IETF Logo Mail Archive

Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types

tom petch <ietfc@btconnect.com> Thu, 23 February 2023 10:42 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE3D2C14CE4F for <netconf@ietfa.amsl.com>; Thu, 23 Feb 2023 02:42:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SXy8JDw_hdwm for <netconf@ietfa.amsl.com>; Thu, 23 Feb 2023 02:42:14 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on20710.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe12::710]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8AA6C14F72F for <netconf@ietf.org>; Thu, 23 Feb 2023 02:42:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=buqKBQP8VGDrAS8apsuWcVtwMHzCeXmeM1f8juOdlXsmSr1C1XPfOKKyGarxf+nAlUHjp4k/sT+8UGYRZ3jwU+Nts5y70atNLwfgd2MCucvi1E2sop9om5QaVOJcyd5NXgLImCd2QW0AS0F7ofoMqOZLwkCJz46rdq2Ol+tNv1DCmQ4jZ+3/XLfAlYynkIDiXPNKPmFo49bDp4wHfG6GpsbhVi4VAoVVqa+enPanepgr2OmmTkwqeyti2TRskD4MqHkM+bYzYe9gc3/VhIRudeHUpoqBdUzkQEMlfnCjM1UMl1tnyWNZRFIlKEmdfGDMkiAYvTSEA4ijuy+z4N7JXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ONtjW+OqLEWPUIrzX4ZYSgUOvX5HeuMDtxKcEqNpCg4=; b=jrOCrJ3jHWz0iOtzrr5oe5dmEeKiwR7W0KtlC2xHLwQghzSz+m6CtZTR8N6X9oH1s7JbtFD+5PGaMKE5o2aFn+IbWrFmncZJvVpbNKmCrTQRPXd8U2gEPgLXxpDvuujOaWxq2UqrwMnIbXjWbacnoZKvEdsq18+GFQwSynpUij8ufv5JkQJFnH+5cUMPefpcJhOZ1E9V7mAXYcGXm0tqRNszpiqqOkl4XWBli6CtTcuBPrSB7SgS2jKg/zAftjzFZFClM0u1jQYCDVTBuW35Lk5hRLCVl8O7N+qYC/E6R89wFy3nTgROHFlNVI8+cbKwRAx3bB/+R3zMXi7a89YJww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ONtjW+OqLEWPUIrzX4ZYSgUOvX5HeuMDtxKcEqNpCg4=; b=wskrZadCcY9hxIVKNE1pYu/nK1NWMm3puj914vdFHAhDwYH3bddclZ2YQFHXyr9QXZ4Ru2AHN4FvgNIzlz4iUsNOEtk6qqz4Zz0r6JfPDneQWZoaNQxqW8CH+9ZZTMp3OXL0L7d/wGMcGe185eIPhyXQX5b6in+fcVO3j+QJnns=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by PAXPR07MB7790.eurprd07.prod.outlook.com (2603:10a6:102:135::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.21; Thu, 23 Feb 2023 10:42:01 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a%9]) with mapi id 15.20.6134.018; Thu, 23 Feb 2023 10:42:01 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
Thread-Index: AQHZJoBU1QtPmTf5aU2S8JGvSqKeCq60w1KAgCfUwj8=
Date: Thu, 23 Feb 2023 10:42:01 +0000
Message-ID: <AM7PR07MB6248217B93BCE5766BF42E1DA0AB9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <BBA86E54-570B-4257-A67F-CBBD37F62CC6@gmail.com> <010001850717709c-1c366be3-81ff-461b-a35e-6ccf83b98a52-000000@email.amazonses.com> <AM7PR07MB624814A8E0C4A0CA86B2F3CFA0FD9@AM7PR07MB6248.eurprd07.prod.outlook.com> <01000185fb52d9f5-7772ba8d-c2f8-465a-9c9b-0e37f39bd6aa-000000@email.amazonses.com>
In-Reply-To: <01000185fb52d9f5-7772ba8d-c2f8-465a-9c9b-0e37f39bd6aa-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|PAXPR07MB7790:EE_
x-ms-office365-filtering-correlation-id: b122cc7a-c2d0-45b1-7678-08db158a98ba
