[Netconf] update to client/server drafts
Kent Watsen <kwatsen@juniper.net> Tue, 05 June 2018 00:53 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4289E130E3C for <netconf@ietfa.amsl.com>; Mon, 4 Jun 2018 17:53:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6kxJRWJqDmX for <netconf@ietfa.amsl.com>; Mon, 4 Jun 2018 17:53:48 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32445130E29 for <netconf@ietf.org>; Mon, 4 Jun 2018 17:53:48 -0700 (PDT)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w550rl10023147 for <netconf@ietf.org>; Mon, 4 Jun 2018 17:53:47 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=ppebzOXuJbPT/yKUWFB2BTZ3KVnbdacxa7ahRFkSXDo=; b=k+FzAQMNiWmG+hSnGZO0xJrTcsj+XVfVtOHzLbmcg7ZfkogOXnY4/hWdLnXsXNoNMMmj oEsHrUcdk1tH6yOl7vIENlMB8Kb85zWVFKAslEtZmhk7YHxSxNFSsWeD6cN8yDhv6d33 MJhROaVKfCtFTwurLByAWuq7YKUBkpXFPQYkpJFUGbwg8sFwhM0Cz0ETuO45WSx2ihHB EfV5B6hmZSsVb0zQK4VGYu3uY/C2a4x29IaQ72s98W/4X6qb5/ZIlzXDyh4bT0fLhP9n wfYbwyvEjCDppe5wX1v+fu00FOM9sxWTUAr5FXD36MJxcvsWzvtbVVz9HiYCPewSSMCp WA==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0051.outbound.protection.outlook.com [207.46.163.51]) by mx0a-00273201.pphosted.com with ESMTP id 2jddqv88fu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <netconf@ietf.org>; Mon, 04 Jun 2018 17:53:47 -0700
Received: from BYAPR05MB4230.namprd05.prod.outlook.com (52.135.200.153) by BYAPR05MB4454.namprd05.prod.outlook.com (52.135.203.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.11; Tue, 5 Jun 2018 00:53:46 +0000
Received: from BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::95f0:e564:96c8:7f1c]) by BYAPR05MB4230.namprd05.prod.outlook.com ([fe80::95f0:e564:96c8:7f1c%2]) with mapi id 15.20.0841.011; Tue, 5 Jun 2018 00:53:45 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: update to client/server drafts
Thread-Index: AQHT/Geo6VNA3OVtn0motiIrMC2qng==
Date: Tue, 05 Jun 2018 00:53:45 +0000
Message-ID: <FEB7E46B-D28B-4C68-8B20-DB03BAB0FCC7@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4454; 7:fClvn9P2uZsMUz5rOi3F/PPlaSvc6TUH5LsUmCDXUwwHBzmhiaA49vJjGTHKpFU1cr0R5PEtXcUtatENM5YEQV4idkh+QA8WHGz1LTLbBkZRfgiJAaw4MsmwL9hUE0yuINOz4K9UnJykAaArs7PKyiPzxGMPAt/612A+i7G0WjM8pOPSRkwB1cav48R4B4fe+/IRFvqvWJVbrktSU7C/duyyTrUKk/vpHSUPG/jaC/RmyhjykJmMtPJxWhEFgpk2
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4454;
x-ms-traffictypediagnostic: BYAPR05MB4454:
x-microsoft-antispam-prvs: <BYAPR05MB445431E88D9F4A3CF8B94F09A5660@BYAPR05MB4454.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:BYAPR05MB4454; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4454;
x-forefront-prvs: 0694C54398
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(376002)(39380400002)(346002)(39860400002)(199004)(189003)(6116002)(2501003)(36756003)(5250100002)(8936002)(8676002)(81166006)(1730700003)(81156014)(99286004)(3480700004)(5660300001)(58126008)(82746002)(316002)(83716003)(2351001)(14454004)(478600001)(6486002)(2900100001)(7736002)(305945005)(68736007)(2906002)(102836004)(59450400001)(66066001)(186003)(6512007)(33656002)(26005)(5640700003)(25786009)(15650500001)(6506007)(3660700001)(53936002)(86362001)(97736004)(3846002)(476003)(2616005)(3280700002)(106356001)(105586002)(6916009)(6436002)(486006); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4454; H:BYAPR05MB4230.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: WLq0Ym57Rx8J0/exLUKdPyPvFeZ8pKxsrwlj9FujUAfTswrtccF4F9o6IRcMi6t9FTbWTmClfPLb82r7DTrOQBgqoFI5zl76RJnIDLrrxfZFj/vaZSaY2xakNMFVdODH/TqHui2nwwoLaSLdg7DOtTtIPwzp8M96GIq5W/bIkygxFgUcNT5sNdAxdHgjeIjm
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3B74AA0669910E469EFE191E137D3E71@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 4dd6a477-1bd1-4726-1022-08d5ca7ecace
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 4dd6a477-1bd1-4726-1022-08d5ca7ecace
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2018 00:53:45.8744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4454
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-04_16:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806050009
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/WFaBpEuGyIXtMTJT9UIGSNnPAuw>
Subject: [Netconf] update to client/server drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 00:53:52 -0000
All drafts updated! It looks like a big change, but almost all of it
goes to:
1) the introduction of the new crypto-types and trust-anchors modules
2) the resurrection of the keystore module, along with groupings
enabling keys to be locally-defined of a reference to a key in
the keystore module
3) reformatting all YANG modules to not exceed 69 chars/line.
To recap, the relationship between these drafts is:
crypto-types
^ ^
/ \
/ \
trust-anchors keystore
^ ^------+ ^ ^
| \ | |
| +-----------+ |
| / \ |
ssh-client-server tls-client-server
^ ^ ^
| | |
| +---------+ |
| / |
netconf-client-server restconf-client-server
I have some questions for the WG:
1) no regrets about trust-anchors being separate from keystore,
right?
2) are we happy with keystore's "local-or-keystore" groupings
(not too complicated?) and, if yes, should we have a similar
ability for trust-anchors (e.g., a "local-or-trust-anchor"
grouping like in the keystore module)?
3) should some of keystore's groupings be moved to crypto-types?
e.g., asymmetric-key-grouping isn't a keystore-specific
concept.
4) should trust-anchors include SSH host keys at all? Maybe this
draft should define two modules (x509-trust-anchors and
ssh-trust-anchors)?
5) should algorithm identities be moved from ssh/tls-client/server
to crypto-types?
6) should we add a "periodic" feature to the netconf/restconf
client/server drafts, enablings the initiating peer to
optionally support periodic connections?
I'll start a thread for each later, my only goal for mentioning
them here is to get people thinking about such things when looking
at these drafts.
Next steps:
My current plan is to update the zerotouch draft next, to make use
of the new trust-anchor and keystore drafts, in the example device
configuration module in the Appendix.
Once the zerotouch draft is submitted for publication, I'll swing
back around to these drafts, hopefully updating them one more time
before Montreal.
In the meanwhile, it would be awesome if you all could take a good
look at these. You really only need to look at the YANG modules
themselves, but I still recommend looking at the drafts, which
contain tree diagrams and examples that makes everything easier
to understand.
Thanks,
Kent // contributor
- Re: [Netconf] update to client/server drafts Kent Watsen
- Re: [Netconf] update to client/server drafts Martin Bjorklund
- [Netconf] update to client/server drafts Kent Watsen