Re: [netconf] Pointers to major "crypto" threads?

Kent Watsen <kent+ietf@watsen.net> Thu, 08 August 2019 18:57 UTC

Return-Path: <0100016c729816e0-2c474f96-ffee-4aac-9020-f2821fe4480b-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 230291200B8 for <netconf@ietfa.amsl.com>; Thu, 8 Aug 2019 11:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELUn1qMeVPnb for <netconf@ietfa.amsl.com>; Thu, 8 Aug 2019 11:57:47 -0700 (PDT)
Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E8212002F for <netconf@ietf.org>; Thu, 8 Aug 2019 11:57:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1565290665; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=UlRvf4UgAr/CIIo90zI1J4r4JCEcuHhAbT1AVjSI8IA=; b=GbaWkqJlWH4P20R2IIp6UTxxuIO5ED7zMAPSlOPLIP7BCPYBN+7AtS0E9ABDu3sf vSL52n7CV0eJc1U3ETThiuRJ8A9QHh6SxnpvdMhu6KHLuwm68VuloyRM6NXhzviT2C/ 6Q6WhO9VANDfNLM0CL74kvWSgo2C6/jdS7QpNJbE=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Kent Watsen <kent+ietf@watsen.net>
In-Reply-To: <3BE70E76-AB66-4BF6-8FFD-A65F7294AD01@akamai.com>
Date: Thu, 8 Aug 2019 18:57:45 +0000
Cc: "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID: <0100016c729816e0-2c474f96-ffee-4aac-9020-f2821fe4480b-000000@email.amazonses.com>
References: <EB4BBC2F-161C-4AED-9C01-BFBB75C0D923@akamai.com> <0100016c71dc7c15-fd7a35b0-1414-497e-8ecc-aa59e239c628-000000@email.amazonses.com> <3BE70E76-AB66-4BF6-8FFD-A65F7294AD01@akamai.com>
To: "Salz, Rich" <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.08.08-54.240.8.31
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/SoWoW2tTCg1ZC6CzOvBBxW2wfEw>
Subject: Re: [netconf] Pointers to major "crypto" threads?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2019 18:57:49 -0000

> 
> 	• What do you mean by "the crypto objects" drafts?   Do you mean https://tools.ietf.org/html/draft-ietf-netconf-crypto-types?
>  
> Yes, that one.
>   
> I am looking for email discussion (I guess I can watch meetecho archives if that’s useful) to understand the WG thoughts.


I'm guessing that you have the same concern with this draft as expressed by others, and thus imagine the thread you are looking for is here: https://mailarchive.ietf.org/arch/browse/netconf/?q=I-D%20Action.

The NETCONF WG's ultimate objective is to define YANG modules enabling the configuration of the NETCONF and RESTCONF protocol stacks, for both client and servers (please see [1] and [2]).  The crypto-types draft is the cornerstone of a hierarchy of drafts supporting this goal:


                                       crypto-types
                                         ^      ^
                                        /        \
                                       /          \
                             trust-anchors       keystore
                                ^      ^------+    ^
                                |              \   |
                                |      +-----------+
                                |     /          \
tcp-client-server     ssh-client-server      tls-client-server     http-client-server
      ^      ^              ^                  ^           ^               ^
      |      |              |                  |           |               |
      |      |              |       +----------+           |               |
      |      |              |       |                      |               |
      |      |              |       |                      |               |
      |      +--------------|-------|------------+         |               |
      |                     |       |            |         |               |
      |                     |       |            |         |               |
      +--------------+      |       |            |         |      +--------+
                     |      |       |            |         |      |
                     |      |       |            |         |      |
                  netconf-client-server        restconf-client-server



Not shown, other WGs are defining YANG modules that import parts of the above.


[1] https://tools.ietf.org/html/draft-ietf-netconf-netconf-client-server
[2] https://tools.ietf.org/html/draft-ietf-netconf-restconf-client-server