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Hq+Wuc87kdeykQLube1VEzfMm+IMPWp3HZfcyXS18Tv46PbsiZkrWzVjVBQoe/Ut46F/YRX3ddt6VIuocpzWHyXiXic+Ncaja903SQaPHPIUufy67VnAPW4CgTH5i28Q0uKw2VCiXKUiEshvIEabrK9Q3p1M71OM3jlTfHP2twRIBLxalyyMUBvJMav+hFEqxp17OO0KrGJ7u1dgia67aXGNDuR4erSXnlR+hu266m8NoXnwB29HCJJPw+vSUIy5/UCIQafCeti/zLlDFXcFJ8U3ueMep0oR4SFXEeJEv0QF+wkidnWeRlv2MBWHbwErk3gGLeIj2uKgpLIbEh5Jm/o4hrNsNGUD5LlYRHJkUNjJCHjwXKFeu2X2G7cNhB7Uk9n5f/+yFwmSXeEausUd99+raFUzTY3PKTAz5Af0O1HRnxPuemDxdvxnO64TEODeU6i9l4NqkV50kNLiZxDUHheNJREMEn6dG3TkUz+9DpCjKkRiJJvuicbuxKGC+8eAsFC9DvK6QjJf7lZhOix5ItaBY8F+mFhIYOMqu8WuH5t/wM+5Bj+qX2J2teLob61SfcYbfLrFlhXdlfq1RTkZeemgqSh+7UsNgzlRr82NxLUzYE2hst8n2QG28+C4KRM71EzZyHSyBqOH4EaB98C6azdizcqV7LEncX3X2vDnpMSqqSBMSZL1recbG6Wr/DeLss8sp4/jXsSBjEO3X7wcaI2m5pIXaUknlmY2tLglcSQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(366004)(136003)(39860400002)(346002)(396003)(376002)(451199018)(71200400001)(478600001)(7696005)(5660300002)(8936002)(52536014)(38070700005)(86362001)(83380400001)(38100700002)(122000001)(82960400001)(55016003)(26005)(186003)(6506007)(2906002)(9686003)(53546011)(33656002)(91956017)(76116006)(41300700001)(54906003)(4326008)(316002)(8676002)(64756008)(66946007)(66556008)(66446008)(66476007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aA7hQUj/zHwuTkEEMKb80ZFJVnV0x4yqVtNm/FA9Y4BjxUJdv81z/30bIBjs8hfYrYFRQfJK2pHjM9KyX2od3nkZ+iOTapxzbkRG4Ri8s8YB+rOHVJ707GheGRAW61I5Xah/7bxjhpYE2MTWiqx4bmrib74mIFCzeMduZrS2YMlXUgFd5j/N9hscYY1krQzb1XTSWw3E+GoQ3+zuzckA2pkc0jHacxZkRnzIHqUGKEbCX+6Hgcxyc7r1OHuHAY3CVwswRkDIdzoFl2lim9ndXDhNMvLHAxTD6N/CDYhbPxsUw3+xYLgUlEYtEBs4e9JFPNb+q6FGoZ8BUbHQ4jGnmv8EcPh9UQIwMuyoKU0ufLG7D+DpDeXYBIj3uTufr6LAQFaHvYbj8hsid6M4VUd6N3N85cisDqtVIuBcDeRoRrb6wGLm6kzJfI13c8gKqA+qdC4oS2hpWNHt5ykfEQxWh8T2/cMZZhgmtlP6QPhB7j64XnPQL8ifLmun+VkrbByi9NigtS3iZxFZM/hLWP//Q6JAwJK4ZevuHV+ZfRZfp8/tS1w6uSWFs+U4b8peI/ejK4d4DE2jr9nQok9JlcNdlT/V4OUHf4eCGrrDitdmMH8cGa5cR8Z/Fd3kEzO3i2DkUEqNJh8dYYUcTKqQiHki/fZKy/a/mhi8Fj4Rc+J0GNJX/A+C6OazglDbuTYj2xinxJK2q/DoGbK7AiiBmvG3h5EaGpz976ojPBhnEavM4xxoZOhlr4ABC7c9CzurclCTLMqNTAbS9gU2kQ6FLgH5Q8dWR+uwyR9c54HyYjtwBvcR0bXl19Q2S3CC5B8u6+h+0mDtXdjIZw2fXU/TdPakS6DN15z3OXeQEaB3Z51R1nMuZhKdJf8NnaKk//SexSDn8rjRIpyzxSigK/O+vkm/tJeflKF9ga0YaEf9wP15BdleMJW3bcNHIxkL//3B8desfZDvRfcYsPabkSmqG7zdSq7mHkdI0n6j87QKM5GHVNtxH6yOAI3UwHeDjI86fV449w87Bhimjcc5E5gZ/IHpfzW4VLd7+QrrF0UZ9eOeVReqW2kQqlZ1EHJP5SgSYtBz3Vk0BH+e7kcOg/gKd/GX9m1PonBbVRrUG9XGQlzOUveVi+FBrETscs05oAwJjpcxq/e7ANlxIgbROwXRgO/vxaS1QOS1X+KVybmzzBwHOhqa+8zK+eAt1VioQlKx34gFS79/rzt/FFgeDbfCQGVzNCMfML3KafZkmb3pij1TuisufnS2mvbkSEZkCTGRQ4j5VKC83/FXfRuAKPKirx5NbCRHnUBLiOXdHqXoknWYz1wu0CbqigEnP4QUads8BO8hBuN4y9SxSSOAr2ZNJfA59WdJZ2E/M7xpL83JllpI0WKJpkRaPg4Jvz9IVzJAj1dEQoGeTv0PEZf3WeN8l+5Ql9iuuH6ygT0sfScbRJgYIc38ll7TSuNr5yMKhVj8ST8nwBcKi6DsUIdZveHqYLjJe8S1apd1iyk7JBAGHFA8CNLllqqHPIIPyBusgcm5zOpVKGALwIM3pEmsIfneOddsSQujG5Nl1HjJ8ivORVu0j8rLe3Gnvk8gJGYarJd9bwfX
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b122cc7a-c2d0-45b1-7678-08db158a98ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2023 10:42:01.4927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DLxx0T2iS7P6yzceN+UAiJNJ2tZ+XkGflfVfVP5fCneKwi6s4AuN7frYSgpmcTp2loTfgB7rvVXMYCnV0Eoavg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR07MB7790
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/O_oOr2_AUwk-ZCu7KrHkzzZ1B5g>
Subject: Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2023 10:42:18 -0000

