Re: [netconf] I-D Action: draft-ietf-netconf-trust-anchors-08.txt

Balázs Kovács <balazs.kovacs@ericsson.com> Thu, 21 November 2019 10:12 UTC

Return-Path: <balazs.kovacs@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F15E120980 for <netconf@ietfa.amsl.com>; Thu, 21 Nov 2019 02:12:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aj5rBll8rpz3 for <netconf@ietfa.amsl.com>; Thu, 21 Nov 2019 02:12:15 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0629.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 262331208B0 for <netconf@ietf.org>; Thu, 21 Nov 2019 02:12:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=axAdcmNBmUQgy1kYNDStkauagVJXmvizPZl0jTf++MFJHB+mzDtAEb+XB13MXiKdMxkaBI5kxabmm1LjfC70kMXM1M4G8sLxfQNQjFdpeSDPzIwYqMcnBc2V1FBiT+bQzdUXHmSO8oVJFFgeUMt1JMgRrqrOfUrnltn5eakkUfvquxXaMn4aXInP4iEeIXn8jk1H8kjQ1Ob9gX05bykahoHlX3KGRWcM/SNeZvgWURgAR7JbXfFTyfk6932hSInskJzhoNy2dwy88qC1FIqzo/Qi9WYJbjlh3/04L4HkoZ/GqvtkVa5YXglzuCu1hs0Q9voT6IUmETpWYQ+dhpld6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g59syyh8FNQJZvYqkgtvoEMgHIfMxoSQ9PgNTVsJDxw=; b=RCwUjW5+R4J0FAadjutZDRjIlCg7AFsXb2UeZ9Kn8zbSjKgRnYz4mmkM/CYtaSDNgBPhUp8wBTuubP88wmMNzeBSpMqFZ7dRds9bknTi3LJ8XGgFCZI2i6L+vavDnZaBbHMcE7YD2c2xyoo1F4e8nO+WmSmux35jUFxLGZTI3EHt6bhJ4cww3zxN+xKeYUcd5q0nY67ljDHWM5d/MXDIoXsITIp2srrxq8sT29AEzZ7i7c822pQW1ExKc7mVz4iv/L9ds13Slkjc0ssOmsNEcNPfspP8s6aAJ2MQT1sjcp8YsSRQ2Rj4Zm6ZLI6SeViWerPnDRk7csKH1s0+IuwD5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g59syyh8FNQJZvYqkgtvoEMgHIfMxoSQ9PgNTVsJDxw=; b=GIZB2K6Ai9nLmRr2J4qPex5ySuD+H23qb6aVIb3SKB+WscK1Mf7tm+Karc9EuH26dDZYpTj7g/55EnEkGfzMLGq/wRHgA8nfqKtAKMpn4b7wVh94vHIJnSzG+jpyTPFf8U1QRObNMJJLb5BKwFBINxEGzHNgIFsxSWr98Ubwaa4=
Received: from AM0PR07MB5187.eurprd07.prod.outlook.com (20.178.20.74) by AM0PR07MB5170.eurprd07.prod.outlook.com (20.178.17.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.12; Thu, 21 Nov 2019 10:12:11 +0000
Received: from AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::e485:83e7:ee62:53f8]) by AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::e485:83e7:ee62:53f8%5]) with mapi id 15.20.2495.010; Thu, 21 Nov 2019 10:12:11 +0000
From: Balázs Kovács <balazs.kovacs@ericsson.com>
To: "netconf@ietf.org" <netconf@ietf.org>, Kent Watsen <kent+ietf@watsen.net>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-trust-anchors-08.txt
Thread-Index: AQHVn9FEIYmE0id0x0Sc0BE/mi1FhaeVZ70A
Date: Thu, 21 Nov 2019 10:12:11 +0000
Message-ID: <AM0PR07MB5187671751F4AAAA8B11C1B1834E0@AM0PR07MB5187.eurprd07.prod.outlook.com>
References: <157427488971.30550.14896478334458805818@ietfa.amsl.com>
In-Reply-To: <157427488971.30550.14896478334458805818@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9f4d4559-b346-4ff7-bcf7-08d76e6b4670
x-ms-traffictypediagnostic: AM0PR07MB5170:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <AM0PR07MB5170D0249D9597487BD44633834E0@AM0PR07MB5170.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0228DDDDD7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(39860400002)(376002)(136003)(396003)(54534003)(13464003)(199004)(189003)(7736002)(99286004)(305945005)(26005)(86362001)(186003)(229853002)(110136005)(52536014)(446003)(11346002)(5660300002)(66066001)(71190400001)(71200400001)(25786009)(6306002)(9686003)(966005)(7696005)(81156014)(81166006)(316002)(8676002)(33656002)(256004)(14454004)(4001150100001)(8936002)(55016002)(6246003)(2906002)(6116002)(53546011)(74316002)(3846002)(2501003)(6506007)(66946007)(76116006)(76176011)(66574012)(102836004)(66476007)(66556008)(64756008)(66446008)(6436002)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB5170; H:AM0PR07MB5187.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eTI8zkZSKZgm0NS3X2s4NzdmjMks5hJ3i2+C6QTDA/anwZsSZZdbobvdopY2XnU7RBxvedN1ycpw1HifzmAtFPkhC7sk6n79/8X0YDpHM4l5er7kBp5dhmrFjO5gYTaR7Oh927uADSSmMWz+k2rlWMMw9ISUT7Pal+7TZQ0N2kOQYgiJcjFGlMlNg/OWrKz9QgcZZMdkEwyi56M7P2yDgxLDfFb1OPCNUiMQX5aBODN3ZDUij+bZfa9iv1GVGVMc3r35lyekeqlMc+H17YWneLmtig2wQm8Bq55PCywapfhwsldc7Wwh/LjlHz8eBSsaVWDGPMtzl1plJvExqztpU5Lwbi8HUyVJqKdL3Bt+DVMiqZF03Gh43NwjbLjLT8QtVFIMxp/YudEXJAkxKmFNvacH71oh2HICKwET90xB/Zxmdcm5tgcSTzcXfYbzKpD5iE+zkblZ3Z07niKR8tEwQeDl1qt12ZJg442JCr/8cmQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9f4d4559-b346-4ff7-bcf7-08d76e6b4670
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2019 10:12:11.7824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: udNJgrlNT1joOpDiW0GKDchPyhI0ZQVqsI4RTtWs7rZ+SkFGtMYwwmt14CbBboqvP8RhEWE7jsb9v9FirPyqrxvkyZ9ZcFQ3G6PInWyD91Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5170
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/OPr_EEXQLh3vK-ptrum2WVgO4ho>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-trust-anchors-08.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 10:12:18 -0000

