IETF Logo Mail Archive

Re: [netconf] Create IANA-defined modules?

"Per Andersson (perander)" <perander@cisco.com> Mon, 14 June 2021 17:58 UTC

Return-Path: <perander@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5003A2CB7 for <netconf@ietfa.amsl.com>; Mon, 14 Jun 2021 10:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.596
X-Spam-Level:
X-Spam-Status: No, score=-9.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VMOhrQK+; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=UZz+eAww
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pnRP4K_89KTP for <netconf@ietfa.amsl.com>; Mon, 14 Jun 2021 10:58:41 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81BC43A2C8E for <netconf@ietf.org>; Mon, 14 Jun 2021 10:58:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3603; q=dns/txt; s=iport; t=1623693521; x=1624903121; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8xegNTucZ8qeVbWQNJ6qvwTvQSYoqLRye1PNdcu6FM8=; b=VMOhrQK+GPKavLp43bLtqS7tcK5v6LbVeD9pz2X6peI1p2s4EVjZPGhq fcuOPTqIJi9SX+lIFqs52/t0JxLKbJseNNV64gJH3CjTcLbTQcPJjG4E3 X5CfMPZBt0AdjO0LTIEv9pJOHUd5L2lH1MXT+96A8bAAe5NeuMBfRlYO4 w=;
X-IPAS-Result: A0CXAgBMmMdgl4sNJK1RCYEJgVeBU1F+WjcxC4gFA4U5iHwDmhiBLoElA1QLAQEBDQEBNQoCBAEBgRiDOAKCaQIlNQgOAgQBAQEBAwIDAQEBAQUBAQUBAQECAQYEFAEBAQEBAQEBaIVoDYZFAQEBAwEMBi4BATcBBAsCAQgVMTIlAgQBDQUIGoJPAYJVAw4hAQ6deAGBOgKKH3iBNIEBggcBAQYEBIUpGIIxAwaBOoJ7hnWDeiccgUlEgRVDgmA+hBgUGAKDS4Iuglo+BoEKIQoGgWpBOgcIu20KgxyeDxKlZJVSnw6FIgIEAgQFAg4BAQaBVgE2gVtwFTuCaVAXAg6OKw0Jg06FFIVKcwI2AgYKAQEDCXyHUwGBEAEB
IronPort-PHdr: A9a23:BoxmpBd8caTxmktUtKF+A67TlGM/rYqcDmcuAtIPlLtSaamluZLvI B+X6fZsiQrPWoPWo7JBhvHNuq/tEWoH/d6asX8EfZANMn1NicgfkwE6RsLQD0r9Ia31ZjAhE cIEUlJ5rDm3NEFPE5P4YFvf6nS58T8VHED5Mgx4buT4E4LflYK5zee3rpbSeA5PwjG6ZOAaE Q==
IronPort-HdrOrdr: A9a23:8gTYRKAd+ab83IzlHegQsceALOsnbusQ8zAXPh9KKCC9I/b3qy nxppsmPEfP+UkssHFJo6HmBEDyewKjyXcT2/hQAV7CZnimhILMFuFfBOTZskbd8kHFh4tgPO JbAtRD4b7LfBtHZKTBkXOF+r8bqbHtms3F9ISurUuFDzsaFp2IhD0JbDpzZ3cGPDWucqBJba Z0iPA3wwaISDAyVICWF3MFV+/Mq5ngj5T9eyMLABYh9U2nkS6owKSSKWnb4j4uFxd0hZsy+2 nMlAL0oo+5teug9xPa32jPq7xLhdrazMdZDsDksLlRFtyssHftWG1SYczFgNkHmpD31L/sqq iVn/4UBbU115oWRBDvnfKi4Xi77N9k0Q6S9bbRuwqSnSW+fkNmNyKE7rgpLScwLCEbzY1BOe twrhGknosSAhXakCvn4d/UExlsi0qvuHIn1fUelnpFTOIlGfJsRKEkjQho+a07bWjHAUEcYZ 9TJdCZ4OwTfUKRbnjfsGUqyNuwXm4rFhPDRkQZoMSa3zVfgXg8liIjtYMit2ZF8Ih4R4hP5u zCPKgtnLZSTtUOZaY4AOsaW8O4BmHEXBqJOmOPJlbsEr0BJhv22tLKCXUOlamXkbkzvdUPcb j6ISdlXF8JCgvT4Je1reh2Gzj2MRKAtBrWu7Nj26Q=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,273,1616457600"; d="scan'208";a="706566936"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jun 2021 17:58:40 +0000
Received: from mail.cisco.com (xbe-aln-006.cisco.com [173.36.7.21]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 15EHwdVh001085 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 14 Jun 2021 17:58:40 GMT
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xbe-aln-006.cisco.com (173.36.7.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 14 Jun 2021 12:58:39 -0500
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Mon, 14 Jun 2021 12:58:39 -0500
