Re: [netconf] crypto-types fallback strategy
"Rob Wilton (rwilton)" <rwilton@cisco.com> Fri, 27 September 2019 15:54 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4DC8120933 for <netconf@ietfa.amsl.com>; Fri, 27 Sep 2019 08:54:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BZ5hJwv2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=JJtqKCKq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id boRlzuTbbJHU for <netconf@ietfa.amsl.com>; Fri, 27 Sep 2019 08:53:58 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7BCA120956 for <netconf@ietf.org>; Fri, 27 Sep 2019 08:53:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6330; q=dns/txt; s=iport; t=1569599637; x=1570809237; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=+0FNnJAd/7Jc4Yq7U4GziFa1d8H085ajH7Ghz09Zf6Q=; b=BZ5hJwv21HX2uYJZtyZ8Uy9WY3uRzy1fnZHcmPIvK3MMFqN0+MpQkgWQ D+uKG8tphh7zsGDUmtmIRf8aDAsz3+glYT2+Fso3IGhVV7p6GKQy5KLto xTHeqya4/SbvwIs5CkCtr+9VGK5JtO6YldntLCDgz4wgiCUtO5ZjqWnSR 0=;
IronPort-PHdr: 9a23:pPpxqh0c5bhhnYYSsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKHt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQE1L6KOLtaQQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CuAAAdL45d/4YNJK1dCRoBAQEBAQIBAQEBDAIBAQEBgWeBS1ADgUMgBAsqh2kDilaCXIlnjg+CUgNUCQEBAQwBAS0CAQGEQAKDNyM4EwIDCQEBBAEBAQIBBQRthS0MhUsBAQEDARIVEwYBATcBBAcEAgEIDgMEAQEBHhAhER0IAgQBDQUIEweEawMODwECo0gCgTiIYYF0M4J9AQEFhRQNC4IXCYE0ikuBQxiBQD+BEUaBTn4+ghqCABQYgzuCJpUulyxBCoIijBmEcIQdgjeWfY4hgT2IZI59AgQCBAUCDgEBBYFpIYFYcBU7gmxQEBSBToNyilN0AYEoi0srgicBAQ
X-IronPort-AV: E=Sophos;i="5.64,556,1559520000"; d="scan'208";a="635182962"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Sep 2019 15:53:56 +0000
Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x8RFruTM024459 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 27 Sep 2019 15:53:56 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 27 Sep 2019 10:53:56 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 27 Sep 2019 11:53:52 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 27 Sep 2019 10:53:52 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XKa+7joeWnqHeTl11s/1TlQvFa4QEex+5Rqvuqf3l5NNtsIsVarKLgFyIqmHGFanUIz+tq2hAv8v08XK7IbvCu4lnHi2POJM1rW9Yvld0Rjilbd54GnbwTm66UC4QRCIqxTswFN16Sk/nL5bAHjwvmmSOLkil7aLXJmr0mk77z+908yOxHUSATEtN4Y9x41u5ccJIWKHr5GdA9TToD1sCfXtYNFyqz0wygWP8B8j7aKi5j575HjSP1mQAm2h92RPmydr9KRYC0xzkHsNWDulVWV0eNoTZ7C8ckDCcm4a4WKMbrgqAcXYk1yZjH91fkZluxCdHrZKmqvHD53I75L/zA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=en/dPDK/3nAC3fMT4ZjjdrFCuWwxCwvG1GjHd6Eelzc=; b=IBlFHpJxxd7N+zfauOQrwIFRAFXCZSVqY3AEs1VXhmAxKIgJ2+aAAuulDnz6lSW9mcvkwdlzooOOMik8S9OBn5bN7lqDkwB/wHIZMbQlt/GDPPw3ozgh8qW4N11VNEGdw40cRbpHs8a/irKeVY1DUxQpduB/yX0gMtVmqYT9YWdWKP0sIboo1Qu5Fu47+QV3AwhP0QUctTSX7bPvYHBS3XO6LMgsbl7xL0dud1+6cF3SIUiZtkjujLZPm4si/qLo0Z8fVKuEhF8cCP55aL5JMzcvnSPtQPmQZvKk6dncSA/EPHPNo4s7PJvUXF63/lluRmScqUJ3rcns86hJwWiotA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=en/dPDK/3nAC3fMT4ZjjdrFCuWwxCwvG1GjHd6Eelzc=; b=JJtqKCKqXYoNTB38V4z9EjLu/to2X6Twd0RLDupwiei3D0105xpYCGkA7Q50Fm5vBwmjNC6XIlZzQNzbjluHNwApaKbpNcRo5tdfOGT2SXqzzoQdO4rdMPVdnkLw7at7oXDCiOSvHpvfVVjAHUj4vvO1SQLiWpoqbC/DcuShbDo=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3807.namprd11.prod.outlook.com (20.178.252.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.17; Fri, 27 Sep 2019 15:53:51 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2305.017; Fri, 27 Sep 2019 15:53:51 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>, "kent+ietf@watsen.net" <kent+ietf@watsen.net>
CC: "wang.haiguang.shieldlab@huawei.com" <wang.haiguang.shieldlab@huawei.com>, "netconf@ietf.org" <netconf@ietf.org>, "rifaat.ietf@gmail.com" <rifaat.ietf@gmail.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxVu0aQE+n/K0iPwVgOy8FH/KcpQIdQgAVLFQCAARKfAIAATvkAgAABvxCAAC5vAIAAAggggAADhQCAAQHLcIAARlAAgAAAT1CAABr3gIAADR/AgAAZbYCAAAnmgIABJX6ggAzTpYCAAAlgAIAACfMg
Date: Fri, 27 Sep 2019 15:53:51 +0000
Message-ID: <MN2PR11MB4366C30CE4650421CE915840B5810@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <MN2PR11MB4366E914816F6C3D9515A31DB5890@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com>