From: Kent Watsen <kent+ietf@watsen.net>
Sent: 29 January 2023 02:19

One comment inline about my concern over 6125bis under <tp>

Tom Petch

Hi Tom,

Thank you for your review of the crypto-types draft.
Please see below for my responses to your comments.

Kent

On Jan 12, 2023, at 7:21 AM, tom petch <ietfc@btconnect.com> wrote:

Some additional comments unrelated to those of the Shepherd

RFC6960 is in the module so needs adding to I-D references

Added as a normative reference.


X.690 in the module lacks a date which makes the reference ambiguous

Added.


X.690 in the I-D Refs is -2015.  This is not the latest version - I do not know what has changed.

Updated both X.680 and X.690 to 02/2021 (the latest)


RFC6125 has a bis in WGLC

But we're okay with the current version - yes?  Do we need to MISREF?

<tp>

The issue is likely to be that 6125bis gets advanced before this so 6125 will show up as an obsolete reference and 6125bis has a lot of changes a bit like TLS1.3 has a lot of changes compared to TLS1.2 and I do not know if 6125bis will be ok or will need some templating in the way that TLS1.3 does before it is usable by anyone else:-(


The bis doc:
<https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/>
[ietf-logo-card.png]
Service Identity in TLS<https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/>
datatracker.ietf.org<https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/>



The IETF has abolished the page number which makes s.2.2.1 10 pages of stream of consciousness.  I suggest introducing subsections.  I see some obvious places for them

Subsections added.


In the same vein I suggest including the subsections of  s.2.1 in the ToC.

I like the ToC as is.


I find the use of -grouping in the identifier of a grouping prolix.

Could be, but you're the first to mention it.  I'll note that I started doing this as otherwise things get confusing when scaling up to large models...


