Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Wed, 23 February 2022 08:44 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03C73A07EE; Wed, 23 Feb 2022 00:44:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 973Dshnf4RMI; Wed, 23 Feb 2022 00:44:28 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::60f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86CEF3A0B0C; Wed, 23 Feb 2022 00:44:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jcBMkubYFFw+MLCJc2sgBj5cRTLzkJu8oX9bTyzdLgBWHUuLUqP9roixaos9LyC99Nq/h/Ia1dzAsKAPQOiQRJY6eEli4NlrernyEvGZqq5ShihVYOmbn/CmA/cYjy7mAqTMHnrd6kcULfOBW/rDDiRt/NYoPNpkoQmVecaCnQ4mUYS22heW5cHM1feX2lrrmoM+fJw2iDn5Mrc7jJy/dEHtgXimsb7ndSq+znjmEk0QyEn2R0rF5kq9D0jmcuqIxCBCrU0ySg2cSrhqsXxQ08Lgw4JblBuU5O4JPgvjXehMsqzwXGIhSZ/CItRN7Bso+VHWZLIjjKDL56UUHS4xpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mPtE3LtSdqZNxFP00WIvAmywIon0KPLcu4zPsKaYRbA=; b=hTlWyMqntxm0mcuuNddnf7qK3NtMNOoTsKpNgRzC9lbkt5SeZgFj7XDV7f3QrZz4beG+9TGkWlVbyelNFbGBJgUcnUj/tfLHWHzt7gFyRfXpTvOG+M4WGesHdqIiEZaemmG2ovmi1vE6jixTNhuMSLucR/lTdSTonWHlzcCw0KyAUHYPtFQ7rCXJIRdff+c8M4kiwJ/ZZOz9tjoPiULqhFnHV4S1LejCcMAH39x7T9ZFsZ6EywBOyIKucGUqLOiw3dbojthZGhNIdc7+9GIq3CPf6/8FNdiWoAfeN+aWVHuusFc8sv0Z8DOjHErAVsocn8rwdEvrG2EwlozAGXtciw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mPtE3LtSdqZNxFP00WIvAmywIon0KPLcu4zPsKaYRbA=; b=uhY2Csf0C0bX/+PMaDrOSHMzU0TZPwL5+KLp5nvHB0JSUSNUORDUZWlqC9lVg0S1UPprl1yL9kRdxqw2VagrzMCYNjiUnywW1FXPo702hYz9Th317GQumVSnlFpxakb/W1vNvZJGy57K4taV31Dwhf5CxsyjRwpGiI9EGolCTBEigtFUzkuUVPFyNXz/MF5gAg3fEfvYrps4WQ/XOFenJUOD4kQ3Eo+zMTfpyVbMIiP12N2M/N2ZJycGGTWUg4gBlKbCk0YCnFTXUq/wA9/w1kvvTk1IRuZ4l+zegjQag56iS8h3TTWZNwCT8Y59ynxAUDi8lhbbgIpfCSFxQExlgw==
Received: from DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:4:b1::18) by PRAPR10MB5423.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:279::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.26; Wed, 23 Feb 2022 08:44:23 +0000
Received: from DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM ([fe80::84bf:9bd4:cdc7:ff55]) by DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM ([fe80::84bf:9bd4:cdc7:ff55%12]) with mapi id 15.20.5017.022; Wed, 23 Feb 2022 08:44:23 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "draft-ietf-netconf-sztp-csr@ietf.org" <draft-ietf-netconf-sztp-csr@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "Fries, Steffen" <steffen.fries@siemens.com>
Thread-Topic: Question to draft-ietf-netconf-sztp-csr-13
Thread-Index: AQHYKAymqNaG+bENUkGuJodOedbF5qygzZ2A
Date: Wed, 23 Feb 2022 08:44:23 +0000
Message-ID: <DB6PR1001MB126956FBB638EC719DBE9ADFFE3C9@DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM>
References: <DU0PR10MB5196969030E39300696054D0F3349@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM> <0100017f2210e849-73639b73-109c-46bb-be2f-5f52f96449e6-000000@email.amazonses.com> <DU0PR10MB5196D760CD7247B21B255664F33B9@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <DU0PR10MB5196D760CD7247B21B255664F33B9@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2022-02-23T08:44:21Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=5e9885ee-9e8c-4fba-b922-a2db1d91a174; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 672cc6a6-9603-4d48-c150-08d9f6a8b0fa
x-ms-traffictypediagnostic: PRAPR10MB5423:EE_