In-Reply-To: <20190927.170902.142773301948727896.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [2001:420:c0c0:1005::bf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: efac8c2c-75da-4e0d-b68a-08d74362e461
x-ms-traffictypediagnostic: MN2PR11MB3807:
x-microsoft-antispam-prvs: <MN2PR11MB3807B62895791BA739804B2FB5810@MN2PR11MB3807.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0173C6D4D5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(136003)(366004)(346002)(396003)(13464003)(51444003)(189003)(199004)(6436002)(9686003)(55016002)(6116002)(5660300002)(6246003)(229853002)(110136005)(81166006)(14454004)(8936002)(316002)(54906003)(81156014)(4326008)(33656002)(14444005)(52536014)(256004)(478600001)(25786009)(446003)(11346002)(2906002)(486006)(476003)(186003)(102836004)(8676002)(66476007)(46003)(53546011)(74316002)(305945005)(6506007)(7736002)(64756008)(66946007)(99286004)(76176011)(66446008)(86362001)(7696005)(71200400001)(71190400001)(76116006)(66556008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3807; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: muXujghg8PDgmfGiDjBuOuYyF+LyyGSciD7vRS1G+xHbEmIcmaT6p9CZ1yACfsKdlQPXGzYnCoLgX2su7EanbEmphysm8Y4MZbxkrQucRPic5AUyT18EBS4m0+BcZAGAB03E6QBp7rzbXia8lbI4Az0Pxl6Jd+HFuCiiB+vbstO9vRCWi4e8dRbBdmpXbfqaJF28s0+HCaSQH1lgcC9II3g7duBvPzz4CJCVbuWvZJAVTWtuIwzYLcrFgfSLKX2T0PEakTeeQswNUiNmSsn/Y4emaIEDK4K1ukqfGsbtp/rTJVGWNxMIiFyxQuw9dW2PP33hAeTDf8KIVNxFyokAJeaDWVvFt6UXmUSj7dukpC0i/5UtvRY6v+tYcl6f6AX4NtbFUUUYXI4pLpDTWGnrwf4n6AJaDNziHfT6lZgaZR0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: efac8c2c-75da-4e0d-b68a-08d74362e461
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Sep 2019 15:53:51.2590 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TjVkvhfw1L8BFGWEd3+3KSjE1dybXrIGeYgWGxqCUBOdjw5veZ/1/o4J3aUczAkUIQcwDcsjL3PREwAVJUtBlg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3807
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.25, xch-rcd-015.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ceiJoZvc-GIpbXgxG6tssIIYBis>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2019 15:54:06 -0000
I basically agree with what Martin is saying. Either one YANG module containing all of the crypto identities, or a few YANG modules as previously suggested. If advertising the specific identities is important, then a per identity if-feature could be used, although I'm not entirely sure that one feature per identity is really a great option either, but I think that this would be better than one per module. Or, we could do an augmentation to YANG library with a leaf-list of the crypto identities that are supported by the server. This is sort of equivalent to a feature per identity solution without polluting the feature list with lots of features. Something along these lines could even be extended if it is likely that a given identity might only be supported by some of the protocols. E.g. a separate list for NETCONF supported crypto identities vs RESTCONF supported crypto identities, etc. But I also think that this is just another instance of the generic capabilities issue, and really it would be good to a have a solution where the capabilities are available offline as well as from the device. Thanks, Rob > -----Original Message----- > From: Martin Bjorklund <mbj@tail-f.com> > Sent: 27 September 2019 16:09 > To: kent+ietf@watsen.net > Cc: Rob Wilton (rwilton) <rwilton@cisco.com>; > wang.haiguang.shieldlab@huawei.com; netconf@ietf.org; > rifaat.ietf@gmail.com > Subject: Re: [netconf] crypto-types fallback strategy > > Hi, > > Kent Watsen <kent+ietf@watsen.net> wrote: > > [cc-ing my co-authors, as they're beginning to convert crypto-types > > back to identities again] > > > > > > Rob et. al., > > > > > I tend to agree that sometimes less modules is more. For me, the > > > problem is likely more that I am not entirely sure what the proper > > > base types would be, which may depend on what exactly they are used > > > for. I guess I wait until I see the description text... > > > > > > Okay, we'll keep just the one YANG module. > > > [RW] > > > Do you mean one module for all the identities of just the base > > > identities? > > > > > > > Dunno. > > > > Identities