Re: [netconf] ietf crypto types - permanently hidden

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 30 April 2019 16:12 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 571771201F8 for <netconf@ietfa.amsl.com>; Tue, 30 Apr 2019 09:12:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzoAGUJTclb7 for <netconf@ietfa.amsl.com>; Tue, 30 Apr 2019 09:12:26 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FA79120193 for <netconf@ietf.org>; Tue, 30 Apr 2019 09:12:26 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 39D06B62; Tue, 30 Apr 2019 18:12:25 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.217]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id E2lx97uUd5E0; Tue, 30 Apr 2019 18:12:25 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Tue, 30 Apr 2019 18:12:25 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1AF51200E0; Tue, 30 Apr 2019 18:12:25 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id APC4zjSxP8ui; Tue, 30 Apr 2019 18:12:24 +0200 (CEST)
Received: from exchange.jacobs-university.de (SXCHMB01.jacobs.jacobs-university.de [10.70.0.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id A0880200DE; Tue, 30 Apr 2019 18:12:24 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 30 Apr 2019 18:12:24 +0200
Received: by anna.localdomain (Postfix, from userid 501) id B36063008A3970; Tue, 30 Apr 2019 18:12:23 +0200 (CEST)
Date: Tue, 30 Apr 2019 18:12:23 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Martin Bjorklund <mbj@tail-f.com>
CC: <kent+ietf@watsen.net>, <netconf@ietf.org>
Message-ID: <20190430161223.cwqfsyyxbtnkqbl7@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Martin Bjorklund <mbj@tail-f.com>, kent+ietf@watsen.net, netconf@ietf.org
References: <0100016a69e36565-37279712-e5de-4c48-9a8a-7397d54c11b3-000000@email.amazonses.com> <VI1PR07MB47353B20AF138B5B8B702285833A0@VI1PR07MB4735.eurprd07.prod.outlook.com> <0100016a6e2130be-ee556dd0-e993-459f-be28-65fe1f74ece8-000000@email.amazonses.com> <20190430.144930.844252169549242587.mbj@tail-f.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20190430.144930.844252169549242587.mbj@tail-f.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB04.jacobs.jacobs-university.de (10.70.0.156) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/PAOsWgtjZ76c1WTIFbAaual4t_8>
Subject: Re: [netconf] ietf crypto types - permanently hidden
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 16:12:29 -0000

On Tue, Apr 30, 2019 at 02:49:30PM +0200, Martin Bjorklund wrote:
> Kent Watsen <kent+ietf@watsen.net>; wrote:
> > 
> > Correct, as I didn’t think there was consensus yet.  Perhaps there is
> > rough-consensus, and it may be that the only way to gauge that is to
> > try and see how much push back there is.
> > 
> > Okay, so how about this, based on this thread, there appears to be
> > support to add a flag to control if a key should be “permanently
> > hidden” or not, in which case configuration is created.
> 
> I (still) object to this.  Actions shouldn't create config.  We
> already have generic protcol operations to do this.  We go from a
> document-oriented configuration model towards a command-oriented
> model.  Not good.  In RESTCONF, the generic methods support things
> like ETags, which I suspect you don't want to replicate in this
> action?   Will the action support all error-options of edit-config,
> like rollback-on-error?
>

Martin,

do you have any proposal how to support the requirement to generate a
key on the device that is workable with a document-oriented
configuration model? Do you propose that the action/rpc returns the
public key information as result data that then needs to be written
back to the server and somehow matched to the key that is cached on
the device? Perhaps you have other ideas I can't think of?

I think I would be happy to not have this special hack but then we
need a workable alternative. Key generation on devices is something
that is being used - and may be even more used in the future the more
we get special hardware support for storing keys.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>