IETF Logo Mail Archive

Re: [netconf] Create IANA-defined modules?

Kent Watsen <kent+ietf@watsen.net> Mon, 14 June 2021 16:22 UTC

Return-Path: <0100017a0b54a42f-d3785582-968d-4f2f-bf41-1ff336bff051-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42E4F3A29BA for <netconf@ietfa.amsl.com>; Mon, 14 Jun 2021 09:22:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvDGxXsIE17f for <netconf@ietfa.amsl.com>; Mon, 14 Jun 2021 09:22:17 -0700 (PDT)
Received: from a48-90.smtp-out.amazonses.com (a48-90.smtp-out.amazonses.com [54.240.48.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 415533A29B5 for <netconf@ietf.org>; Mon, 14 Jun 2021 09:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1623687734; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=ovwxxwdqTv5yKWf/97uzJgnSmAWAI2fQ75gDAo24BmY=; b=S5pHiPafPP9WV8mcgmYCG9F7JIU3NqClW/4FmUn+N/kaUR7hka+wP0WwrLmOElp5 KfyaTAKal45qLyRuzCDUibnYfCuiMZXqCc9zAJXRvRac8aALR2aDdasBLuV0d1fUqo+ y3KQ4zNAlQkHJIS1MG2saISs+slXvv9y7Y17Lb5M=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100017a0b54a42f-d3785582-968d-4f2f-bf41-1ff336bff051-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DD345D3C-EFE6-41C3-9A1B-7AE4FB6AA740"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Date: Mon, 14 Jun 2021 16:22:14 +0000
In-Reply-To: <MWHPR11MB203299C776C5D321886BD9ACDB359@MWHPR11MB2032.namprd11.prod.outlook.com>
Cc: "netconf@ietf.org" <netconf@ietf.org>
To: Qin Wu <bill.wu@huawei.com>, tom petch <ietfc@btconnect.com>, "Per Andersson (perander)" <perander@cisco.com>
References: <01000179aa118e62-0d8dd2b2-f001-4ff3-9d10-4b4e15098055-000000@email.amazonses.com> <5F969C92-1A1F-4983-878F-9C222C3DEC05@cisco.com> <01000179cfb08608-c708dd5b-c015-4608-986f-52d5d013153b-000000@email.amazonses.com> <MWHPR11MB203299C776C5D321886BD9ACDB359@MWHPR11MB2032.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2021.06.14-54.240.48.90
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/TTMwp3veeBixD5k3NwHL2gyoCGs>
Subject: Re: [netconf] Create IANA-defined modules?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 16:22:22 -0000

Thank you Qin, Tom, and Per for the responses to my last post…this message addresses them all.

Since the discussion has been mostly about *how* to create the IANA-defined module (not *if* we should, e.g., dropping the work for some future effort to pickup), I take it that folks believe having the ability for configure supported-algorithms is needed now.  As no one offered to help (:sigh:, and people wonder why this work takes so long), I wrote the attached script that creates the attached module directly from the data obtained from the IANA-maintained "TLS Cipher Suites" sub-registry of the "Transport Layer Security (TLS) Parameters” registry here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.  The resulting module is also attached.  

Tom, you will be happy to know that the all the identity names begin with “tls”  :)    Also, there are no “feature” statements, since there is nothing in the source registry that can be used to generate “if-feature” statements.  Out of the 347 algorithms listed in the registry,  310 algorithms are marked “status deprecated” (driven by the “recommended” column having value ’N’), and 7 algorithms are marked “status obsolete” (driven by the "SC-tls-des-idea-ciphers-to-historic” reference).

Regarding if to use a  “config false” tree or an RPC, Per makes an interesting point about “must" and “when” expressions, though I do wonder how that would play out in practice, as said expressions would (presumably) be defined under “config true” nodes and hence couldn't reference the “config false” values?  Maybe Per could say some more about the use-case in mind.

No one responded regarding if we should use identities or enumerations.  The attached sample module uses identities, but it would be an easy thing to change the script to generated enumerations - thoughts?

Again: if “identity” statements are used, and the module is *implemented*, it would NOT mean the server supports all (or even any) of the algorithms. This would only be known if the algorithm appears in the “supported algorithms” "config false” list.  Does anyone feel this is a misuse of YANG?  IMO, YANG identities needing to be implemented is not very useful in practice, and so I don’t view that as a negative in the slightest.

K.

v2.23.0 | Report a Bug | By Email