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Mon, 14 Jun 2021 12:58:39 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZpUSacfk3XMKTKmlFO5aYq7BUNDmFfhbR5bLCY9ge51bs1GWoIjgzmMSTN2LN3Ef02bLhWxizdBlpBG85LJq9UHmefPEC9KXFOw+vWj3I3kdTOR7Azxx5SfjJmprFM3CT3/7/kwxMjChQ+eiHye15827C5BmwNCs8kE54PygcVe12h1ZtmKkTnd7G9UR1hFx0Cq86WIWYOBDClONMl2ubwE/QNR79Gfps37zk5dLzsd/hDhOVpLpgotFSLCAo0j/3EOhMB4W25qZKw3tIL5Kr5C58+5xFBj0aWGanGzlHio7JV3uiLncuXThEjWi8aeKy8xukUuQeSfWuSOE0wDtlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6RPsN2eQxkkJQq2fQDubH2OxTvGG79PBjMS7+8gWzO0=; b=YRm/j6K3Hpi2oSLY2rlSpC2pMVBu0VhrxKyv2Vz3u5UbWDjYeeL8V7+FDXSi9eKpiVdwtYMOz9gCyiAK2HCS2eQ0FJxUTTNq80otAStPHoa8Zbz1Y8LgVbl2/RS+Hguho1l6spLqD8hFMiXSf+QEtuAF5yIVj41mU9Am89I8mmhgaPcRv0h4wcpZCRm6l+t0t8yQx61nEf/Lkb4+qVnCRQ08TR+mykd7qp/0b9sAr5M4ujbrX8n9tZ8ueKGUECLnR6nng5hm8CcgP+xHUgXZ9yzvlZTJT6LtruUXZkBFGCPGoXwsQ3iG1L/4JNTx67b0uWQG1r3nn7FxuV6sa3SMPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6RPsN2eQxkkJQq2fQDubH2OxTvGG79PBjMS7+8gWzO0=; b=UZz+eAwwA2/zPaFCoxcyEfFvDfp0ZftJdPYiYDiDD6/mM/WcdcDVzPQcPeRR01sTx1H8/yf4/edN5e6fbh7YPq6QmzxfD1rUOK2mBcB83Goa1egIzpTmviw1IzZE5wb0Ld89VJGkdNp0Q05uj56VQqL3KPsMMl97BR2uXgG5Z5w=
Received: from MWHPR11MB2032.namprd11.prod.outlook.com (2603:10b6:300:2b::13) by CO1PR11MB4977.namprd11.prod.outlook.com (2603:10b6:303:6d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.22; Mon, 14 Jun 2021 17:58:38 +0000
Received: from MWHPR11MB2032.namprd11.prod.outlook.com ([fe80::852d:44c4:b446:2dad]) by MWHPR11MB2032.namprd11.prod.outlook.com ([fe80::852d:44c4:b446:2dad%8]) with mapi id 15.20.4219.025; Mon, 14 Jun 2021 17:58:38 +0000
From: "Per Andersson (perander)" <perander@cisco.com>
To: Kent Watsen <kent+ietf@watsen.net>, Qin Wu <bill.wu@huawei.com>, tom petch <ietfc@btconnect.com>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Create IANA-defined modules?
Thread-Index: AQHXUplk3fGBKyh7AE2HQh20ygChC6sBmjaAgAwy27OABgCaAIAAFQOi
Date: Mon, 14 Jun 2021 17:58:38 +0000
Message-ID: <MWHPR11MB20322385D5FDC6FD88A7A326DB319@MWHPR11MB2032.namprd11.prod.outlook.com>
References: <01000179aa118e62-0d8dd2b2-f001-4ff3-9d10-4b4e15098055-000000@email.amazonses.com> <5F969C92-1A1F-4983-878F-9C222C3DEC05@cisco.com> <01000179cfb08608-c708dd5b-c015-4608-986f-52d5d013153b-000000@email.amazonses.com> <MWHPR11MB203299C776C5D321886BD9ACDB359@MWHPR11MB2032.namprd11.prod.outlook.com>, <0100017a0b54a42f-d3785582-968d-4f2f-bf41-1ff336bff051-000000@email.amazonses.com>
In-Reply-To: <0100017a0b54a42f-d3785582-968d-4f2f-bf41-1ff336bff051-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: watsen.net; dkim=none (message not signed) header.d=none;watsen.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [64.103.40.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f7978e83-2fc0-4c40-09fc-08d92f5e0992
x-ms-traffictypediagnostic: CO1PR11MB4977:
