Re: [Netconf] username from X.503 was Re: Summary of and AIs from the NETCONF Session in IETF #91
Kent Watsen <kwatsen@juniper.net> Tue, 09 December 2014 02:12 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 867471A026C for <netconf@ietfa.amsl.com>; Mon, 8 Dec 2014 18:12:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xyZwS8FN5-M for <netconf@ietfa.amsl.com>; Mon, 8 Dec 2014 18:12:08 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0129.outbound.protection.outlook.com [207.46.100.129]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8CE31A0151 for <netconf@ietf.org>; Mon, 8 Dec 2014 18:12:08 -0800 (PST)
Received: from CO1PR05MB458.namprd05.prod.outlook.com (10.141.72.140) by CO1PR05MB457.namprd05.prod.outlook.com (10.141.72.141) with Microsoft SMTP Server (TLS) id 15.1.31.17; Tue, 9 Dec 2014 02:12:06 +0000
Received: from CO1PR05MB458.namprd05.prod.outlook.com ([169.254.10.216]) by CO1PR05MB458.namprd05.prod.outlook.com ([169.254.10.216]) with mapi id 15.01.0031.000; Tue, 9 Dec 2014 02:12:06 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "t. petch" <ietfc@btconnect.com>
Thread-Topic: [Netconf] username from X.503 was Re: Summary of and AIs from the NETCONF Session in IETF #91
Thread-Index: AQHP/v/A0RV7p1iOEE6jjsWMtI6v8pxeXeEBgCd60YCAAHZgAA==
Date: Tue, 09 Dec 2014 02:12:06 +0000
Message-ID: <D0ABB36A.8BED1%kwatsen@juniper.net>
References: <E4DE949E6CE3E34993A2FF8AE79131F819562134@DEMUMBX005.nsn-intra.net> <04e401cfff2d$74e7e740$4001a8c0@gateway.2wire.net> <20141208133201.GB41570@elstar.local>
In-Reply-To: <20141208133201.GB41570@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.4.140807
x-originating-ip: [66.129.241.11]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB457;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:CO1PR05MB457;
x-forefront-prvs: 0420213CCD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(51704005)(21056001)(31966008)(122556002)(77156002)(62966003)(4396001)(120916001)(46102003)(68736005)(107046002)(102836002)(99396003)(40100003)(97736003)(101416001)(106356001)(83506001)(106116001)(99286002)(105586002)(66066001)(50986999)(20776003)(76176999)(87936001)(64706001)(2656002)(36756003)(92566001)(54356999)(86362001)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB457; H:CO1PR05MB458.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <06E0AAB1CF657E4BB9F884EB9F9944C1@namprd05.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/netconf/L9EL277v5ulmy0XT3F2b2e_cliU
Cc: netconf <netconf@ietf.org>
Subject: Re: [Netconf] username from X.503 was Re: Summary of and AIs from the NETCONF Session in IETF #91
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2014 02:12:10 -0000
>> >> >> > Describe algorithm for extracting a user name out of the X509 >> attributes >> > - loud humm in favor >> > >> >> A clarification - does this mean that this algorithm goes in >> netconf-server? >> > >The idea (as far as I understood it) is that NC over TLS provides a >high-level description of the algorithm. The NC server configuration >document will define the YANG objects to configure this. I didn't articulate clearly enough at the mic about the "what" and "how", but Juergen agreed so I'm sure not that he's a mindreader ;) Anyway, in reflecting on this, I realized what I should've said is that it should be whatever is needed so that 5539bis has an Informative (not Normative) reference to server-model. Again, this is the necessary because alternate configuration models can exist, thus it doesn't make sense to me for 5539bis to say that it can *only* be configured by just the server-model. My hope is that 5539bis will assert that client-certs are required and specify that servers must be configurable to know how to extract a username using the various options (specified, subAltName, DNS, etc.). Another option is for 5539bis to have a Normative reference onto draft-ietf-netmod-snmp-cfg, section 4.1, though that may be too convoluted for some. Kent
- [Netconf] Summary of and AIs from the NETCONF Ses… Ersue, Mehmet (NSN - DE/Munich)
- [Netconf] 5539bis was Re: Summary of and AIs from… t.petch
- [Netconf] username from X.503 was Re: Summary of … t.petch
- Re: [Netconf] 5539bis was Re: Summary of and AIs … Juergen Schoenwaelder
- Re: [Netconf] username from X.503 was Re: Summary… Juergen Schoenwaelder
- Re: [Netconf] username from X.503 was Re: Summary… Kent Watsen
- Re: [Netconf] username from X.503 was Re: Summary… t.petch
- Re: [Netconf] username from X.503 was Re: Summary… Juergen Schoenwaelder