IETF Logo Mail Archive

Re: [netconf] Comments on crypto types presentation

"Joe Clarke (jclarke)" <jclarke@cisco.com> Mon, 06 April 2020 23:02 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2210A3A0E84 for <netconf@ietfa.amsl.com>; Mon, 6 Apr 2020 16:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FPBIuulO; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dhAOpugO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TWpxal5osabs for <netconf@ietfa.amsl.com>; Mon, 6 Apr 2020 16:02:46 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 934E13A0E7F for <netconf@ietf.org>; Mon, 6 Apr 2020 16:02:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2362; q=dns/txt; s=iport; t=1586214166; x=1587423766; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=egZ4s/4iOX2nIFUUMcAG+a+81beAOySej5bTbKwTR2k=; b=FPBIuulOcX93iV+stdJGtQRwRjJyLdGXmy988AFUAs5FJJqj3ENKFcfg 3XkauZebeeW9qc267zo3yq7z3Zbp/cCDlBWvWmvwQKxbU/1mqOTGnu6RG aNKZW26lh+YeXkNRDL1kJlHyG1u4XWtbZgLDa2gWjYoQMCWt63RVsXrYn c=;
IronPort-PHdr: 9a23:tZRlDxRmwgX3WdZCWWbgxYJNVdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOi4xGM1YV1JN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BZAQB2tIte/5FdJa1mHAEBAQEBBwEBEQEEBAEBgWoEAQELAYFTKScFgUQgBAsqhBuDRQOKZYJfmB6CUgNUCgEBAQwBAS0CBAEBhEQCF4IyJDcGDgIDAQELAQEFAQEBAgEFBG2FVgyFcAEBAQECARIREQwBASoKAwEECwIBCBgCAiYCAgIwFRACBA4FIoMEgkwDDiABphcCgTmIYnWBMoJ/AQEFhUEYgg0JgQ4qAYpugUQagUE/gTgcgk0+hBgeFwGDEjKCLI47gkmgHgqCPZcqHZwCqCSDOAIEAgQFAg4BAQWBaCOBV3AVZQGCPj4SGA2OHQwXgQQBCAGCQopVdIEpjiUBAQ
X-IronPort-AV: E=Sophos;i="5.72,352,1580774400"; d="scan'208";a="661494888"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Apr 2020 23:02:45 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 036N2jSq022620 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 6 Apr 2020 23:02:45 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 18:02:45 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 19:02:44 -0400
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 6 Apr 2020 18:02:44 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cmbyb9vCRZwdZ/2H2N51zcqkbGSwhiHfViiEbP5bvgA45xPOBgA2ActnXJSNgngdLaOkXMtt5wNfUs7MaC5htefKCqjvhM4DD4SethsXkTM5h3nrHh0zyZ0DwzI2SeggF8K/d1XSHOPlAOhtfUbEVvGnbSywxd536HkeIPFgrats1Hh2P2ZTq1WPA+9jP3i3d8aIqaL5ty/YEFGXOG0zrKAzZc0T0FI0TMblWcdxMLIZZ0wb2csTf24kqrEeB0WxqbRtGdVyw/bA8wv+KYqKDqH7c9egvp7L3/uovsbwLCZtKb4+GXbppU5eBTSAXc5rs4U0NeHotmnqnD6g4rgm8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=egZ4s/4iOX2nIFUUMcAG+a+81beAOySej5bTbKwTR2k=; b=WTR8Kob89voM1fponIeGfF11CZiBlxOJH1G15nqr5A6HBOWONWjkpmaUGCY7DkjxFT60EJh11BzZBVT8LigSmngwADqo8OSAWwzK/yVUcsKNx09taaB0aai7hOHFdtINI6a4XpZeF/UfMGIabICPOJFqMfILt7sIlCfiu7mbvLOCgK6NZAVCF8B/GHLCYXDuIwC43qQsaQOeaz6+ynBisvhBanEF6+irFztdxl+ayHtzlWS7QgKDDpqa6DcIIHltQoOMDMegm5nnhP79D8YQ51O7x6ngC5qeWLBBpNJDrV/iESC/BTiTXX1dTi7YY4VODfN86oNoG7PfTxvhnaVFig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=egZ4s/4iOX2nIFUUMcAG+a+81beAOySej5bTbKwTR2k=; b=dhAOpugOy7zaptRyE3kaBBS5yiQpeep0XjcmOtwSe6P2j5FqOdDvECeHzkiis8eUiT3fAm9Ury+DqogQWwrkSURhYAsrhQGQbINpnMJSI9LF8D+8EOUrBzBNtV1reVs5iEeAL4b+d2g+xZjNwyLaqUrNXxxu5cf4g42JtIch3Co=
Received: from BN6PR11MB1667.namprd11.prod.outlook.com (2603:10b6:405:e::12) by BN6PR11MB4099.namprd11.prod.outlook.com (2603:10b6:405:82::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Mon, 6 Apr 2020 23:02:43 +0000
Received: from BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::9dc8:a67:89cd:a2d2]) by BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::9dc8:a67:89cd:a2d2%12]) with mapi id 15.20.2878.021; Mon, 6 Apr 2020 23:02:43 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: Kent Watsen <kent@watsen.net>
CC: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Comments on crypto types presentation
Thread-Index: AQHWDCEhdGhVupCWjEWnQjV3FzGLbqhsOTkAgABufYCAAA76gA==
Date: Mon, 06 Apr 2020 23:02:43 +0000
Message-ID: <4F303A77-BF54-444F-800A-A7E464CB7FDA@cisco.com>
References: <DBB45843-C6AC-476E-93CD-2631A2573F3B@cisco.com> <20200406153338.dgh5zlbdomctzbop@anna.jacobs.jacobs-university.de> <01000171518a37da-e2c4b56b-dd75-48e7-b735-94e5eb39edf3-000000@email.amazonses.com>
In-Reply-To: <01000171518a37da-e2c4b56b-dd75-48e7-b735-94e5eb39edf3-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jclarke@cisco.com;
x-originating-ip: [2600:1700:b00:b239:d1c4:153a:ff4d:8bfa]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3041d864-1571-44d2-3e90-08d7da7e9d65
x-ms-traffictypediagnostic: BN6PR11MB4099:
x-microsoft-antispam-prvs: <BN6PR11MB40999EC284EE5BA2BE911129B8C20@BN6PR11MB4099.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0365C0E14B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1667.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(346002)(396003)(366004)(186003)(8936002)(5660300002)(2906002)(66946007)(54906003)(91956017)(66476007)(86362001)(36756003)(478600001)(316002)(71200400001)(66446008)(2616005)(6916009)(76116006)(66556008)(64756008)(81156014)(6486002)(81166006)(6512007)(33656002)(4326008)(6506007)(8676002)(53546011); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: MGVax9Lc+4FF6A26wVjZymjhTNdgG/1n+qGfLtqoORb7Fy573/RmSRrIlwqylwCHS0eg3h/jm1b3aqS7t0Yqi8GL9aCYetrWnqZGDthtpnWpdIMwntZBTc/FS8kIi52bCSQhHr8AanO3sTf5LN2b+t48Zbrv88Rf1PiLFaggvIElcZskpOLZMSt9D9oyN0gRApd/xrkvKZlB1rZdWUbYCMkSUXIclaGNBpyQK2hib/G0F9jqOMFELtt0mRmifAgCWxZd1g1F6A/73MdPh6e8Ij1EBgM3iVABK2jBv8xiGB+tp8ro5pbXdv/sSXhdFDuAHiLZjDW9/I53AhmwzANUCCH+vsL0o7OYLVacTwjZxIiDtsII2h1ZH0u7srSGYF+JMJI6wgCXgXdkw3TbMrmoVfbThTe2gcRutandTYLUZENS2LCi06MsZLkmu78FGiZC
x-ms-exchange-antispam-messagedata: D9CFzSsohNoUnYBYu54Vcz0HAQoBJBTf3qh4/GYfUN7Q8oXDOQOg7ubZNcdTj38g2ajQBxhqlJ4O22Ydp4YuyBVMvWJuECDPe3BkG55PROySeo09bdDMXskwTGgiIFmayK6yK3TfpqTmQczR6bkEdibSmh35pzEMzC0OsW3DDZHd6meu6LO67L1yqMAEWlt+86MxVkWPVUIrJ2Y0QyMByw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <696666C5CCDC71449811626A8AF0076D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3041d864-1571-44d2-3e90-08d7da7e9d65
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 23:02:43.5707 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D2gC+bxkHiZGqdN9rNlDlDkkNoKELl3CA/omUnb7GxUoyJSiyT4Y+Y/8lnEUR7yQIkJ8tYHst12IpDxp6qJUiA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB4099
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/V_aGoJzZCUi2jiDrc8dNdDWxHq4>
Subject: Re: [netconf] Comments on crypto types presentation
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 23:02:48 -0000


