Re: [netconf] ietf crypto types - permanently hidden

[Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>]

On Tue, Apr 30, 2019 at 02:49:30PM +0200, Martin Bjorklund wrote:
> Kent Watsen <kent+ietf@watsen.net> wrote:
> > 
> > Correct, as I didn’t think there was consensus yet.  Perhaps there is
> > rough-consensus, and it may be that the only way to gauge that is to
> > try and see how much push back there is.
> > 
> > Okay, so how about this, based on this thread, there appears to be
> > support to add a flag to control if a key should be “permanently
> > hidden” or not, in which case configuration is created.
> 
> I (still) object to this.  Actions shouldn't create config.  We
> already have generic protcol operations to do this.  We go from a
> document-oriented configuration model towards a command-oriented
> model.  Not good.  In RESTCONF, the generic methods support things
> like ETags, which I suspect you don't want to replicate in this
> action?   Will the action support all error-options of edit-config,
> like rollback-on-error?
>

Martin,

do you have any proposal how to support the requirement to generate a
key on the device that is workable with a document-oriented
configuration model? Do you propose that the action/rpc returns the
public key information as result data that then needs to be written
back to the server and somehow matched to the key that is cached on
the device? Perhaps you have other ideas I can't think of?

I think I would be happy to not have this special hack but then we
need a workable alternative. Key generation on devices is something
that is being used - and may be even more used in the future the more
we get special hardware support for storing keys.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>