IETF Logo Mail Archive

Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types

Kent Watsen <kent+ietf@watsen.net> Sun, 29 January 2023 02:19 UTC

Return-Path: <01000185fb52d9f5-7772ba8d-c2f8-465a-9c9b-0e37f39bd6aa-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDA78C14CE2F for <netconf@ietfa.amsl.com>; Sat, 28 Jan 2023 18:19:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dEGAMAbPxfPm for <netconf@ietfa.amsl.com>; Sat, 28 Jan 2023 18:19:50 -0800 (PST)
Received: from a48-94.smtp-out.amazonses.com (a48-94.smtp-out.amazonses.com [54.240.48.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 710F0C14CE28 for <netconf@ietf.org>; Sat, 28 Jan 2023 18:19:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1674958789; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=5Dtc8HXsEse04jeB97SDA8n3FwWDj83OAPAq6mFPcNQ=; b=MAkawmDB+Td1cWv8PcYrZ9/IeosGN8X2MZlIOynTr+1H8rDGu4snXaCeZPmMu0nI TCUSoP3svZEZb2nIaBqqA562w4rQekE1v5mDSU6N2IymLm0czr3vt+HAxI7EnnFD7Y5 3761f0eVob76p2DHYbV14xauZDWekovt0Ul1wR3A=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000185fb52d9f5-7772ba8d-c2f8-465a-9c9b-0e37f39bd6aa-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F9A9BDB2-6021-4C44-801D-506B56F33995"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Sun, 29 Jan 2023 02:19:49 +0000
In-Reply-To: <AM7PR07MB624814A8E0C4A0CA86B2F3CFA0FD9@AM7PR07MB6248.eurprd07.prod.outlook.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
To: tom petch <ietfc@btconnect.com>
References: <BBA86E54-570B-4257-A67F-CBBD37F62CC6@gmail.com> <010001850717709c-1c366be3-81ff-461b-a35e-6ccf83b98a52-000000@email.amazonses.com> <AM7PR07MB624814A8E0C4A0CA86B2F3CFA0FD9@AM7PR07MB6248.eurprd07.prod.outlook.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2023.01.29-54.240.48.94
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/TP8clDFkG3tcOmzm4yr2lq7E9SU>
Subject: Re: [netconf] More comments was Shepherd's comments on draft-ietf-netconf-crypto-types
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2023 02:19:55 -0000

Hi Tom,

Thank you for your review of the crypto-types draft.
Please see below for my responses to your comments.

Kent



> On Jan 12, 2023, at 7:21 AM, tom petch <ietfc@btconnect.com> wrote:
> 
> Some additional comments unrelated to those of the Shepherd
> 
> RFC6960 is in the module so needs adding to I-D references

Added as a normative reference.


> X.690 in the module lacks a date which makes the reference ambiguous

Added.


> X.690 in the I-D Refs is -2015.  This is not the latest version - I do not know what has changed.

Updated both X.680 and X.690 to 02/2021 (the latest)


> RFC6125 has a bis in WGLC

But we're okay with the current version - yes?  Do we need to MISREF?

The bis doc:
https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/
Service Identity in TLS
datatracker.ietf.org



> The IETF has abolished the page number which makes s.2.2.1 10 pages of stream of consciousness.  I suggest introducing subsections.  I see some obvious places for them

Subsections added.


> In the same vein I suggest including the subsections of  s.2.1 in the ToC. 

I like the ToC as is.


> I find the use of -grouping in the identifier of a grouping prolix.

Could be, but you're the first to mention it.  I'll note that I started doing this as otherwise things get confusing when scaling up to large models...


> 2.1.3.  Typedefs
>   The following diagram illustrates the relationship amongst the
>   "typedef" statements defined in the "ietf-crypto-types" module:
> Well no it does not illustrate for me without a crib to tell me what is going on

Added word "hierarchal", now "hierarchal relationship".


> s.2.2.1 
> OLD
>   The diagram above uses syntax that is similar to but not defined in
> 
> suggest here and elsewhere
>   The diagram above uses syntax that is similar to but not the same as that in 

Replaced with suggested text.


