[netconf] ietf-keystore, truststore, crypto-types

Balázs Kovács <balazs.kovacs@ericsson.com> Mon, 29 July 2019 11:44 UTC

Return-Path: <balazs.kovacs@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC57120187 for <netconf@ietfa.amsl.com>; Mon, 29 Jul 2019 04:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Od95KIcCgyXi for <netconf@ietfa.amsl.com>; Mon, 29 Jul 2019 04:44:37 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30044.outbound.protection.outlook.com [40.107.3.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53037120181 for <netconf@ietf.org>; Mon, 29 Jul 2019 04:44:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FTIngtGOjUtGrJhE/hLKmI466zzkw3X/ELd0XPLo482ciuQTjJeHn9uSZCrsx2HmUI5HeSHnvXn8sQsqd4LVvcZzKfl2r8TGNeAv007V7oNGTUwsMqErVOSw1eBfogO37BdiKaLoF0MoX8uBbDQj3WH9j492UBljEWiYTrdS1sBVV04WB9b3tSKBu/G30tLMMzgOOr5JefOO2G085bV8RcCzoti7k7WMsU8KcK69hgpFl6ehfP5SQSYTKpCtNRHB3MaeyMO56ohiLGOIiyZskBCYC/IKl2JkduXDU0j19KO/fjWGmetNjE25PEvKiKv2yOFTW46zcTCXG1NUvINKUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=el0cYn2a8Iyt3qCkwNdCpk6bgh6niUAwcAyFv+Crljw=; b=cIz47KPMjvivGkq0b+Beo3amSQDGkT1Jnn2Wg5OFUk/pcMxm+QB6pwvqy2pWjcKffn4cbwT0g+4JZq2Or/Gqtw/yvh1mKfe3LlYSpzCm3DjHnWgdOBElFNrYBdk25nkDt6TxW/wSG7cj+0nuytr43FTDhLiscwxLHM5lm1yFDzA2SJTg/sfCyoVZJvqwK8RqFlsuqJ2Q2RTaYet5i2t520cm5Flx4EMWldHBXSGqnDyh2oR9gvykMbSjdQhwjldACH4GgebyfTgkBQ/VBWILXD+2Wgfu43z3gybH/cj/BTSrOGQn1PcgDHPbzH0K8sAtnYZOQ2GSTXginaHxRavqSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ericsson.com;dmarc=pass action=none header.from=ericsson.com;dkim=pass header.d=ericsson.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=el0cYn2a8Iyt3qCkwNdCpk6bgh6niUAwcAyFv+Crljw=; b=iHd1ypBCEs81BJgAvuExpoLviUq9FDBCN6ChmQ7fu9Sv8kW2RHaWclr/ssJ5TIsfqoZ+T2r2/2+GvrLXsVLAdG0ghqVKlM7ivHC0MSZsvsnPahRdyPc02FkwPwWzDCO1qerx7yiTbDtCzr7qjvk0lgvhtiVEnXEa2b00yqpH+xo=
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com (20.177.57.146) by VI1PR07MB4432.eurprd07.prod.outlook.com (20.176.7.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.10; Mon, 29 Jul 2019 11:44:34 +0000
Received: from VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::4d62:fa38:f8a5:9299]) by VI1PR07MB4735.eurprd07.prod.outlook.com ([fe80::4d62:fa38:f8a5:9299%6]) with mapi id 15.20.2136.010; Mon, 29 Jul 2019 11:44:34 +0000
From: Balázs Kovács <balazs.kovacs@ericsson.com>
To: "netconf@ietf.org" <netconf@ietf.org>, Kent Watsen <kent@watsen.net>
Thread-Topic: ietf-keystore, truststore, crypto-types
Thread-Index: AdVGAvfWHyjwiS0ESamK8nx1YV1aGg==
Date: Mon, 29 Jul 2019 11:44:34 +0000
Message-ID: <VI1PR07MB47355EFE36C004F0BB831B8A83DD0@VI1PR07MB4735.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com;
x-originating-ip: [89.135.192.225]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4df41d99-0576-42cf-5acd-08d7141a20db
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VI1PR07MB4432;
x-ms-traffictypediagnostic: VI1PR07MB4432:
x-microsoft-antispam-prvs: <VI1PR07MB4432E702A739708B96077B7E83DD0@VI1PR07MB4432.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 01136D2D90
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(346002)(376002)(136003)(39860400002)(189003)(199004)(26005)(76116006)(74316002)(4744005)(68736007)(99286004)(102836004)(14444005)(256004)(486006)(110136005)(6436002)(66476007)(66556008)(64756008)(66446008)(7696005)(66946007)(53936002)(33656002)(6306002)(54896002)(55016002)(476003)(2906002)(45776006)(9686003)(316002)(186003)(8936002)(71190400001)(71200400001)(3846002)(6116002)(2501003)(66066001)(790700001)(81166006)(8676002)(81156014)(52536014)(6506007)(25786009)(9326002)(7736002)(14454004)(86362001)(478600001)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB4432; H:VI1PR07MB4735.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Bzr+CnZND2ekIFM21lCQOyuYGneJp3w7JH6aNPESpazf5U2E19IsNN4EnK2FhJ/6DQ57RqreDJYTtIbt6wHo0Jr+GdqO7KeCOsKY7Sn31HDvDbEH8dw007FZ1W2jFHelKOYxzBkZqQLzV3cvqbsKcB3KSlzY3/r5qwkuiOKfToeOjes4AQScH1PmmO/5vuWnY6+tDAaKckIdytcKAvIhSSnzc3mwjC1bXVw8UMnn3V4maC714f3OgqSACH6t4tKDxpFBl07XMvD4UjsjyHw9UJ0+bWjDPSDDAKHZGIE8m7uo/vwEkMmldJjt5ze6kBF8rVDlDawN1aOdcTtosDK1Lj8zErPlF21ZPw5fNxfQQFWchvhHeJJG20DLl2YAFhFGxzda9Rgky01tQiAkq2jZ4a/SKrD1VzkGfole7Erkhvs=
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB47355EFE36C004F0BB831B8A83DD0VI1PR07MB4735eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4df41d99-0576-42cf-5acd-08d7141a20db
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2019 11:44:34.7667 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: balazs.kovacs@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4432
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/S8uuJK_jR7nKBHAFBj8VMYATIc8>
Subject: [netconf] ietf-keystore, truststore, crypto-types
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jul 2019 11:44:40 -0000

Hi Kent,

A few comments to the latest version of the keystore, truststore, crypto-types models.


  1.  Typo

<CODE BEGINS> file "ietf-truststire@2019-06-07.yang"


  1.  Is mandatory true missing from 'cert' leaf in ietf-crypto-types?


     grouping end-entity-cert-grouping {

       description

         "An end entity certificate, and a notification for when

          it is about to (or already has) expire.  Implementations

          SHOULD assert that, where used, the end entity certificate

          contains the expected public key.";

       leaf cert {

         nacm:default-deny-write;

         type end-entity-cert-cms;

         description

           "The binary certificate data for this certificate.";

         reference

           "RFC YYYY: Common YANG Data Types for Cryptography";

       }


  1.  Question: why have the key generation actions been converted to RPCs? If this is because of their earlier containers having now mandatory leaves, then have you considered just moving them one level up, adding 'name' as parameter, and keeping them as actions? I'd prefer actions.

Thank you,
Balazs