Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-23.txt
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Thu, 26 May 2022 08:20 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7BF5C14F73D for <netconf@ietfa.amsl.com>; Thu, 26 May 2022 01:20:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBdc5mE1RFQ6 for <netconf@ietfa.amsl.com>; Thu, 26 May 2022 01:20:43 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on060b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::60b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45032C14F73E for <netconf@ietf.org>; Thu, 26 May 2022 01:20:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X0HNc66fR5YJxugb3R8rH7OwHBO69VzsMUMY3lqOyCnc3+yYuP9PrHWQOwN8TmNC5OLZyF1qaGEVwj3fn60jOJ4Qwvcn/Z5oKyzy0Ae8P++0S6OvChLvtgSk2g4bDZG123imKRI8LfVz3jJDtTq7enntk6o4ZkUlgBzopfROzw9ZUcehj3AcRoCvAbhC0bRy3WiUQIsrDOwsdAWM1LUHqHECFQWvan6yB38xaYQWYN7YQjNLrQvDbZXzY4NPULT3Ba63GK2S2tDcYLJqGxIijutSVzsirfi/7m+iJUgvPnX0sBzHNp/ngZHohhIakatr8tzIgSW5aWvNIXZQtb1oFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VgfxQsIdaUiInkH1+2AwEsRKrhHkAhpqKXUzD5uGCO8=; b=bwhGs6WZdRp1Z/3KIQqT59LcrC3lfFZXVq8Bx7fp4cva9ITTzd6yUDhKDJkevz/idPMvfsf74mO7tew5myNDElvXCsxt8XgwW1KN2eIHbjfsTs7infvvX9JnnEEZg2b9vIdtosFNZxT/BaFmLH7n2OdFlXN4DH49eUsCDoP31fdKxYaJpaxvziGoTTgYElJFMX9MipSjWXmk1Gi9okSZGI4P/TXk2wCXZuDtQIh1z+vdtq1ohH3htYePYsgc+fOwqyRn8mIOUx0D93EFqpIXA4p4/80Ifsu3+waYyRHofm/8prXOqu3JWCGB23kBU9ckCPcM74Xi2mcIfNHVZkfKtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VgfxQsIdaUiInkH1+2AwEsRKrhHkAhpqKXUzD5uGCO8=; b=zo1dhUbxasAYQiW7N2F9y4+m9jwYLsyLEigiJDzpGWRThup/V5NX53I8O4dzrubHpIt8wdDO+MT552xZcn7zeDIvsnfJbsQq90+nB8fP/cDrjVb+oX3knNRAzIlatHRaFtIrQiMuTrmXCDV9BwS6ihsimolF7sBVEo1hL16TRXbLBJTCMqbqaVLIdyCIVy3l+kelqwRAP35wRrtRX+TQaOaPOVTgqcZcvCSoQEkoQlR3NZsDW6aHEz+dPaR+rGQHpfA/MWAyfRE2GS4EusFntkK4ydnQJeNVQKEa8OZV8vJzaUs32YCOYym/2ZTUZKwCn+/AAieBJfTwcd9EFqyp6Q==
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:7d::8) by DB4PR10MB6216.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:383::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Thu, 26 May 2022 08:20:38 +0000
Received: from GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97d:3f6e:909d:fbd6]) by GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97d:3f6e:909d:fbd6%4]) with mapi id 15.20.5293.013; Thu, 26 May 2022 08:20:38 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>, Russ Housley <housley@vigilsec.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-crypto-types-23.txt
Thread-Index: AQHYb9vZDHe8uj0KKkitJRMj7IukRa0vNfdwgAChgQCAAPOS0A==
Date: Thu, 26 May 2022 08:20:38 +0000
Message-ID: <GV2PR10MB621081D32898AFE5BDCA9CC6FED99@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
References: <165344424906.49053.17666786351914063450@ietfa.amsl.com> <GV2PR10MB621090331EDB0C6E5BE4761FFED69@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM> <01000180fc3b0d6b-c249c60e-eadb-4e4e-8500-a9321242efd8-000000@email.amazonses.com>
In-Reply-To: <01000180fc3b0d6b-c249c60e-eadb-4e4e-8500-a9321242efd8-000000@email.amazonses.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2022-05-26T08:20:36Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=d3f36e21-f68f-415f-903c-27c0a4f16583; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6e136e5a-f7d3-4e7b-f1d9-08da3ef09d8f