>    feature p10-based-csrs {
>       description
>         "Indicates that the erver implements support
> /erver/server/

Fixed.


> OLD
>        How the associated algorithm is known is outside the
>          scope of this module.  This statement also applies when
>          the octet string has been encrypted.";
> Seems clumsy; I suggest
> NEW
>         The identity of the associated algorithm is outside the
>          scope of this specification.  This is also true when 
>   the octet string has been encrypted.";

Replaced.


>     grouping asymmetric-key-pair-with-cert-grouping {
>     grouping asymmetric-key-pair-with-certs-grouping {
> These are both described as
> '         Implementations SHOULD assert that certificates contain '
> ie plural in both cases.  
Fixed.

> I think a more comprehensive description is needed of what the difference is between the two. 
Made description more comprehensive.

> Also, here is a case where that terminal -grouping is not just redundant but is likely to cause errors.
>     grouping asymmetric-key-pair-with-cert {
>     grouping asymmetric-key-pair-with-certs {
> would make the difference slightly more obvious but depending on what the difference is meant to be, which I do not see in the description clause, I think one or both identifiers need changing
Updated the description clauses.

Kent


> 
> Tom Petch
> 
> ________________________________________
> From: netconf <netconf-bounces@ietf.org> on behalf of Kent Watsen <kent+ietf@watsen.net>
> Sent: 12 December 2022 16:07
> 
> Thank you Mahesh for your comments.
> 
> See below for responses.
> 
> K.
> 
> 
> 
> On Dec 4, 2022, at 10:40 PM, Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>> wrote:
> 
> Hi Kent,
> 
> The YANG Data Types and Grouping for Crypto Types draft is short, well written, and easy to understand. Thanks for including plenty of examples on how to use the model.
> 
> There are however a few minor comments that would nice to address before forwarding the document for AD review.
> 
> Thanks again.
> 
> 
> Section 1.1 - Relation to other RFCs
> 
> Now that the set of modules and drafts in the “client-server” suite of drafts is known, can the language in this section be updated to reflect it. Specifically, can the second paragraph be removed or replaced because you list the drafts (if not the modules themselves) in the dependency graph.
> 
> Removed, and cleaned-up the language in the next paragraph.   Now reads:
> 
>    This document presents one or more YANG modules [RFC7950]
>    that are part of a collection of RFCs that work together
>    to, ultimately, enable the configuration of both the clients
>    and servers of both the NETCONF [RFC6241] and
>    RESTCONF [RFC8040] protocols.
> 
>    The normative dependency relationship between the various RFCs
>    in this collection is presented in the below diagram. The labels
>    in the diagram represent the primary purpose provided by each
>    RFC.  Hyperlinks to each RFC are provided below the diagram.
> 
> This change will effect all in the suite of drafts.
> 
> 
> Section 2.1.1 Features
> 
> This is more of a nit, and would not mind if the comment is ignored. Can we remove the leading | (pipe symbol) in front of the sentence - “The diagram above uses syntax …”. The same is true for other “tree diagrams” that follow RFC 8340 syntax. I do understand that other documents in the cluster follow that format, but it is not clear what the pipe symbols mean or why the text needs to be formatted differently from the rest of the text in the document.
> 
> This is how the <aside> element, in the xml2rfc file, renders.  I wish that it rendered as a box but, alas, such is not the case.  In any case, Juergen made the same comment before, so it seems pretty annoying, so I removed all of them, in the entire suite of drafts.
> 
> 
> 
> Section 2.1.1 Identities
> 
> s/format that key data/format for key data/
> 
> Fixed.
> 
> 
> Section 2.1.4.* Groupings
> 
> Most of the grouping display an abridged and a full tree diagram. But the difference between them are a few extra lines. If the diagrams were truly different in size, i.e., the extra number of lines in the full tree diagram was more the size of the abridged tree diagram, I could have understood displaying both of them. Are the two diagrams really necessary in every section?
> 
> Not necessary.  I just removed the "expanded" diagrams.  Now this draft is more like others in the suite of drafts
> 
> 
> Thanks again,
> Kent // author
> 
>

v2.23.0 | Report a Bug | By Email