Re: [netconf] updates to client/server drafts

Kent Watsen <> Thu, 13 June 2019 14:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 91587120313 for <>; Thu, 13 Jun 2019 07:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.415, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FKtposPlleX9 for <>; Thu, 13 Jun 2019 07:58:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EE9371202FC for <>; Thu, 13 Jun 2019 07:58:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;; t=1560437910; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=pkQBIa36hmBRpdrxTn1RuLMx3OIrxOyD0FwJ4RFkkxI=; b=C50vDP2dnkxohz5S6QGUR2DWq928ypaAFuUlawxCvMWOElHoeZNz1izwNt3N6LDk PhXixnYDxtx2W+Kn4GU5xNUIsbql5kQBCnDet6GX+FMAdFJGQDBbC9KAyKw+wsdkX+X csbafZL5HiaVxDcEiE9+sqxfBflMs2YUEqalgpLE=
From: Kent Watsen <>
Message-ID: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0CA6C12D-4936-4701-8A9F-DA3C44AFE474"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 13 Jun 2019 14:58:30 +0000
In-Reply-To: <>
Cc: Martin Bjorklund <>, "" <>
To: Juergen Schoenwaelder <>
References: <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.06.13-
Archived-At: <>
Subject: Re: [netconf] updates to client/server drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Jun 2019 14:58:35 -0000

>>> I am strictly against hiding actions by encoding 'verbs' in an ad-hoc
>>> data format. I rather not support creation of keys on the device.
>> Remember we had this cases:
>> 1.  upload of keys
>> 2a. generation of keys on the box that will go into hardware protected
>>    storage (and never be accessible)
>> 2b. generation of keys on the box that will be stored on disk
>>    (and never be accessible over the mgmt interface)
>> 3.  generation of keys on the box that become (protected) configuration

This list is missing cases #1 and #3 described here: <>.  Also, we currently make no distinction between (2a) and (2b) - hidden is hidden, however it's implemented.

>> I think the previous version of the draft (with YANG actions) handles
>> 1 and 2 (a and b with trivial updates).
>> It is only (3) that we don't have a solution for that everybody
>> accepts.
>> So perhaps we should solve 1 and 2a and 2b, and publish that, and
>> leave 3 for the future?
> This may be a way to move forward. In 2a and 2b, will there be a way
> to remove a generated key via the mgmt interface or do I have to take
> a bigger hammer to accomplish this?

I object to reverting to the approach that doesn't have the key's 3-tuple (algorithm, public key, private key) marked as mandatory true, our doing that before was unhelpful.   I was hoping that the "verbs" approach could leap over the impasse but, if Juergen is strictly against it, then we should go back to the approach described here: <>, for which a draft was never published.

In the previous link, search for "Now let's discuss what this action does" and note the two options: (1) is more user-friendly, but one that Martin appears to be strictly against, and so perhaps (2) is all we can agree on, and yes, there would need to be a third (not mentioned) action to delete the key from <operational> (presumably after having deleted the same from <running>).   Yes, it is less friendly, if you want more friendly, then let's do (1).  I'll update the draft shortly based on the less-friendly approach (2).

That said, I'm also okay with giving up (for now) trying to enable a client request the server to generate a key (hidden or not) or request the server to install a hidden key [note: these are #2 and #3 in my first link above].  I would support this less complete solution because it still supports basic configuration (#0) and manufacturer-generated keys for, e.g., IDevID certificates (#1), and thus a passable go-to-market solution.  If folks don't like the update per the previous paragraph, then this looks like a good fallback.

Kent // contributor