Hi,

Thank you for the updates Kent!

One comment though, the changelog and the text do not seem to reflect the changes we have done in the models about the psk and the raw-public-key topic. For example, the truststore model does not have PSK keys now, but still the introduction mentions them. As opposed to this, the addition of the new local-or-keystore symmetric key grouping to keystore in relation to PSK is not mentioned in keystore.

Br,
Balazs

-----Original Message-----
From: netconf <netconf-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Wednesday, November 20, 2019 7:35 PM
To: i-d-announce@ietf.org
Cc: netconf@ietf.org
Subject: [netconf] I-D Action: draft-ietf-netconf-trust-anchors-08.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Network Configuration WG of the IETF.

        Title           : A YANG Data Model for a Truststore
        Author          : Kent Watsen
	Filename        : draft-ietf-netconf-trust-anchors-08.txt
	Pages           : 21
	Date            : 2019-11-20

Abstract:
   This document defines a YANG 1.1 data model for configuring global
   sets of X.509 certificates, SSH host-keys, raw public keys, and PSKs
   (pairwise-symmetric or pre-shared keys) that can be referenced by
   other data models for trust.  While the SSH host-keys are uniquely
   for the SSH protocol, certificates, raw public keys, and PSKs may
   have multiple uses, including authenticating protocol peers and
   verifying signatures.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-netconf-trust-anchors/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-netconf-trust-anchors-08
https://datatracker.ietf.org/doc/html/draft-ietf-netconf-trust-anchors-08

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-trust-anchors-08


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf