Re: [netconf] Comments on draft-ietf-netconf-keystore v17

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 24 June 2020 20:30 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D52C83A116C for <netconf@ietfa.amsl.com>; Wed, 24 Jun 2020 13:30:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1OS8i7vzhWd for <netconf@ietfa.amsl.com>; Wed, 24 Jun 2020 13:30:42 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 811993A1168 for <netconf@ietf.org>; Wed, 24 Jun 2020 13:30:42 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 10925670; Wed, 24 Jun 2020 22:30:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.198]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id 5z90IGrQqjXb; Wed, 24 Jun 2020 22:30:40 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Wed, 24 Jun 2020 22:30:40 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id B332420154; Wed, 24 Jun 2020 22:30:40 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id s9gwR6I48Qsw; Wed, 24 Jun 2020 22:30:40 +0200 (CEST)
Received: from localhost (anna.jacobs.jacobs-university.de [10.50.218.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by hermes.jacobs-university.de (Postfix) with ESMTPS id 4D78A200E4; Wed, 24 Jun 2020 22:30:40 +0200 (CEST)
Date: Wed, 24 Jun 2020 22:30:39 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
Cc: Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20200624203039.4jrmfqiyerccpkzh@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
References: <BL0PR11MB31224C35E1100037780F7DE6A1940@BL0PR11MB3122.namprd11.prod.outlook.com> <01000172e71ec86d-23dfc820-0f91-4f75-80ab-cdf0cb47760b-000000@email.amazonses.com> <BL0PR11MB3122AC25FCF3F06ECC30C7A7A1950@BL0PR11MB3122.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <BL0PR11MB3122AC25FCF3F06ECC30C7A7A1950@BL0PR11MB3122.namprd11.prod.outlook.com>
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/Roi59Jaf6aXyn3xNj3Xr1ILfrkU>
Subject: Re: [netconf] Comments on draft-ietf-netconf-keystore v17
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 20:30:45 -0000

On Wed, Jun 24, 2020 at 08:07:19PM +0000, Eric Voit (evoit) wrote:
> 
> 1) Already the draft “supports” the existence of a multiplicity of keystores.  Please refer to the exchange I had with Juergen on this thread regarding how my personal project does just this by a) NOT *implementing* "ietf-keystore” and b) NOT enabling either the “keystore-supported” or “local-definitions-supported” features, while c) augmenting in new leafref definitions into the “local-or-keystore” choice statements pointing to my application-specific instances as needed.   All this to say that it’s possible.
> 

True for some definition of "supports".

If the requirement is that we need to support multiple keystores, then
the container keystore should be turned into a list keystore. If the
requirement is to support multiple keystores located at various places
in the schema tree, well, then we likely can't do this properly with
plain YANG 1.1, but possibly with schema mount.

/js

PS: My definition of "supports" would imply interoperability. The
    current approach of "there is a grouping and if you tweak it
    enough it can give you multiple keystores" is not interoperable
    unless we standardize the tweaks.

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>