provide the desirable benefit of hierarchy and > > extensibility, but they come with the weight of the module needing to > > be implemented (not just imported) in order for the identity to be > > defined. This is how YANG works; it would've been better if, e.g., > > identities could be defined by "implemented" via YANG-library... > > Yes, but it only matters if the server implements some data node of type > identityref with the base that these identities are derived from. > > While I agree that it would be good to find a solution to the "advertise > identities supported"-problem, I don't think it is importang enough for us > to find some clever little workaround... > > So I think a single module wih the identities will work. Or perhaps one > for tls and one for ssh. > > > The thing with crypto algorithms, the algorithms a server supports is > > a matter of importance, e.g., because the algorithm isn't approved for > > use on the network. The ability to configure algorithms supported is > > not currently present in the ssh-client-server and tls-client-server > > drafts, as I was hoping it could be added later as a -bis extension or > > an update, but perhaps it should be, in order to drive this problem, > > to ensure a proper crypto-types solution. > > > > Working within the current YANG construct, one possible solution would > > be to define every algorithm identity in its own module, thus enabling > > servers maximum flexibility to describe which are supported. The > > ostensible negative is that doing so would produce many modules. > > While not a computer problem, it could become onerous. > > > > Another idea is to not use identities either (in addition to > > enumerations), but instead define a data model that preserves the > > extensibility of identities without needing to implement modules. For > > instance, instead of assuming the "algorithm" field is an > > 'identityref', perhaps a "leafref" is used. > > > > > > ietf-crypto-types.yang snippet: > > > > // protocol accesible nodes (note: config false) > > list algorithms { > > config false; > > key name; > > leaf name { > > type string; > > description "The name of a collection of algorithms. Suitable > > values are defined in the TBD IANA registry..."; > > } > > list algorithm { > > key name; > > leaf name { > > type string; > > description "The name of an algorithm. Suitable values are > > defined in the TBD IANA registry..."; > > } > > } > > } > > > > grouping public-key { > > leaf algorithm-type { > > type leafref { > > path "/ct:algorithms/ct:name"; > > require-instance false; > > } > > must '../algorithm'; > > } > > leaf algorithm { > > type leafref { > > path "/ct:algorithms[ct:name = > > current()/../algorithm-type]/ct:algorithm/ct:name"; > > require-instance false; > > } > > must '../algorithm-type'; > > } > > } > > > > > > PROs: > > - allows a server to advertise (in <operational>) which algorithms it > > supports without any need to implement a module, other than > > crypto-types. > > - supports extensibility via IANA registries. Sequence: RFC updates > > registry --> server supports --> client configures to use. > > - "require-instance false" enables YANG-based config validations to > > succeed w/o presence config false data. > > > > CONs: > > - only one level of hierarchy (would more every be needed?) > > - "require-instance false" enables YANG-based config validations to > > succeed even when misconfigured (though commit should fail). > > The last CON here is essentially the same as you get with identities. > I think we should stick to identities, and describe that it is ok for a > server to reject config for an identity representing an algorithm that the > server doesn't implement (even though it "supports" > (understands) the identity itself). > > > /martin
- [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- [netconf] FW: crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Holland, Jake
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] [Taps] crypto-types fallback strate… tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Wang Haiguang
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund