4 Oct 2022 09:41:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MAGm4qTNHM9+VeVSU45Yz+RU+2JLXzC5b8c+j/M2D0ytqTk6x4Mma/V0GT73ewgH1a7rQnkJNux1lW2DM94esiLwAXtyW7F078Kay7f3CZ4aDtLXXqLgCNJPu51Odze3DQU84NLWJxJ46BZtdzc0F2a9ZHT9xARfFa6gSci+/gaLeb8P55jNu5hQN00J11FLL6E4s4PVhUUwtEhtQxNjZUGxQTSE91Sj35tzO5oWIhND/vk2ZQ5dQJYewlIi8m139OWzxScdi8FirwG8cBvEW1C0N1OsbaSk+Inwl2eb4MvxEIsC6W1TPccliw3RnhTAnGUMYMAqfxfkFYZO+Y/H6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7YzV26SfWzjI0jR9uDoQX4L6TxyT992jy3SbjpjRCQw=; b=GTIzDomdiFP2rqORwzaemkPIhZLBzMxS0iZ1Ipy1n3Oxd6r6rV4a1mCJ9oH4Ru2qeNlnlhV5fN7HOzEcFXlxqFT/ery77U2gfIEOvr47Ij220I6sFXcOs1tqixlAzNub/BZ7l/oyTqJJrnIc6qDlMjExpuFzGAEtAMbdrp4o4dOBTcy6w7Ft/FH27OuY6WOqGMl6dvEAmxr+QW5aLYP/mSSFq00iDUoccpw5M6qMrvcMEvPdYe5mmd2SUqVh38IvZpx6cl7FqQEJ48CSFY/m6WmAAuEEfRfWthaepLBZISVr1V79WXb0h0jMvJVk1nLP1GnKgIAWdsBu5/B+g8WgIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7YzV26SfWzjI0jR9uDoQX4L6TxyT992jy3SbjpjRCQw=; b=hi1JfTpCbDmepufZS9pHJEZAB+/93pXcWsgm6e1ybxPIq4NxYawXhVi0Ayi1berQVIGRjsgfmY5rfM6OAzv9H64nF9NZ+IBjUn16gsnoFWmYCN0BblS+oSNm8AjixmUGlce32CgtJK4QbAw7l6vkbSlOt76+x6oK7UEu8ZWvTmc=
Received: from DM6PR11MB4708.namprd11.prod.outlook.com (2603:10b6:5:28f::12) by DM4PR11MB6067.namprd11.prod.outlook.com (2603:10b6:8:63::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.31; Tue, 4 Oct 2022 14:41:40 +0000
Received: from DM6PR11MB4708.namprd11.prod.outlook.com ([fe80::f490:125e:171b:4260]) by DM6PR11MB4708.namprd11.prod.outlook.com ([fe80::f490:125e:171b:4260%7]) with mapi id 15.20.5676.031; Tue, 4 Oct 2022 14:41:40 +0000
From: "Per Andersson (perander)" <perander@cisco.com>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: Document Shepherd Review of draft-ietf-netconf-ssh-client-server
Thread-Index: AQHY1/yKlmLc7+Z26Eae5r9baVw6Cg==
Date: Tue, 04 Oct 2022 14:41:40 +0000
Message-ID: <DM6PR11MB47083FE47C2F3C86FADC89B2DB5A9@DM6PR11MB4708.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR11MB4708:EE_|DM4PR11MB6067:EE_
x-ms-office365-filtering-correlation-id: c3c00e65-0403-412b-cd3c-08daa6168cb4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0pRm59HoALrxBP1oPoNCqj0Ki5bkhbKFSc2ZkbCE9cNWnHXkAjKRn4K3Q9eIo/hCwf0oysry2vCb1g+455c7Os0l7htKHedRkYhpR+C7F1Quz/xogEstQHxGvj1dcpZqC6CJntQK5IQuXXHbtjasbFnjNsO0/7CC7YNxkrXTH5iaE9CvbVwd9PNJTm51f9wHqGVf4WcPZnqy3IZRKaZJQKwNi4Cv8DDE2wLhuD5rBSZD3/qGbaP64MmMy65UE+TkAdVXykAYe8qa9cb6fXZd4I5WZw7OoyYoaATrwlC+uZcX8ht66445gh0S+0Jli2GJdDd/SvmQypgwBWt+nzcmaU5jjq1qypkE0RGxHrMuNXfATLufyaLkYhlhr6CSDFFmJEA0h03WaVmtLSPoQdfd7ltfb4uHnl142nmM5tknHJolZNcVubgzDyzd9y2yj58YAJ3KDKr9PQ/5IirpYyZYArPUGndQbfnDzsc8xJNc6JyTd4u1OhLUBvQVDIBxny3BYcqXDFgbd6XpuoKbVFtr5VRRx1JOH0FIDcIQwkPwvxMXPJWh9zoZVVW5/6wtYfVXrnW1sqowOzSTqbr7AXHKWuHwNz4RYzFFMy2EZzusKIl+QZwOyMfu2909fyq/PbMTXWK6xVRgbzZD6P9FaqbAqK99YK787tQfc9d38M91oAHIJUbHZEf1GXlNZuBsm5yu27YCdA4Lfr3nXElzSeKVGzQqfAmxcVrMYAmPca1nvlQQAgFv1NEP1vFRW4+AqADk1u9KQJUWMj1otRuEAznmhDO1UoPihPK35Reqeh3tSiEXulFjHQDhmaromMZUVMO2WmmOo8/0ZZfTof/1SQIVtQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4708.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(136003)(396003)(39860400002)(376002)(366004)(451199015)(91956017)(38100700002)(122000001)(41300700001)(186003)(76116006)(9686003)(26005)(66476007)(316002)(66556008)(71200400001)(64756008)(5660300002)(66446008)(8936002)(7696005)(6506007)(33656002)(52536014)(8676002)(86362001)(66574015)(83380400001)(66946007)(966005)(2906002)(478600001)(6916009)(38070700005)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ScjHd0NFCDeqTCsDB5RjRGFXNSvZQDuoOh9+MzRb2H4zzwMKmEIKaUUt/oWILljaH11kan7eYjxmnZ08aW8D/U+6YSIdgQDCAmfATMqDys/HrkrIALcWatxGxo2BJnbED+BRLSh+Q49ERw9ffQODqcN2ZeobxbLJr1pRTigZqeoM6fjFETnCYrsUwfEwqJ2NTojboVZHQVRKS0wNnAj9Gz14AjgjAZALLYVnQKW32eZ8dt6l6CiHZRVIJ2OU6+RJm8Z0iVkRAs5hspWllFQrH+VloSpXEamVW40J0NtPyURPzi1ULpSu7Qgzgc25/ze1R/heJu8FSBQxLy22TvWP6t4sGMRgG7hwt88szv1fFOQnhwOsP8vMBmPsJtLTS1c4UBdXqBpqoB0k5vXdaGTliTYKXNKP+5aPeWJoXfOM26Oq72Kgtg9XhSF6N9SQeeN5X91aV6AdmmgaB9Ro05yEPiUhlcUSZnI81E6gwEC43o0hi8y93w5YqHULjSAvRHQN42OOn4w92Qiqdb8MCh7t2dyVrHUup2ZsDh/dcmnKU0UeoIKjEUjLqtY+dt8UwE6/Ofa+DqZNyMFP57HZxM8MuwcP1tdWFG9OQicpO/gmgH3iiIFfd287hllJyMLsg5Ln7fwFsIsi43bh6NKp6mvdVuj+YVRaNUS+orQgVjz+ZtIGsrV7k1NE7wAhQYC7a3QvN+bIMnpT4Et7l9yEju8NPQFMB2qJeFXmPp/IxnIPrzmHwO9YDwaKrB1afc5aiYwCeXbFZj7HsAI09/AePmGY4L1pzGwuDStD6x33Zj7bO+L+Hn0J8hA/7B5Ufe02mCittrGt+rCPhH78a6wUFbcoc8w7Bv5Yt1umGcdO/VH+5fCe1qONkbwwhG2by8VqW9kZ+XZnzjFDu895s0ZV8dtUJf6BZ7OxNzlMs1ohDWPIfpPxVImA1MKUdT4L9DMzQBKnp5mUyz4/gHBiRZnU/hOkYKTIlyoUEF50zCIx+Lo+bBEDPckTaQnasjEH94LLHIFam9AFZkl5XdrtRGmhRtVeEPh1xBppG95Pwfal7hbIjHu1rBAYTRww2dYXRWkRXI0lhXO1MCJxjXD81PP35aXBaU2OJrCb0qAkherkMXOmODAbDCSUB0/akN+xpZjfiRiaXNr7Ntk84O/B9JiB3sQwaorwxllTTWApq1EQ2N1X+9wkxS1GtwpgnALpY8VUpdBxY0PqwCf23I/C4iYlDI7T8CE6I5o7QEHlFebD2z2Gap/V5nFga+H/wqzgcx3GGZzjUu2S8Bas5rmGxrKTNZFoXZfGvKF0IEWUJAJ0KfUW5XLJK6Ne9ZKYrZ7NMETraMG6WyDn+ImDWcdsJR24531QYF41pfaUALQy3PUgIEChpE4BhZ0Z0MrZOG8kUWop/UpyefuWOc4coukMaxSHLCNL8IC603dmPzy+PjLAMjSQDCqLosrUVzgRR+k8VeDOjRuQpsy5meKb8ttg4lPuPVfsTjZlM6alXLJ7cD8N78FaljYv1jYg4dY7g7kc17li3uNX6WzrPgclKhhHwmGyFi0GQ3TtuzuzgEew3REmItOkwtY=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4708.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c3c00e65-0403-412b-cd3c-08daa6168cb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2022 14:41:40.6028 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W652nlR7bCH4DrXrV5SQwYiTctkO3v3YxuNX3Qs/BHgGcvVySF9r554brL4DiQ4xPXQZaugLZbG1+xYUCLA4dQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6067
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.232, xfe-rtp-002.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Jqhh3364VDzZHUWWQnTUEo0oucA>
Subject: [netconf] Document Shepherd Review of draft-ietf-netconf-ssh-client-server
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 14:41:50 -0000
Hi!
The following issues were identified during the Document
Shepherd Review of draft-ietf-netconf-ssh-client-server-13.
The description for the server-authentication/ca-certs container
in the ssh-client-grouping contains a double space, harmless
but gives a sloppy impression.
is authenticated if its certificate has a valid chain
-> is authenticated if its certificate has a valid chain
Regarding iana-ssh-key-exchange-algs.yang:
The identities for key exchange methods
diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 should
be marked with "status deprecated;", as other identities for deprecated
algorithms (such as gss-gex-sha1-*) are marked as such per from e.g.
RFC 8732.
If the modules listing algorithms are going to be updated in the future,
and if the data format from the IANA Protocol Registries is stable, it
would be helpful to also include a method or script for generating
updated modules. This work probably exists somewhere already, and there
has been discussions on list including it in the document, but no method
is presented in the document. This is especially important if an
algorithm moves to the "MUST NOT" state in the "OK to Implement".
In the mail thread discussing creating IANA defined modules, a script is
attached for iana-tls-cipher-suite-algs.yang. Direct link:
https://mailarchive.ietf.org/arch/msg/netconf/TTMwp3veeBixD5k3NwHL2gyoCGs/
Similar work for the SSH IANA modules probably exist.
Further discussion about using XSLT template to create and update the
IANA modules:
https://mailarchive.ietf.org/arch/msg/netconf/cmudFQxPMQD67HIEjyT6BhapKFI/
The Internet Draft draft-boucadair-netmod-iana-registries [A] suggests
that pre-RFC, a document should include in an appendix XSLT templates or
scripts; which are to be removed by the RFC editor upon publication.
-> Suggest to publish the methods that generated the initial IANA
modules in a new revision.
Furthermore, [A] suggests adding to IANA maintained modules a motivation
for why identities or enumerations have been chosen for the module
contents. This is missing from the document.
-> Suggest introducing a section called "YANG Considerations" and
presenting why identities are chosen over enumerations. Possibly
add it as a sub section to the introduction, since it will
probably be rather short.
See Section 3 Guidelines for IANA-Maintained Modules in [A].
[A] https://datatracker.ietf.org/doc/html/draft-boucadair-netmod-iana-registries-04
The examples below did
not validate correctly with yanglint, even though they seem to be well
formed and fulfill the must requirements. Perhaps it is an operator
error during review?
Note that the generated ietf-ssh-*@*.yang modules from the refs are
used, wherein they create a container which uses the grouping, used in
respective example.
refs/ex-ssh-client-local.xml:
$ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \
../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \
ietf-ssh-client@2022-09-16.yang \
ex-ssh-client-local.xml \
../../trust-anchors/refs/ex-truststore.xml \
../../keystore/refs/ex-keystore.xml
Segmentation fault
refs/ex-ssh-client-keystore.xml:
$ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \
../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \
ietf-ssh-client@2022-09-16.yang \
ex-ssh-client-keystore.xml \
../../trust-anchors/refs/ex-truststore.xml \
../../keystore/refs/ex-keystore.xml
Segmentation fault
refs/ex-ssh-server-local.xml:
$ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \
../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \
ietf-ssh-server@2022-09-16.yang \
ex-ssh-server-local.xml \
../../trust-anchors/refs/ex-truststore.xml \
../../keystore/refs/ex-keystore.xml
Segmentation fault
refs/ex-ssh-server-keystore.xml:
$ yanglint -m ../ietf-crypto-types\@*.yang ../ietf-truststore\@*.yang \
../ietf-keystore\@*.yang ../ietf-ssh-common\@*.yang ./ietf-origin.yang \
ietf-ssh-server@2022-09-16.yang \
../../trust-anchors/refs/ex-truststore.xml \
../../keystore/refs/ex-keystore.xml \
ex-ssh-server-keystore.xml
Segmentation fault
A minor editorial change is that the iana-*.yang set of modules
could squash the current two revisions to only one revision, i.e.
"Inital version", since they will be officially released when the
document is published.
Should the iana-*.yang modules be regenerated before the document is
published and then replace "June 16th, 2022" with the new date; and the
same for the YANG module revision date? Or should it be kept as is with
2022-06-16 as the date?
The YANG modules for the IANA algorithm listings should contain a
section with information corresponding to the first paragraph of
Section 2.3, listing the normative references in the following YANG
module. All such references should also be listed in
Section 7.1 Normative References.
For iana-ssh-encryption-algs.yang include normative references:
* FIPS-46-3
* RFC 4253
* RFC 4344
* RFC 5647
* RFC 8758
For iana-ssh-key-exchange-algs.yang include normative references:
* RFC 4419
* RFC 4432
* RFC 8268
* RFC 8308
* RFC 8731
* RFC 8732, since RFC 5656 is listed
* RFC 9142, since RFC 5656 is listed
For iana-ssh-mac-algs.yang include normative references:
* RFC 4253
* RFC 5647
* RFC 6668
For iana-ssh-public-key-algs.yang include normative references:
* RFC 4253
* RFC 4462
* RFC 5656
* RFC 6187
* RFC 8332
* RFC 8709
For ietf-ssh-common.yang include normative references:
* RFC 8732, since RFC 5656 is listed
* RFC 9142, since RFC 5656 is listed
For ietf-ssh-client.yang include normative references:
* RFC 4252
* RFC 4254
* RFC 8341
* I-D.ietf-crypto-types
For ietf-ssh-server.yang include normative references:
* RFC 4252
* RFC 4254
* RFC 8341
* I-D.ietf-crypto-types
Regarding the ietf-ssh-common grouping transport-params-grouping
referencing Section 5 Security Considerations later in the document, for
host-key algorithm compatibility with the private key; there is no such
presentation of compatible combinations in the current revision, -30, of
the document. This compatibility matrix was added in revision -08 and
subsequently removed in revision -19. This compatibility matrix might
however be out of scope for this document, but another reference to
relevant RFCs is suitable. Whatever path is taken, the reference needs
to be updated.
The ietf-ssh-client container keepalives should reference unresponsive
SSH servers in the description, not TLS servers.
the aliveness of the SSH server. An unresponsive TLS
server is dropped after approximatively max-wait *
-> the aliveness of the SSH server. An unresponsive SSH
server is dropped after approximatively max-wait *
Likewise the ietf-ssh-client leaf max-wait in the keepalives container
should reference SSH not TLS.
no data has been received from the SSH server, a
TLS-level message will be sent to test the
aliveness of the SSH server.";
-> no data has been received from the SSH server, an
SSH-level message will be sent to test the
aliveness of the SSH server.";
The user "mary" in ex-ssh-server-local.xml has two public keys listed,
they are listed as "User A" and "User B". Suggest naming them
differently to indicate that they are used by the same user "mary" on
different devices, e.g. "Key #1" and "Key #2".
The ietf-ssh-server container keepalives should reference unresponsive
SSH clients in the description, not SSL clients.
the aliveness of the SSL client. an unresponsive SSL
client is dropped after approximately max-wait *
-> the aliveness of the SSH client. an unresponsive SSH
client is dropped after approximately max-wait *
Likewise the ietf-ssh-server leafs seconds and max-attempts in the
keepalives container should reference SSH not SSL.
keepalives/seconds description:
if no data has been received from the SSL client,
a SSL-level message will be sent to test the
aliveness of the SSL client.";
-> if no data has been received from the SSH client,
an SSH-level message will be sent to test the
aliveness of the SSH client.";
keepalives/max-attempts description:
the SSL client before assuming the SSL client is
-> the SSH client before assuming the SSH client is
Section 6.6
Also mention the "status" statement "obsolete", since it is present in
the YANG module identities listing.
Furthermore, the column to track algorithm status seems to be present
alreday in the IANA Protocol registry for the SSH Protocol.
--
Per
- [netconf] Document Shepherd Review of draft-ietf-… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Kent Watsen
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)
- Re: [netconf] Document Shepherd Review of draft-i… Kent Watsen
- Re: [netconf] Document Shepherd Review of draft-i… Per Andersson (perander)