Re: [netconf] Zaheduzzaman Sarker's No Objection on draft-ietf-netconf-crypto-types-29: (with COMMENT)

Kent Watsen <kent+ietf@watsen.net> Fri, 02 February 2024 20:17 UTC

From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100018d6b779696-8b9c0751-4383-439c-9f88-d07819ddb58b-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B22C3E66-0979-4FE6-8AB0-B5B32A46D17E"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Fri, 02 Feb 2024 20:16:55 +0000
In-Reply-To: <170678695806.25662.10228230890884216897@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netconf-crypto-types@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, Mahesh Jethanandani <mjethanandani@gmail.com>
To: Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
References: <170678695806.25662.10228230890884216897@ietfa.amsl.com>
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/axpPjVFkj_F96QxEfc7CBnLlkrA>
Subject: Re: [netconf] Zaheduzzaman Sarker's No Objection on draft-ietf-netconf-crypto-types-29: (with COMMENT)
Precedence: list

Hi Zaheduzzaman,

Thank you for your comment.
Please find response below.

Kent


> On Feb 1, 2024, at 6:29 AM, Zaheduzzaman Sarker via Datatracker <noreply@ietf.org> wrote:
> 
> Zaheduzzaman Sarker has entered the following ballot position for
> draft-ietf-netconf-crypto-types-29: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks for working on this specification. I have no objection from transport
> protocol point of view.
> 
> I was wondering if the following description is sufficiently clear to the
> implementers -
> 
> leaf public-key-format {
>      nacm:default-deny-write;
>      type identityref {
>        base public-key-format;
>      }
>      mandatory true;
>      description
>        "Identifies the public key's format. Implementations SHOULD
>         ensure that the incoming public key value is encoded in the
>         specified format.";
>    }
> 
> Which format is specified here ? and how the implementation can ensure the
> compliance to the specific format for the incoming public key value?
> 
> I am missing some reference/example/direction here.

In this case, the “identityref” is to "public-key-format”.

"public-key-format” has two sub-identities:
	- subject-public-key-info-format
	- ssh-public-key-format

For subject-public-key-info-format, the “description” statement says:

     description
       "Indicates that the public key value is a SubjectPublicKeyInfo
        structure, as described in RFC 5280 encoded using ASN.1
        distinguished encoding rules (DER), as specified in
        ITU-T X.690.";

For ssh-public-key-format, the “description” statement says:

     description
       "Indicates that the public key value is an SSH public key,
        as specified by RFC 4253, Section 6.6, i.e.:
   
          string    certificate or public key format
                    identifier
          byte[n]   key/certificate data.";


Does this answer your question?


Kent

[netconf] Zaheduzzaman Sarker's No Objection on d… Zaheduzzaman Sarker via Datatracker
Re: [netconf] Zaheduzzaman Sarker's No Objection … Kent Watsen