[Netconf] Semi-configurable design in server model draft

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 27 May 2016 00:06 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1607B12D767 for <netconf@ietfa.amsl.com>; Thu, 26 May 2016 17:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id aBT5xxkA0C4D for <netconf@ietfa.amsl.com>; Thu, 26 May 2016 17:06:37 -0700 (PDT)
Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com [IPv6:2607:f8b0:400e:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37AB112D698 for <netconf@ietf.org>; Thu, 26 May 2016 17:06:37 -0700 (PDT)
Received: by mail-pa0-x233.google.com with SMTP id eu11so25041934pad.3 for <netconf@ietf.org>; Thu, 26 May 2016 17:06:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:message-id:date:to:mime-version; bh=4yykSyVSOLjkfvG+zOjtK8HasoZI5WwOpQkMg81wtV8=; b=WBBlBS4fX0kdHmqwH0279a/S53U5i/vj5lo1f3OaOqJScbOpHO4Dh0N1t+z6QkWebm 46bqZziZM+u1q9w9Hlf1oNp8nTtL/Yjsh2KhPcedNxvwrfFa4JezpgfDTZZk6EPzc6ho 0+4FACInF8t4c+pz68DlV3A9giZdKW0vJCYundGsidg+hkD0cyUWLsIXuluHuvtQURLR ahwnga1kizKlqm9MbYspQM2okhZHFn3FV2v9tGOeAB38VwNrFttFUWYNl9MafPlzogHr GVhUW9e2loqzO58cV/Mq13jT/Yvi8fm/8QxUNXH0ceNQ188sQg1iEHIJYYBKvxr2k6Rx ATEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:message-id:date:to:mime-version; bh=4yykSyVSOLjkfvG+zOjtK8HasoZI5WwOpQkMg81wtV8=; b=FAbAXAHNYEAsivM/mngYVUZ7gyrrO+2nAg1HRIgePXGxPkZrOmzhS7QwVSGtwL7vXw /ewHXBR9f+YI5URQCc7CmXYhjO15Z2M3Jkcq4MKVy+flZ2O8TMsNgfQLMzqp44vQ4wia iLghKogy6bj1IpvrEvxYh53JvJTR1k73/qXvgCdmdDupH9deUBtl45Y+lb0zGuCEcgOt McNxCZpY/LON2cID9Ov1ZuhLlKOGxny7/jsZ2AKdrhBZ2GO54Tp5+sB65I8I9YCXWiH/ uQsg486U7eeGk9TnX13IMJQUjlVzgroJagWVEMmwMTF3nmL10WfYWq9/CoFCh+DJ7hFn x/Ow==
X-Gm-Message-State: ALyK8tLQL8Hr3nXDkamqu0ZeZUwmuKThdJdjDXgBEpo5mybmnxVmp8Wb63MCJ6yyKHKTXA==
X-Received: by with SMTP id h5mr18066660paa.11.1464307596620; Thu, 26 May 2016 17:06:36 -0700 (PDT)
Received: from ?IPv6:2001:420:290:1330:a570:540b:44bc:d149? ([2001:420:290:1330:a570:540b:44bc:d149]) by smtp.gmail.com with ESMTPSA id q188sm8639928pfq.66.2016. for <netconf@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 May 2016 17:06:35 -0700 (PDT)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_62054681-9F2A-4149-90F1-412D93F6601F"
Message-Id: <B1909F40-B306-441E-8F05-661A400A72E2@gmail.com>
Date: Thu, 26 May 2016 17:06:43 -0700
To: Netconf <netconf@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/netconf/OtYAlqLmlErfCr3Z4mcXqRvez48>
Subject: [Netconf] Semi-configurable design in server model draft
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2016 00:06:39 -0000

One of the issues that Kent brought up in the interim meeting was the issue of configuring the private key. Some background on that issue dates back to the thread that started with Martin reviewing the document and here is what he brought up in that review.

o  Section 4.1

  I think the "semi-configurable" design has some issues.  You have
  defined some actions that actually modifies the configuration of the
  system.  It is not clear which config datastore is modified.
  Presumably running.  Interactions with locking and access control
  are not described.  Also, the resulting configuration is not
  complete - i.e., you cannot do <copy-config> to save/restore a
  backup.  This is fine, since you really don't want to expose the
  private keys in the config backup.  But some discussion is needed
  around this subject.  What happens if I generate a private key with
  your action, backup that config and then restore it?  What happens
  with config that has references to such a key?

  One way to avoid that the actions modify the configuration could be
  to move them into the private-key list.  One drawback is that two
  operations are needed in order to create a (usable) key - first
  create the config in running, then call the action.

  Another option might be to model the keys as config false data.
  This also solves the problem that some keys (in TPM for example)
  are not deletable.
The two suggestions that Kent brought to the meeting on whether to make it a leaf or an action. 

Leafs can be backed up or restored. But private-keys in TPM never leave the source. How do we support special hardware like TPM?

Making it an action requires creation of a dummy private key, and then call action to populate the data in it, as Martin states above. What happens if the key is not available but is referenced by the system?

Kent, is that a fair summary of the issue?

Let the discussion begin :-)

Mahesh Jethanandani