> On Apr 6, 2020, at 18:09, Kent Watsen <kent@watsen.net> wrote:
> 
> Hi Juergen (and Joe and Jason),
> 
>> Just for clarification: If we do #3 now, we can still do #2 later?
> 
> Yes, as far as we know, the “algorithm" id can be added later.
> 
> Assuming existing versioning rules (Sec 11 in RFC 7950), the “algorithm” node would have to be added then as "mandatory false", which might be okay.  Of course, the YANG-versioning work (in NETMOD WG) should be published by then so, in the worst case (i.e., it needs to be mandatory true), the YANG module could legally introduce the non-backwards-compatible change.
> 
> 
>> If the answer is 'yes', then option #3 is attractive as we gain time
>> and hopefully implementation experience and we can add protocol
>> specific key generation RPCs in a second step.
> 
> Indeed, time-to-market vs completeness.  However everyone should be aware that the deferral would likely be  "a few years", if not more.
> 
> I’m personally okay with that, and perhaps even prefer it, since it more quickly gets the monkey off my back.  
> 
> Devil’s advocate position: not supporting keygen would be a disservice to the industry as whole, and there’s something to be said for striking while the iron is hot.

I agree that having it is a big value.  That said, I’ve watched this work go from something that seems like a quick close to something very drawn out.  To that end, it might be best to ratify the client-server work as it is now and add on later since it seems like that would be possible.

Plus, based on your comments today, it could be that others will step up who may have a stronger motivation to provide this to the industry.

Joe

v2.23.0 | Report a Bug | By Email