x-ms-traffictypediagnostic: DB4PR10MB6216:EE_
x-microsoft-antispam-prvs: <DB4PR10MB6216A715DFD4B88E9F7C247CFED99@DB4PR10MB6216.EURPRD10.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EQaV+KzrRuDRDt9jX10T5lEvqhwxDTKUVhGA4eMhk+XRDiBdVxTbnkYJO+JXP7x4CqcnOeGAVvq0bMwDYW9b6eJJZDL6Lm9W3AVlXIYxcIVXOJTFn0q7onB+Zdgg6ljNPQC24KEUsS9rWKpPC4rflshOg/XMRUr2a1lMtpHnZp18rnBX28a8qrwLO4eNmvZmAncmF2/EC2FrCpi8e+cls9PuMiWztTiRrOM75A4mnC1W0MZJlceEtPnJpfx0ijYsJ8eX8885K9CIbgr75dcbe4uVU/Rg32Y1XDirSEbEFy//SdKpueO3Z2hwYzfHfGmWJHlvrUYSn9BknFG3ESaVpYr9s58vWU6/nif8U5O00fyAmREipOfceFfLBWqY45fSBlgtBmMKL3gB48qjCvntHVA4tvZGcZ/3aERNwyz1NyNZZLJ0nLc8BRdl4Ngxc/jAjseCCSlQ8tKWvnT+w9f7s7SYgixZAzswcO9KCWsYkOEdxD1QsMTKnU1ytDtaQryB8iArmEA/g40nQVv/aITpxNc48h/C7dsO4Gwy7AOq3XMdNowCtO302Y7xNv2t2YFTDMUvEy1WwdV+mYmTAGRWtyELJcs6/ug95anhqykCo76gIzPe1bndGXQIASrYGXnuf92T5HyA+yRkxFgcLBsmcIb3gCgBn2pqDpoL+BBh3qtQZvpCfMa/A2yjUSyS4KAe4QNUon7I9NzbR9XzW0KP9g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(2906002)(66574015)(66556008)(64756008)(83380400001)(66946007)(66476007)(76116006)(8676002)(66446008)(508600001)(4326008)(82960400001)(38100700002)(33656002)(316002)(54906003)(53546011)(7696005)(6506007)(71200400001)(55016003)(186003)(86362001)(9686003)(26005)(5660300002)(8936002)(122000001)(52536014)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FOPIM60CdxjIMY3wWPYpHFiziCaWna3mDnJJNaN8N3IHTA9ivyQuIlNEzlTuM2Mv9IkKP1ru5ZjdXFE6Q4G1X9GJSwf8Ac0njDsumBf/NcEIEGX055W7SgN1hvXltS/xaUXtwncirlYAvpKk9z34RTqVJf2jAEyOWFAEizpfqcdAV7aVztoNHJaC79yXaBu84ylT8f+w1WyKRLgDTHEreqW2xLsE0fHD8eWd685+6cjBIl1qbKxKLHjii3jUUcjd7IcTOtfmrIHaol+frbZvM7LxHtfMiFOJMfJqCwcjXcxj/nhjpCgLrY+pIkkCZACXAAEHUoDI/BUvyj4/EvU+iCLL5m016hKR49kDjGvu14UgUNXFyPvoZSyLPGhtgG8Rr+gR+ctIqG2hZmks0QAuhvbZ7WzHd1dZq9gZlgsOx+roSQ0PUdCIToEW9vCNdQ4q2qMvzYfYwQdJV6fDjb7sf4NOEnJ9pPfmvlDCg9fbAHpx2aPdBFKSMTbCaN7p1jENzzt2ch0AMviYr8cgHsv1O5nAD1fHJ9aX74cBeRIGU1CZd98glpwNUGA61FaF7MgWMkiGqhnBs9rXYKgYtnpdz5ZSWSdGLyhpgRpAH0mGez8TVn6fJwafwhbOgImFA1Ypsd1N6DOF+uIISiT3cNnrM/AU5Mxu2QbBGbouKjuguqynsvFDabxsu26KjUnEBWNunW82pPECUooW/XtGaX6EF+vE3GWckrsqpMlh2ENSCIDHa2Q8aHtUC8K+4MJpyjpvm/bcVwz6YAyAKFy8jZaSgEEceU35YQMBptRqI4/5nFOvcCeaSBUnNEwwYF/XvUIR/Kdzy+FLU/g4VJp+s0VzY8Yqq43XpJzwx3Dui3ikwBftIdOI9Uc2MrZnTn8im0LpvXpo2O3iMiy1sgGDEH2FaQfVuqPO0N1MiZWppGlYoA/W2Hfm2wFdZ2poxWK44ysCOTpTi/mQulTGH6rVGTN038bUt3FC4kYXfjEWZQb8Ncs+0/HTRKqIQEEkNisy3TMJOq8O1U5Ls3QGYvCzuk/mQDd45DegTDl3kX7paT5GfPPIen57HSG1yUyVpJCGgaNWcyiSNs5VB7ofEHmrE3/+XhhBwk4NPcEC0cCsKSymgrM9/a0fHxzFHsTKhQvPP2pe4bopGBtIiKMseD2kRiIFrMLc88IpNtQE/unR3fr/FQWwmNRlmV3kOytaxmJpfjg7uQK6a6oneuEwUE3JO186EcrokYDxWhugsJ8FIPSwK5jE03tyjFL01yWF+VHyBN4z+fVpqQkcO1Uiovo+1eGq7v2KyQnqvHNuU7ChRlz2ZXPBQEc+naW7jRWDVn9t9WPgtUlDxqGNqCM0P03mLCz8JdfolbxudJWpYtzC++HZdp4UcXJKh2VoE+oYtLRNcrCCPkCkUAJVWEoEwzY7xwxx5m8/G3s8jhW/5UmHxtgq1Cw1xuX9rs/NEahg9xBTUsYmD7T5F9U+5we4JmugAbqb2408vhnngb9oa9juEiemBcktA4xQ4STj4e3cfMkJMPLFOEiqrQJpdWKC/5SA89xftk4B9TxnAvweGXCDakee0MdWDvM5qjywLqmUm+jEZIFV3pD+mA1SsUbAJhVKrYTiBwAxgJII3+vPJesjI5qURSeHWM/9nPAsdaPMtX6GFn/K6wABeirkvKoGezN8bPECl5umz5fqMKczvWkdOLoaZvxRySv1r13kzNmnhvrvQa88NeXYYJ16K+h2Mhpd3gFwF0vM17OdF4KS/h+7uPvmGdM=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e136e5a-f7d3-4e7b-f1d9-08da3ef09d8f