x-microsoft-antispam-prvs: <PRAPR10MB54239B904CE8D9617FCB5293FE3C9@PRAPR10MB5423.EURPRD10.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lrWFy40Na60dd/nwlNKVOmMN1l8uHS9OR8y+7zf9tPJqiQLF8t0eJoZhAB2C+y/4q3fVzwE7qHgv4UkitJtpd6nXhzB/Qix5R1IOup7E4vMzLKfJ0kqP1CS7zJhPUrue3hhYyED39mVOumhKVvbXSbDDOlbOhUzNDd2oeUGM2JNr+4cY/up/aLMwqngyUwk4UsWdTGA03xvm7XL4Px7VQ8apKbvFFsPPGHb03IQGQcnmVw+QbZ4gduKGvBlo2F7Ebij+xl43LylMMPbE/SqN2HxlsdQHXVs+dH8iSh1wzoCGQcpWN2Xb8SYnB3SSt1AkkvmJ2RGbcG6ULaC00CTKd0dQA/ZenDN3xaH85QK8oarLle5sRnTZGuGliNpO5peMymajvMTHeZDQ6lM8YWEKIOS8ZUPiP/x2fxLm8GfNulgYtN3iwJqo1v6c+Us/iZ0c2+EEbqAePPwOQh4wYOjcC640/2yLciKT0xnqy4sZ+2ggEBbssLilMEQQ32JrPlEYKIm0VaLadg4Hf1gdq+6l6ZAnzsIioV6EbmIhVcVrMVtqJaaRaGhfalBgZaEBlxiWzsiZ+r2D9FFSwXli+EQSvI40N3EKzoFc1ql1TT9j7trIvRmlCrUN8roes2yagRrAy9zBBFQugMg4wPJ/eO6yGYBV14Phre2F5C6rCLxJgp5AQt/7utzbaWXXyWuHrnTUs8CJ37FcDHYUn7y31Ma/ag==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(82960400001)(53546011)(316002)(122000001)(71200400001)(52536014)(8936002)(83380400001)(2906002)(54906003)(33656002)(508600001)(5660300002)(6506007)(186003)(66476007)(86362001)(107886003)(7696005)(64756008)(26005)(9686003)(66946007)(38070700005)(66446008)(38100700002)(76116006)(8676002)(55016003)(4326008)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yzOC+kcaeKDrMn8Ez0jWvXYDN41vN59qv+UtMMltbCqPiGDCotxKjCKkLYpJKixLAOQ/cIoajdSqtA3yI8sveU0h1kwRbHOYwga99Z8RApYvxlfc3B9EhEu6W8I1Ll9oYJhGDI77aD6vQE3J7d+EP+7NfthfXFrr3tugoT1Ks4wof2fy36+jYNs6Ljepk5igkwaeKXflrmOmLvp6DHkLIY+DTwywXw02ms+NjjT36cfza2XW1rTwt4UHa8BbUUu1dJ7ACorQK39ntwFKlsf5qt+2c8umjjUYYMC4CwVh6tEDDV6vnEJ2qjcikvMzCV9PqEZsoPxcIeFgWeqNXJgsj1F2+jTxSnN7EHbsN7P3SJ8fo55PTdsggpAdGaTMWY+jM8m5p/4ylc3wR9OvvxoDZ9EpSh4GbyGluVGIzqRG0oREZbOtSyO4wMZYuP3UEeSbZsKP0Q4oHdnUOk+JyLIfMd8SvrDWkFuza5IoE3yWMeoKdbo7774GthJhqwybESyIjAcz/3ZnCRayhOo6MAuzZ/gfHk01m29YzvL4KTbqu8qQP+IM7QY3vMPUawgFNNZjZ+R7UATXl6YXPPBxYiT7Q1oRX5ZMy+TmMHV5ROjBonsLtm2jzuhDLlj0JPACUujj9eIWWLxYjqP/kca3me6r2wIXcKPjbpDjIWH4UtjgxcbIOYkDvIa1Sveb9wrhFCtXSwscBIX9ek+LANYfYY6u2qEcgQq1optyozceOjeBt41Z4Mab3sYQcNjKkVe11TGh1SwdS5UOUgj7JlvHdI0SHCirZNJqKezepBBve0JndVzOuLbMeNNQrumzNgUGhQ33HSkoLjzspJnp7aUam7NghO6FB0DDJ7QrpLjHW9MhrHDWGDna4fukjrc5Zdhn2d5pZtZoaU1iAF75Oj+K+V39mc++eddjY6rIZ7dBQLVRFX6T7sYLg8K6QXPACSCBJxfBAjd9KpxqO3nw7PXiu8sErChs2iTt9xW7OFE7kmtqwlgGL6EJlRBBaywasry3GvdgSFooyQCzjG1+aIXE33SuBA3cHgbo5ZMGiHZN15J56AGru2O/C4+1r6ky5wAEtOjXTerKGeP0cwEE8dTH0VRzE/04TvFeWJljxJJNpQ04GrjLmngFdFvUTitTMxal6t/zop7pckPsgXTGwduBrD4kCG1u0S+zB1WrVBRnvpaSDdkl5vzz3bWuPmqrwIrIlBH6YfqZP9fdtAvHsmVcA2//q5nDCYWjw/eZduj7fG0jo/zOfWfYdt+3VXqRsO+xIEH1OwmEsvmbKxbPsqOXrtMshLYzxmAl2aaWM6rk+F0pVG33xCinusSTnnA+Ic5RlJFaLQr/uCE3E1lGHglWbyrbPsH5xpuIaKDORX1i2AYWMqVGsya7m0V/PxeQQmpohcT2jcuNfOKpJVGq1opR1nzlyRkx5JP976imJ5Tf/1tUXhi9bRTPy7XOWj3Eh9XGvSxJkoDUI2gfpBVH6Gy+Hz975ykqbm1+y01tkbzKbE4T+UtikLKYHsA66g8rSSKtuTUEjFrKAt2e41nO9g8O88ZpKkc02M2sQOl2ubHohvkB4DUyfvLHmQunavMbexYK+nIBoUnupfmG+DVGL21j1KGPRHuCl5TPa4gIBFJVh88iUGm2AENCGQJd9UomJv3pQqhm2CKLSu0RVJKbej6Oa/e1RQ==
Content-Type: multipart/alternative; boundary="_000_DB6PR1001MB126956FBB638EC719DBE9ADFFE3C9DB6PR1001MB1269_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 672cc6a6-9603-4d48-c150-08d9f6a8b0fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2022 08:44:23.3016 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9Q2yeqYgh9iUIGeHr3xt3WyPCzi0HKLaP2Rq3g4OR/jaiLVOp6mBHVWNnQuvowbkqNKfrBofSyAShfeKZWOhwO/DBV+i9prATBpM9FN5gSA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAPR10MB5423
