IETF Logo Mail Archive

Re: [netconf] crypto-types fallback strategy

"Salz, Rich" <rsalz@akamai.com> Wed, 18 September 2019 12:41 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87EFD12004D for <netconf@ietfa.amsl.com>; Wed, 18 Sep 2019 05:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_bMjeEXhkwX for <netconf@ietfa.amsl.com>; Wed, 18 Sep 2019 05:41:31 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4EF4120025 for <netconf@ietf.org>; Wed, 18 Sep 2019 05:41:31 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8ICax4v004633; Wed, 18 Sep 2019 13:41:28 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=U+wXtmk9QSoFIv74L+K0hSr0xJYwlMzMMTLG2ILGcEM=; b=jXHeFdeRP86ngEFyhJR9dBCnoTowxDpnkGEHvJzltOXhs6GdM7jnEMty1n6KvGgraY5v n2A/wNNjawv8MKNL2a5sFRSB9IJe6LagbmX5XbRSM3tagLMudyR5qJGcLBNemBKHlVqU sfndXhvBU5uN8VmQ8Um4qiNhSrjcNizS+y3vL8j92CXTk+NEuFAWbjrdnpb0AFCFUjcw w7lZG+8Xv1a4mP0IXBg8jiG2xkXZgldzIGgAeud3LXX0n1oR2CMSfThpMPwA6mRMFmlj 7guPGEcMdNvg9cruZhsiP6RZUdXqOEbP7LvviZpWxeYzjPDNKPUXtkQoZUcwYvS7e2KQ Zg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2v37vyk3pp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Sep 2019 13:41:27 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x8ICYWYi027018; Wed, 18 Sep 2019 08:41:26 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2v37r1k9vw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 18 Sep 2019 08:41:26 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 08:41:26 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Wed, 18 Sep 2019 08:41:25 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>, Kent Watsen <kent+ietf@watsen.net>
CC: Russ Housley <housley@vigilsec.com>, "netconf@ietf.org" <netconf@ietf.org>, Sean Turner <sean@sn3rd.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAU9agCAASLxgP//+5oAgABHL4D//+j+AIAARomA//+/BAAAKuwGgP//8LyA
Date: Wed, 18 Sep 2019 12:41:24 +0000
Message-ID: <EBE4757D-E99E-41EB-A52B-A25F023BF4BC@akamai.com>
References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <MN2PR11MB4366AE6CF9E03B15EBEA3A39B5B30@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d3afa694e-ce58ee3a-792f-4c0e-89bb-83d0128a5194-000000@email.amazonses.com> <MN2PR11MB4366F63419F6BD4EF106766FB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <8053FDA0-77EA-488F-B5A7-F203359105E0@akamai.com> <MN2PR11MB43669B3A47A39FD93B47292FB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <6924CAD5-F740-4512-8689-E0307AF0BD88@akamai.com> <MN2PR11MB4366B5C09B4348FDAE33E2BCB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <99BFF357-6A2A-49E0-BB38-37C25DB04213@akamai.com> <MN2PR11MB4366F20EE2FD6DF04B965125B58E0@MN2PR11MB4366.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB4366F20EE2FD6DF04B965125B58E0@MN2PR11MB4366.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.155]
Content-Type: multipart/alternative; boundary="_000_EBE4757DE99E41EBA52BA25F023BF4BCakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-18_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=675 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909180128
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-18_07:2019-09-17,2019-09-18 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 priorityscore=1501 mlxlogscore=999 phishscore=0 lowpriorityscore=0 impostorscore=0 mlxscore=0 adultscore=0 spamscore=0 clxscore=1015 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909180129
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/aRQKYtv58R5pLiAlpwVgMdkyY-M>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 12:41:34 -0000

  *   OK.  So, in YANG I think the definition of a base identity is effectively defined by how it is intended to be used.  I.e. somewhere in the model there is an identity reference that indicates that it can take any identity value that is derived from that base identity.

I will have to go learn a heck of a lot more about YANG before the next IETF.


  *   We still need to have care here.  Presumably there will be cases where the same key algorithm is used in multiple places.  I was partly trying to tie the partitioning into modules about where the algorithms are being defined (i.e. which RFCs) rather then where they are necessarily used.

Luckily TLS and SSH are defined in separate RFC’s. :)

v2.23.0 | Report a Bug | By Email