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2022 08:20:38.2251 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3Y1NcV1mHOuKZr7yOgQUy40zXYclkiiGVpYbdwmP1kMxo+EaREH2uOxOXVwuqvLyuugLziYfjo0gi4oOzRJvCzSAJ4mX+gyfD2KdwOvsAoE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR10MB6216
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/4MMWiA5d1qC9xWEPoGMo4CyCPhk>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-23.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 08:20:47 -0000
Kent > Von: Kent Watsen <kent+ietf@watsen.net> > > Hi Hendrik, > > The requests to add support for CMP and CMC were made to the sztp-csr draft, so no cascading opportunity in crypto-types was searched for, including any possible opportunity to more aggressively refactor parts to crypto-types. Thank you for the explanation. I was aware of module ietf-ztp-types and provided input regarding CMP back then. I was not aware that crypto-types is addressing the topic of certificate requests as well and I was wandering why there is no reuse of what was specified in ietf-ztp-types. But I have to admit that I have nearly no experiences with neither YANG nor NETCONF. > > The sztp-csr ship has sailed, but I'm not opposed to adding CMP/CMC support to crypto-types, especially if you can help out. If the group wants to add CMP and CMC I am happy to support with CMP expertise. What I like about CMP and CMC requests is, that they offer a close binding of the CSR to the requesters identity by a wrapping signature or MAC. > Roughly, we'd want to map the following sztp-csr groupings to crypto-types's YANG as follows: > > SZTP-CSR Grouping | ietf-crypto-types > ---------------------+----------------------- > csr-support-grouping | feature statements > csr-request-grouping | "input" parameters > csr-grouping | "output" parameters > > Kent // author of both drafts Hendrik > >> On May 25, 2022, at 3:57 AM, Brockhaus, Hendrik <mailto:hendrik.brockhaus@siemens.com> wrote: >> >> Kent >> >> There is the grouping grouping generate-csr-grouping for certificate signing requests defined in this document offering usage of PKCS#10 format. >> This topic is also addressed by draft-ietf-netconf-sztp-csr with the grouping csr-support-grouping offering PKCS#10, CMP and CMC request formats. >> Is there a reason for the overlap and for not just reusing what is defined in draft-ietf-netconf-sztp-csr regarding CSRs also in draft-ietf-netconf-crypto-types? >> >> Hendrik >> Von: netconf <mailto:netconf-bounces@ietf.org> Im Auftrag von internet- mailto:drafts@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG Data Types and Groupings for Cryptography Author : Kent Watsen Filename : draft-ietf-netconf-crypto-types-23.txt Pages : 63 Date : 2022-05-24 Abstract: This document presents a YANG 1.1 (RFC 7950) module defining identities, typedefs, and groupings useful to cryptographic applications.
- [netconf] I-D Action: draft-ietf-netconf-crypto-t… internet-drafts
- Re: [netconf] I-D Action: draft-ietf-netconf-cryp… Brockhaus, Hendrik
- Re: [netconf] I-D Action: draft-ietf-netconf-cryp… Kent Watsen
- Re: [netconf] I-D Action: draft-ietf-netconf-cryp… Brockhaus, Hendrik