2.1.3.  Typedefs
  The following diagram illustrates the relationship amongst the
  "typedef" statements defined in the "ietf-crypto-types" module:
Well no it does not illustrate for me without a crib to tell me what is going on

Added word "hierarchal", now "hierarchal relationship".


s.2.2.1
OLD
  The diagram above uses syntax that is similar to but not defined in

suggest here and elsewhere
  The diagram above uses syntax that is similar to but not the same as that in

Replaced with suggested text.


   feature p10-based-csrs {
      description
        "Indicates that the erver implements support
/erver/server/

Fixed.


OLD
       How the associated algorithm is known is outside the
         scope of this module.  This statement also applies when
         the octet string has been encrypted.";
Seems clumsy; I suggest
NEW
        The identity of the associated algorithm is outside the
         scope of this specification.  This is also true when
  the octet string has been encrypted.";

Replaced.


    grouping asymmetric-key-pair-with-cert-grouping {
    grouping asymmetric-key-pair-with-certs-grouping {
These are both described as
'         Implementations SHOULD assert that certificates contain '
ie plural in both cases.
Fixed.

I think a more comprehensive description is needed of what the difference is between the two.
Made description more comprehensive.

Also, here is a case where that terminal -grouping is not just redundant but is likely to cause errors.
    grouping asymmetric-key-pair-with-cert {
    grouping asymmetric-key-pair-with-certs {
would make the difference slightly more obvious but depending on what the difference is meant to be, which I do not see in the description clause, I think one or both identifiers need changing
Updated the description clauses.

Kent



Tom Petch

________________________________________
From: netconf <netconf-bounces@ietf.org> on behalf of Kent Watsen <kent+ietf@watsen.net>
Sent: 12 December 2022 16:07

Thank you Mahesh for your comments.

See below for responses.

K.



On Dec 4, 2022, at 10:40 PM, Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>> wrote:

Hi Kent,

The YANG Data Types and Grouping for Crypto Types draft is short, well written, and easy to understand. Thanks for including plenty of examples on how to use the model.

There are however a few minor comments that would nice to address before forwarding the document for AD review.

Thanks again.


Section 1.1 - Relation to other RFCs

Now that the set of modules and drafts in the “client-server” suite of drafts is known, can the language in this section be updated to reflect it. Specifically, can the second paragraph be removed or replaced because you list the drafts (if not the modules themselves) in the dependency graph.

Removed, and cleaned-up the language in the next paragraph.   Now reads:

   This document presents one or more YANG modules [RFC7950]
   that are part of a collection of RFCs that work together
   to, ultimately, enable the configuration of both the clients
   and servers of both the NETCONF [RFC6241] and
   RESTCONF [RFC8040] protocols.

   The normative dependency relationship between the various RFCs
   in this collection is presented in the below diagram. The labels
   in the diagram represent the primary purpose provided by each
   RFC.  Hyperlinks to each RFC are provided below the diagram.

This change will effect all in the suite of drafts.


Section 2.1.1 Features

This is more of a nit, and would not mind if the comment is ignored. Can we remove the leading | (pipe symbol) in front of the sentence - “The diagram above uses syntax …”. The same is true for other “tree diagrams” that follow RFC 8340 syntax. I do understand that other documents in the cluster follow that format, but it is not clear what the pipe symbols mean or why the text needs to be formatted differently from the rest of the text in the document.

This is how the <aside> element, in the xml2rfc file, renders.  I wish that it rendered as a box but, alas, such is not the case.  In any case, Juergen made the same comment before, so it seems pretty annoying, so I removed all of them, in the entire suite of drafts.



Section 2.1.1 Identities

s/format that key data/format for key data/

Fixed.


Section 2.1.4.* Groupings

Most of the grouping display an abridged and a full tree diagram. But the difference between them are a few extra lines. If the diagrams were truly different in size, i.e., the extra number of lines in the full tree diagram was more the size of the abridged tree diagram, I could have understood displaying both of them. Are the two diagrams really necessary in every section?

Not necessary.  I just removed the "expanded" diagrams.  Now this draft is more like others in the suite of drafts


Thanks again,
Kent // author

v2.23.0 | Report a Bug | By Email