x-microsoft-antispam-prvs: <CO1PR11MB49776BE973BEEB0B32CCD0DDDB319@CO1PR11MB4977.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9FicczIqT3YeHsRklW4W/JVZuHYBZvDmh6+LODqtJAalgivpOFq2iYqykLEQvThFgBtndvfSHoY3kgZ796Kh/Joh2a6oh3Il0HGYPmDwGemHTuHxiaQgvGBZaufvIdoA1r9kXG5CoHsnULRyQ5aeD3zKrrzwmoEJbTNSNp48/9nu1mjU1RtKPMRPuixZIF8y2kSMsXnrPIXGa1wgePpbJk5ejNoaPAZRS9toTXD16eK3Cp3q4sgd1ZVcE2XXLSUnMtGG7Nk3zisqv28wTs1H+M4D2muioiVMBZREvz9xKEWtmS+7f+2KF5ghztcZz2TvNk3Ozq7JJQczqz+UQ6mYRm40G08bkTkap+LrcjD/I5Ce0LMC7nPuYcQQhP2NiXtP8oAM/wJzTaaRiRyUWdqCWB1mrutGZ60dUwjd8uME24Ix/Z+bl/+J5s/oLvC96ew3JCl8eyKJTjeL5fCDaWlVWUhm+Glgp28cADMYG3AKs9mKWaIeuSXMEmK3F/NkEzjkAB8SSCg4320O695dpPPfCtuB4vWDzZmyd1PaDj4KMl/68exmnPy0xDE/l89g6CWPWiNehWXThWy5SVhtp4OPq4r2iETMhMEF/IXT+yItIWNuTUt6gr17C0Yijgf1nBkaJX41IKpjneN1uurGr+BnIFutyKra0GDbZ736F7baE4T0HKsUGYMM4TKPjIONTI5havY5Q1XYxFWTSZLdrWmYaw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB2032.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(346002)(376002)(366004)(396003)(136003)(2906002)(4326008)(52536014)(38100700002)(7696005)(8676002)(316002)(122000001)(966005)(55016002)(9686003)(91956017)(186003)(76116006)(66946007)(66446008)(83380400001)(66556008)(66476007)(6506007)(71200400001)(33656002)(64756008)(110136005)(478600001)(8936002)(86362001)(5660300002)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4uwQK0nhmQ2MrVRYGKm9IQArGQ1uLmGXm7ESx8mF2stwRb5qYqGDBFjmLzgZvJ3qFdKTBAJOp6MawkAUG9qfjx15aLwajoFh08gw8Wt8eQZ3a2wUn6Mb5KRo/xkaUmzNAacFx0MFw1G1AqEJIGr3dHqFDbVT+sWwG9pp21KEcxWE2/5SP32aMTCAMui7IjTIe67oj2TQbr2Vr51/E07DfWrPX9/eYGHtcp3QtvAKbDjBzJLWM55ul9loPyPDXzjA4mOhwF2XRSCinm4K9i15e1Vfi/X8aVvVnBVI2s33w+AX9FTrJWPFzBIGNCqgATYKxpzSOYL0qTsXJ2e4E5tIfG0vpIdOEulZ0Jtnnca2wkScv/dExc+Ps8G+vT9BiryOIlAlkyTFPnz5k3fYMS0KYAOS/k1ISnaOusBobfsu6ozLnP/oAm1tJ+bz1xhwFtIF2aXawNSRW5ZWs+8C+OwFTNL+ngUew6hLuUwTrGZRyw5/M6eLfwibFtCVMmY3sYoOiu9n3S/FugdokEwk1CGzcfadDdeFGDrTJRMRDgB+8Qp1mutXT1gdXdqZdqpqrhFZL2lvelQ51HnF+xHNrGzDIHECsWt7Z4eU4rO9yw9Gpk/NABiVPPQZrfxGym5a9spybWPBep+qgdgMTvba4Ra5CstVueBLVNj3M6w2kdedv4ArAXmjAfV6bBtZVb68oVzQjICnm9avh2WwCBzatlt4SA19xs7Lm7955QKN/PA4M1Q4JGOR7wvXRn4MNm7/snehiLT06NNhsxEdJhFIAq8eNo4pX4wgV8Yfy49+yNdN3pbpPLBFyPf0ZjaAZ6sJjUdZ9LWT3omhf5NbSO1qKBPVqUSZbYJWW8LvkfR43aJxig+lClZYimO+eW3sS4llu8VZ/X1aGmUO545+yPlttmGnIA5rxi+lxLNRvRH3XcwsCdHi9M9tZ9QsKva5sey0xaCBl4LVC7U+Z1363nOA7RpmTwUgN77T8Ktuflh9NGy80KrONhosoeHF57T6clMpbuCPoDlENtH8AcuVHPtREtMtCsGjnfgplw60Ol39jwAOPgUO7q+jYgcDxLTNSd4I7QqHjr6K8JTMVKP5wMMixcAh8iKgnUcjkJyCwjyqjrO/exk6XgxiPotGSW93FagkFFK3OOXjrYOJD9MA1obM3r/CB0ADGEp7PbO7+rettZTKWAbEybl/dU4GEF2svoN5oFHtY1lBhvKZ6NLVPJEb5nLALZwfLCZmdHgFZ0Nh3I64XALc8YUo7BjuugOc2eKVm92lYqJCbOCjSq9DVBSZ8ufLZhK81zweoHLbmPnnaW5RiDA=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB2032.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7978e83-2fc0-4c40-09fc-08d92f5e0992
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2021 17:58:38.3133 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KLz6a0hUenCmavP8OVM/S2T1ns1Vf9Lupb5ESAGna5dgADaTVG7dN/OV8zK/zU9lqhnYwb9MsVPQRKcc/i/DPA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4977
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.21, xbe-aln-006.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/OQE1rxs1TQ-WJYo2Mk-TODoClKQ>
Subject: Re: [netconf] Create IANA-defined modules?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 17:58:54 -0000

