IETF Logo Mail Archive

Re: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt

tom petch <ietfc@btconnect.com> Thu, 23 February 2023 11:17 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70ED2C151554 for <netconf@ietfa.amsl.com>; Thu, 23 Feb 2023 03:17:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNtGCP34YU6f for <netconf@ietfa.amsl.com>; Thu, 23 Feb 2023 03:17:20 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2090.outbound.protection.outlook.com [40.107.6.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46FEFC14F736 for <netconf@ietf.org>; Thu, 23 Feb 2023 03:17:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kmejVX7Rkv7rpviiLv4SJoCxyEk0Ywwn4Nsak2V2HEGJON3oOCfAVHvEtJv++i6WNs6XLPxiPrueLUnsnDJCJXGdhE5Rg/e9m7Cd3JurbGXtqDTYJ0f0qfq/DFCgwlM1clZ6jA8lWQZERHe9WqUitJdVNhrI218dCJsNL3F165XzhD/ghsfqN8vgUmSW2dHgQ3PwOCiVJAsJHcIvxB5/LPX0Z3EQjv2mIoS1lJLs2lhZgbV2n/o24WbfgvbBNSBQiQIUrDjNSHNDVT3Y0Ah68YWoBXlmPVQQV75OyaR/rLyBfxkX+wOUm0n9sDF3FSgsAb3+IeuWZiTVkeHGu+17zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NQum9FwFqygwPtbLymatC8IsTIgquVhjjxfI5WMcLlk=; b=Rc6E3kUb38ubdbgqX5u3T215lQ/hcX+B2iSuB0U5RAFczFYZF16pjuRpl6k1CGyMFn8K+NrFVGOsps8XBPJ0lIKIAfMsuOXpxmcf1Kx2Q2kymV8xaB4pv09OGvY42AnmoMrIKThl9dzCs87v53gO1+AHA8SB2GOSjXAIIoAB4/alO2LF1gbWsOBa5okppVoV8gL+3shUKr2VkcYvhvM/1Z7xk2dQuDkESqhBvUaxvbGwI9RrEWqBuic+k3a8RyQ1mXF9OfY6hCeAJhgsIEoA0o/EWV89W38u23muAw5+o6iI/RpwFnHK8G1PX2VFfUkroiCXMXsezhDZImBClnqvuA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NQum9FwFqygwPtbLymatC8IsTIgquVhjjxfI5WMcLlk=; b=RKQOqirCbBW2v0M4aLFpVIEY3pJ7EWn+fm0prd0CEj0B052T4ZhTrMCsn5eGiKT/8egSw3oAGAUtARORPQttzxRmckuawpqxG7CPaDeFXFG9QShu6JfZ7gCgrL7OepQExaVrLF4qLCqJuIxLgtvZ6Egv2FJOzxisCQWxpY8NWaU=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by AM0PR07MB6307.eurprd07.prod.outlook.com (2603:10a6:20b:159::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.19; Thu, 23 Feb 2023 11:17:16 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::d0fd:8461:b6d3:748a%9]) with mapi id 15.20.6134.018; Thu, 23 Feb 2023 11:17:16 +0000
From: tom petch <ietfc@btconnect.com>
To: Kent Watsen <kent@watsen.net>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt
Thread-Index: AQHZDlqJEQexgEdWrU6y3VkhOjn+T66kSplrgAARNACAAEAsdYAQWMyAgCfYUz0=
Date: Thu, 23 Feb 2023 11:17:16 +0000
Message-ID: <AM7PR07MB624889EAF4B5BC1DFF082DD4A0AB9@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <167087094875.45631.5752947059896213334@ietfa.amsl.com> <AM7PR07MB6248CDDEA380E553031F4622A0C79@AM7PR07MB6248.eurprd07.prod.outlook.com> <c95d0f80-9ee9-8960-098c-1ec8060eb98d@sit.fraunhofer.de> <AM7PR07MB6248AF994BDAE1934A9A3D8EA0C79@AM7PR07MB6248.eurprd07.prod.outlook.com> <01000185fb56a54b-2f700d39-54d0-4e5d-913c-639b482df879-000000@email.amazonses.com>
In-Reply-To: <01000185fb56a54b-2f700d39-54d0-4e5d-913c-639b482df879-000000@email.amazonses.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|AM0PR07MB6307:EE_
x-ms-office365-filtering-correlation-id: e6cb1dcf-731e-4576-c7f6-08db158f8577