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/XD2SiaQWLXaElPsyk8xtUHCAi3Y>
Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Feb 2022 08:44:34 -0000
Kent I understood that this change request comes very late, but to male the change request more concrete I looked into the document and identified four places where p10cr is referenced. In all theses places “p10cr” would need to be replaced with “ir, cr, kur, or p10cr”. Finally this is the proposed change: ** Section 3.2. In identity cmp-csr: s/PKIBody containing only the p10cr structure/PKIBody containing only the ir, cr, kur, or p10cr structure/ And three times in grouping csr-grouping: s/The body element contains a p10cr CHOICE of type CertificationRequest./The body element contains a ir, cr, kur, or p10cr CHOICE of type CertificationRequest./ But I understood that such change can only be processed if there is a DISCUSS. Hendrik Von: netconf <netconf-bounces@ietf.org> Im Auftrag von Fries, Steffen Gesendet: Dienstag, 22. Februar 2022 17:52 An: Kent Watsen <kent+ietf@watsen.net> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org Betreff: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13 Hi Kent, Thank you for your answer. I agree, it is very late in the process for such a comment. I should have realized it earlier. Nevertheless, I wanted to raise that point as it would allow for more functionality. If there is no DISCUSS, the proposal with an additional definition is probably the easiest way forward. Best regards Steffen From: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> Sent: Dienstag, 22. Februar 2022 16:33 To: Fries, Steffen (T CST) <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> Cc: draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org> Subject: Re: Question to draft-ietf-netconf-sztp-csr-13 Hi Steffen, Yes, the CMP-CSR is bound to P10. This draft is currently in the final stage of IESG Last Call review. Comments such as these should have been received during WG Last Call. Unless an IESG member throws a DISCUSS, the draft will proceed as is. In such case, a future work may define something like a "cmp-csr-2” leaf to contain an expanded definition. Kent // contributor On Feb 15, 2022, at 1:46 PM, Fries, Steffen <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> wrote: Hello Kent, I’ve got a short clarification question regarding the latest draft. I realized in the description of the YANG modules that there is a difference in section 3.2 between CMC and CMP in the description what can be contained in the respective CSR. Based on the description of the YANG module, CMC seems to be open for different types of certification requests, while CMP is bound to a wrapped P10 not leaving any further choice (like ir, cr, kur). Did I got this right or did I misinterpret the description for the cmc-csr? Sorry for realizing this so late. Best regards Steffen
- [netconf] Question to draft-ietf-netconf-sztp-csr… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Kent Watsen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Brockhaus, Hendrik
- Re: [netconf] Question to draft-ietf-netconf-sztp… Rob Wilton (rwilton)
- Re: [netconf] Question to draft-ietf-netconf-sztp… Kent Watsen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Sean Turner
- Re: [netconf] Question to draft-ietf-netconf-sztp… Rob Wilton (rwilton)