From: Kent Watsen <kent+ietf@watsen.net> on Monday, June 14, 2021 18:22:
>
> Since the discussion has been mostly about *how* to create the IANA-defined module (not *if* we should, e.g., dropping the work for some future effort to pickup), I take it that folks believe having the ability for configure supported-algorithms is needed now.  As no one offered to help (:sigh:, and people wonder why this work takes so long), I wrote the attached script that creates the attached module directly from the data obtained from the IANA-maintained "TLS Cipher Suites" sub-registry of the "Transport Layer Security (TLS) Parameters” registry here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.  The resulting module is also attached.
> 
> Tom, you will be happy to know that the all the identity names begin with “tls”  :)    Also, there are no “feature” statements, since there is nothing in the source registry that can be used to generate “if-feature” statements.  Out of the 347 algorithms listed in the registry,  310 algorithms are marked “status deprecated” (driven by the “recommended” column having value ’N’), and 7 algorithms are marked “status obsolete” (driven by the "SC-tls-des-idea-ciphers-to-historic” reference).

I was on the brink to volunteer, sorry that I didn't raise my voice in time.
Good work, nonetheless.


> Regarding if to use a  “config false” tree or an RPC, Per makes an interesting point about “must" and “when” expressions, though I do wonder how that would play out in practice, as said expressions would (presumably) be defined under “config true” nodes and hence couldn't reference the “config false” values?  Maybe Per could say some more about the use-case in mind.

I saw a use case where some subset of the configuration tree
(e.g. a list of devices or restconf/netconf tls servers) could have
a schema when expression depending on the server's supported
algorithms.

However, I did not think it through that they were config nodes that
were going to access non-config nodes.


> No one responded regarding if we should use identities or enumerations.  The attached sample module uses identities, but it would be an easy thing to change the script to generated enumerations - thoughts?
>
> Again: if “identity” statements are used, and the module is *implemented*, it would NOT mean the server supports all (or even any) of the algorithms. This would only be known if the algorithm appears in the “supported algorithms” "config false” list.  Does anyone feel this is a misuse of YANG?  IMO, YANG identities needing to be implemented is not very useful in practice, and so I don’t view that as a negative in the slightest.

AFAICS identities and enumerations support the same set of
sub-statements .

Using identities it would be possible to derive them from
other identities, and by doing so encode some more
information (e.g. is it a symmetric or asymmetric key etc).
This could hold some value.

>From reading RFC 7950, it looks to me like identities are
much like atoms or named constants; their existance in
an implemented module does not imply or guarantee any
working (code/server) implementation. (Correct me if I'm
wrong here.)

I think identities should be used.


--
Per

v2.23.0 | Report a Bug | By Email