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: X2xhb5pRwXX4J1RhgsYpxwK5izsnxcDlbmC4+cUs0/g5eSVu44ISZ4DqX/7dOrG2KXDkm9gIuq7Vf4uQjxK2YZK86PE7Ri/eWgu1+wQ5qej9OstvxaVRWGsqAsls+t9cyBez7iVK9DzzxrUTLPEiszTq2vYLRfus8oGF2oB4uMVd671kzh8RmJQ0fDC4wZaloLC3bwSOYxoiNlHPnL8hIEs7g+2GUsjX6YHwIRcjICnS6S7Hs6D1jmVKiKbDqqqfuGmPYiPSjCMJ+eO1Vv6y5tLyk91/i1hMOQmDynWii97juEgzBwDdtskxeIC0xDw/ocavpcs6tsFs9FktpTrSrMY2ZldbxlIGQ2pV8dln6XFsrZrooF8U7seDDhaRtdZhyeE9ngt4v7CSS13JoOtqtxIdnYjEG1xNn3aXFmtLVNDchsgw+XWrkTvRm+SGUKRzUls8KpfF5JMMik4NdiDXPAuG2cnfwW/zc58bUZC4OSyHxO1mnyok+UV/6bsQ1MGo3+q1iRKjmwdwSHthE615bqOfT0Z9bzZXlu0dlO+pqu9+6dMroNk/m7vJp2P28pjV0JhJML06C8SEhxxpHd+QwLRKEcW67+UIzu9usKLJXPu6odow3/JctaI5RwM/tfSibubHXUZmg9vS4IOlg/8hTU16ugzO7Ip1FrnDuLuXGesbip8X1fNJ/pBoRU5dx/OgeasP+iX4SQPQ6RnyWyXEy6kJ5ZIc+9hodyuGl/Yp/brAarU3qU/jkzx/V5VbLX3pnnpJdi5BjZuUhq6K0ifmIw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(366004)(376002)(346002)(136003)(39860400002)(396003)(451199018)(66899018)(122000001)(83380400001)(38100700002)(82960400001)(71200400001)(9686003)(4326008)(8676002)(6916009)(26005)(64756008)(186003)(76116006)(66556008)(66946007)(91956017)(478600001)(6506007)(66446008)(38070700005)(316002)(66476007)(86362001)(33656002)(55016003)(2906002)(4001150100001)(41300700001)(52536014)(8936002)(5660300002)(54906003)(7696005)(966005)(66574015)(53546011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Jgtb/Gp5O2vbBthU21UDnOqhI+AdV9HXMC433ziL23eTarvYfQKJ35kgkfnxoyFPyoRTCKNBfzl4dXHkXQH6k20doJWuAfTqicaqXI9/4H+AY+BurRlZ7hwxOMNqyXzJRejU9E6zh/C4zetFU+CQdlhH95BqsAwtfyaaAcLIOur+hPc9YynCwzG6FdQCCWs4aMILj/Ar95P1ZO7wuLFoJn9sJpWSGyI+g2PyWFPvPpbZSf4SgkSLr5yyP0CitXW4C4mnpvr5CW8mNJV/XyNKVk/z98XePzEGwpIjvWTgO6qKCrf5cBODBPziVWmpyPztLpwVWeJnwlEcQ94cCXC+hAcRH3DHFJ6jLHEqMtGpP4O0hLkjEW89R1+BfHJhCpve5kOLPIi3R92VpOAmPeWn7PgNP+EBXhctIYkkvWHQWgIyX7gC8s3AnwMayj8Mm8tiOzWxdOhJwB2P0UHq5p8AlfEOh8EX5xH79vFxT2PLTetxiGn1ZN3jomFkhLqK1+KmGn8xMwqhUf8XmcJkBneOz2z3eSKs85FSKj/lGY8XJiqg2Q5BXhqdrkJJHm/pNB3v6/ORdCLmMtr8lF7ojXDTLd725aQAtU9mYj9HacTwrzRjehybrpunFoog6rglcWCvu2r9rQLsAW/Iprxl4CjfQkDBHvEZFXLa8dy4/HZXBZ1ymT6QNMLr2uO7yi5ooOWN5LANK5qajrZlmWN48MUwqk6SQ3/DfwM2GJMoQSZnCwCKMABm7nZkWaK6MDQ+b2VNbKwvSiP7nLjvdu0ffD9mH2Ny81ejb2YHYkdKIKZEnmbh+SZzW7y8kEEDHd8Ox0eUFvhOXBXudziItjErizUUV+iIg/uZyjsYGmU3BzufjyNIU+PdacRivu1pxAxa2Fyr5ojWQYNRNekXl9Iui7R2AyP5s2brGWpL6Vix++PCgCRyOIpoJF/s5mPtlIZKpyrjmaqwEPaXMa6mBxGAmx8FCR17orWQtUvEIAFCSvba2G9i4WL0k+MYHHWAE6A2a4li4XotNJK8zcex1uv6A2tjeknxiT879l8DFyUeleRodn+rr6kwne9Y7vqAIK/s2HMG4qHDNxoL2lxZxxYSzcnKBcRgCjCurvwqTd21vonrtd0VvHpSY4Nb0Zs6m7M4PSPrSRHTEPOEbtuPc68iIdPr1bz35ocYTu7F7E84P02x2KCHlruqbdnP7vfxctS4GNJovybGCk+oKOL7yQQv7lV+ZbkgZRIEAKiIijiMA2iUE+tiOixrHZHFDiVQ8RNPwuaY8QV6txNXUIrvLD+brkFRbc6ft8/DNp7gue86keU0wKDgOGP9drKQi6CXR8eKeFRYwCCNEeatnCSw7AxkcuZMBTPF60QrmRatPBrX/mycytHuaaGicbgJdKWmNcnN+ep5wBCok+Wu15NH1LQLU0l848jYKcamu0x1hbvR+PEhNMY4dQKE62MvVVNRnwgbQXkmMVkZeG3jmvDGz4MDA6W/s8Jf2DyZHMi3DqRSL4xblAHzAGJJL11WmTVDff3mYbomCs9BLocwOt6FfTb5wcM+yyqZn4rTgJ3omSaCOkZzHLvr/UH1BIdHZKeDh8zfwIEL
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e6cb1dcf-731e-4576-c7f6-08db158f8577
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2023 11:17:16.6471 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bXp5wFnOiN/3pE2qIXZsngDJiGiZ04p/4tMM/uu/FUhjL1kLB9X3ftvl8oazMGvv84il1MS255xgXbRk1qsovQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6307
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/RlWTM8WCcF0Aw4WqarIonXm2h20>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2023 11:17:24 -0000

From: Kent Watsen <kent@watsen.net>
Sent: 29 January 2023 02:23

<inline under <tp> in several places >

Hi Tom,

Thank you for your review of the keystore draft.
Please see below for my responses to your comments.

Kent

On Jan 18, 2023, at 11:48 AM, tom petch <ietfc@btconnect.com> wrote:

From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Sent: 18 January 2023 12:56

Hi Tom,

to your comment on "Security 101" content. I do not see that basic
repetition as a flaw considering the scope of audience, as implementers
might occasionally tend not to read all useful, but only the minimal
essential documents.

Having said that. Maybe the "Security 101" problem can be avoided by
some well-selected references to the extend of "Security Considerations
about key management of RFC-XXXX apply"? That could avoid the repetition
a bit.

<tp>
Henk

I am contrasting this I-D with RFC8177 on key chains which says
'  Implementations with keys provided via this model should store them
  using best current security practices.'
which is the sort of statement I would expect to see in a routing or ops RFC, leaving the technical detail to a Security Area one!

Tom Petch

Viele Grüße,

Henk

On 18.01.23 13:37, tom petch wrote:
Some thoughts, editorial mostly, on this version of this I-D.

Generally, I find many of the identifiers cumbersome, up to nine hyphen separated elements; I would see three or four as good and five as tolerable, more than that error prone,

     grouping local-or-keystore-end-entity-cert-with-key-grouping
As ever, I see -grouping as prolix.  I would also like to shorten local-or-keystore as a generic term for well, locality, or location, or place or site or   .... there are lots of possible synonyms.  Also where the grouping is about a cert then I think that that should come before locality.  To me it is the cert that matters not the option about its locality

I would also like to shorten 'cert-with-key' which occurs many times but do not have an alternative to offer.

You're the first to bring this up.   Whilst you make good points, I'm unwilling to change names unless others chime in.

The other general comment is that in places this reads as Security 101, which I do not think that the Netconf WG should be publishing (even if the text has come from Security ADs or such like).  The changes here would be small, deletions mostly,  but I think should be made.  Thus comments about built-in keys SHOULD NOT be cleartext are nothing to do with a YANG module, they are or they are not and no YANG module is going to change that.   There are several such statements in sections 3, 4 and 5 which to me belong in a BCP from the Security Area.

See discuss with Henk at top.   IDK about the the keychain draft, does it's data-model contain nodes such as "cleartext-password", "hidden-password", or "encrypted-password"?   The particular paragraph mentioned regards "built-in" keys, a concept unique to this draft (AFAIK), and it seems proper for the draft to say that "Built-in key types SHOULD be either hidden or encrypted", but not cleartext (even if projected by NACM).   FWIW, I think that there were two SecDir reviews on these sections.

WRT "There are several such statements in sections 3, 4 and 5", please provide a complete list.

<tp>

Well pretty much the whole of section 4 and in Section 3 statements about built-in keys not being cleartext.  This seems as applicable to Kerberos as to NETCONF which is why I see it as a BCP the Security Area should produce.  That said, as other posts of mine may suggest, I do not have high expectations that the Security Area will produce material that other Areas will find a use for.
</tp>

Some less contentious points.

     grouping asymmetric-key-pair-with-cert-grouping
     grouping asymmetric-key-pair-with-certs-grouping
I think an unfortunate pairing; that letter 's' buried in the middle will be missed.  Even
     grouping asymmetric-key-pair-with-cert
     grouping asymmetric-key-pair-with-certs
could cause erors.

The error you're concerned about seems like a small thing.  That is, even if the wrong name were entered, the tree-diagram or CLI/UI would quickly reveal.  So no a big deal?



   The term "keystore" is defined in this /draft /document/

Fixed - other instances (in this draft) are fixed as well.

The term "key" may be used to mean one of three things in this /draft:/document/
Well, four to be picky - you also have it from RFC2119

Yeap, like this one.  Fixed.


In the tree diagrams. the type 'string' seems to wander around, as in 2.1.3.7, and not stay in a predictable place

The tree-diagrams are generated using the latest version of pyang.  The closest RFC 8340 comes to providing guidance is "Additional whitespace may, for example, be used to "column align" fields (e.g., within a list or container) to improve readability".   I don't think we can fault pyang (though we could wish for better).

In lieu of fixing the tool, I could manually edit the tree diagrams, but that is both a lot of work and error-prone.  Note that the tree-diagrams are automatically generated and inserted every time I `make` and the document.

<tp>
No, anyone editing tree diagrams should be banished from the IETF:-)

</tp>

What happens to choice/case if no features are defined?  I do not know if YANG can enforce or cope with that.

Where are you?   Regardless, all the "choice" statements in ietf-keystore are "mandatory true", meaning that one case must be defined.

<tp>

In the choice local-or-keystore in several groupings, both case have if-feature so what happens if the features are not present?  I do not know.
</tp>


s.2.1.4
'The protocol-accessible nodes for the "ietf-keystore" module are an instance'
perhaps instances

Fixed.


s.2.2.3
 a big section when there are no pages numbers - worth splitting into subsections IMHO

Subsections added.


prefix eku
we could do with a documentation-only YANG prefix; to me this looks too real, perhaps ex-eku

Changed to "ex-keystore-usage"


s.3
built-in keys
Built into what?  The YANG module?  suggest 'built into the device' or some such.

Now: "keys built-in into the server".



I-D.ma-netmod-with-system
needs to be Normative IMHO - I cannot understand system without it

This document is not dependent on that work; it merely offered the reference as a related work.

That said, searching for "system", I found and replaced several instances to use the word "server" instead.  I think this may've been the actual source of your confusion.

<tp>

Well, yes in part
</tp>

Also, updated ref to point to adopted name: "ietf-netmod-system-config".


copied into <running>
copied from where?

Two paragraphs up: "...they are present in <operational> (and <system>, if used)."

<tp>
Mmm yes, with hindsight. The 20 or so lines of XML make it harder for me to make the connection with the earlier text, the XML makes it disjoint.
</tp> 

all key types may be copied
again, copied from where?

Again,  <operational> (and <system>, if used).   This paragraph also says <operational> a sentence later"


built-in key
lacks a terminal period

Fixed.


<running> data tree
Why data tree here when every else is just <running>?

Removed.


s.4 Nothing to do with Netconf IMHO!

The WG or the protocol?

<tp>
The Ops Area of the IETF!
</tp>

Regardless, this draft defines a data-model and related semantics.  You may not be aware, but many wanted to see this section fleshed out.

<tp>
I am not surprised by that but see that as a comment on the lack of support from the Security Area rather than something for this WG to address.
</tp>

s.5.3
SSH, TLS lack references

You're right, but this is in the template published by the IESG.  There are likely several dozen RFCs published this way...

<tp>
Which is an issue that a revised security template for YANG modules should address, what does it look like for a module that is all identity or all grouping or such like.

Tom Petch
</tp>

Kent




Tom Petch

_______________________________________
From: netconf <netconf-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: 12 December 2022 18:49
To: i-d-announce@ietf.org
Cc: netconf@ietf.org
Subject: [netconf] I-D Action: draft-ietf-netconf-keystore-27.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Network Configuration WG of the IETF.

        Title           : A YANG Data Model for a Keystore
        Author          : Kent Watsen
  Filename        : draft-ietf-netconf-keystore-27.txt
  Pages           : 52
  Date            : 2022-12-12

Abstract:
   This document defines a YANG module called "ietf-keystore" that
   enables centralized configuration of both symmetric and asymmetric
   keys.  The secret value for both key types may be encrypted or
   hidden.  Asymmetric keys may be associated with certificates.
   Notifications are sent when certificates are about to expire.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-netconf-keystore-27.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-netconf-keystore-27


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


____________________________
_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email