IETF Logo Mail Archive

[netconf] draft-ietf-netconf-trust-anchors, deleting or:system certificates

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 18 November 2019 09:06 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD08F1200C7 for <netconf@ietfa.amsl.com>; Mon, 18 Nov 2019 01:06:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Clw0Mi8H; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=henRmDE8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wykBioMakKaB for <netconf@ietfa.amsl.com>; Mon, 18 Nov 2019 01:06:22 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145A4120104 for <netconf@ietf.org>; Mon, 18 Nov 2019 01:06:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3320; q=dns/txt; s=iport; t=1574067982; x=1575277582; h=from:to:subject:date:message-id:mime-version; bh=cdSEJyNFzZR1y/i4PPu8vg5fYk+pUWXbk4zXX6iOQWE=; b=Clw0Mi8HdAOqVBKss3D+bKkPS/JoKmfOrPi9a0z2sDS+Dcin8nwtzam/ H3odMCZs6LEOTTCUC6+oeqGAYNofU5k2NYhkAg5Q0z85OBS63W4VMWGQD 2nkIH9UAF1sGGn8uKWkKMtjeHpbhtkKS8AQxiTbBs/GE4vFCy8UMlaReu 8=;
IronPort-PHdr: 9a23:kb3wpR9DM78jC/9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZB7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdSaCEnnK/jCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A6AQDrXdJd/51dJa1mHAEBAQEBBwEBEQEEBAEBgWsGAQELAYEbL1AFbFggBAsqh3ADinBOlS6EYoEugSQDVAkBAQEMAQEtAgEBhEACgiMkNQgOAgMBAwIDAgEBBAEBAQIBBQRthTcMhWobEwEBOBEBDHQmAQQBGhqDAYF5TQMuAQKjSQKBOIhggieCfgEBBYR+GIIXCYE2AYwUGIFAP4FXgwqER4NAgiyVWphTCoIqlWqaEY5ImggCBAIEBQIOAQEFgVMBN4FYcBWDJ1ARFJEag3OKU3SBKI04AQE
X-IronPort-AV: E=Sophos;i="5.68,319,1569283200"; d="scan'208,217";a="382627074"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Nov 2019 09:06:21 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id xAI96LKW019248 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 18 Nov 2019 09:06:21 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 18 Nov 2019 03:06:20 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 18 Nov 2019 04:06:18 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 18 Nov 2019 03:06:18 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TdX+zmCwUKPtwthcEhGopMGXDP8O0JhfxySMl4ngveOkpAyg4Q4XkNVQ/5LD9k5VbGCQvCLurtohP4mI/nxsHXjJr3r1c1UF6ZrEGTU+zTg9g7to6pj1npDjo3kqSDiENfqrbF5Y9jIs5dXd2A5LEKnCyHKdJ9krwv9hBzkTdB1Ay9m/tJHF5AXdKaP8SIAqQnre2UbobsEUmBA6d8qSscql1AUq1eC56IWz/iVdOdK3m6vzymiK4ZMpmnuYiGBaJEwIwQXxeChfUt3CRGevJid/75CF4em1U4XqLFAvdA8Jf5mee58W7AP3bvuGA/A6j0VasbIW/EOVv6EWE2wdww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XVN1zN+Dink90z6T4vvDf2Fc5KPuH8sN88YU8P6fiI4=; b=TJMT0+9gsPNajbnb33mrHvkYvihDFjmdOGs68Ssj5d3vC77Ej6XRZOMNxbsWX5HBHpiOXiuhaJ137dTnvcIXB9VBFQE6/aoHp9qT0ykNJBWMcdrsxbCdhg58U3EENCnag3+VzsiyL6ms8C0KzqIKfJYujmPGQKZQ7DW6SSp+aMfHb7I+uHG/1BFASOR8xD7INFK69KaLxpHjnkWvKUUZgibZjCmUOIQbv8T17xOfCbDLdhJ041rmJoGHhEttiWtb43rYtax+0a93KFHrityBlVOdV/tnQ5CBoEgvf1UGVTQA1rlKvnPWOdRYOBC9JIqpTSXWgcmGl69ybHpUVMZuMA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XVN1zN+Dink90z6T4vvDf2Fc5KPuH8sN88YU8P6fiI4=; b=henRmDE8Yz/oPZoTeDOhWTJglBibNqWB7VlgcNvY1JONfUl2cFBhfvAeqQN3cyg3pdAruCPveZyS2715T2jByrDALSqfjkoZbmM3bBl/wjIPwwpu+t0q4N4OJ3KvBEZnWgQKDpWnGbKCS7Tap2Whwo7oA0dt7KdOGo6zxaGoaPs=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3935.namprd11.prod.outlook.com (10.255.180.93) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.29; Mon, 18 Nov 2019 09:06:17 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::49b6:bc5c:bd3e:203c]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::49b6:bc5c:bd3e:203c%5]) with mapi id 15.20.2451.029; Mon, 18 Nov 2019 09:06:17 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Kent Watsen <kent+ietf@watsen.net>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: draft-ietf-netconf-trust-anchors, deleting or:system certificates
Thread-Index: AdWd72XC8lE/kvqOTuiErBpzDiHmPA==
Date: Mon, 18 Nov 2019 09:06:17 +0000
Message-ID: <MN2PR11MB43660F403072E460AF2FE12AB54D0@MN2PR11MB4366.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [2001:420:c0dc:1002::c3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6d5bf436-8c5a-438d-29aa-08d76c069251
x-ms-traffictypediagnostic: MN2PR11MB3935:
x-microsoft-antispam-prvs: <MN2PR11MB39359F4BE54B8D337E60542EB54D0@MN2PR11MB3935.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0225B0D5BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(366004)(376002)(39860400002)(136003)(199004)(189003)(66476007)(66556008)(64756008)(6306002)(9686003)(6436002)(25786009)(9326002)(8936002)(66946007)(478600001)(6506007)(14444005)(256004)(66446008)(71190400001)(71200400001)(102836004)(476003)(486006)(76116006)(74316002)(7736002)(14454004)(7696005)(790700001)(6116002)(46003)(2906002)(33656002)(186003)(4744005)(54896002)(55016002)(5660300002)(99286004)(81156014)(81166006)(52536014)(316002)(8676002)(86362001)(2501003)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3935; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vNratbO2ALcCu6oeniVY5FvoVmZTC/cz2a9z3CLm726t6uTTeH8+Wifiv95YSns+uLujhR23XeKvKacbYDI1PKN3zSvGyMAth45Jbz/dYE/fapPg8e7cYoTHqubfqbUH+5Pj+zCcyj6wFkIWqFJJc23Mv9ukEnHPzx6Gjbz76MxfXGKaRmtAi5g9mT8pAnLdIH/I3omjT2y77DYNjjE8DzoJIe/UMwbFtH8X9yFa8QjPJhYWPW01eSPxrQDEHFldDN1PDVvBkY08pyHNKgPzdtgjqfsbssTrQbIrk+Xgx/cY7huaUz7VuWxYyaMFF7XcDZsDaQB4zPgA+SwzDgRnh4xi+HIMC++zTb6F5aOa/RCQIWHxvgYmUde0gYDiw7BFfqwcwPg0g+OEuP3O2XfumTOPZbgL72aYDVySYFyViZFzihOyFojQ7LnYTmWoeztz
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB43660F403072E460AF2FE12AB54D0MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d5bf436-8c5a-438d-29aa-08d76c069251
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2019 09:06:17.5491 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TAAnd5JQeFnOZQ4RU1p/o99cW4BTA+BbaRaXC7pStPoj+3fycWEPCYRRou9UdJvP4pog4tnVoNdm4cbOmMt+Fw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3935
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.30, xch-rcd-020.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/dEB4MmhZ8XhXZfqC3l9gtd4NYGI>
Subject: [netconf] draft-ietf-netconf-trust-anchors, deleting or:system certificates
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 09:06:24 -0000

Hi Kent,

The question that I would have asked:

In the examples in the draft-ietf-netconf-trust-anchors draft, there are examples of certificates that are "origin: system".  Should it be possible for clients to explicitly delete some of these certificates, and if so what mechanism/configuration would they use to achieve this?

Thanks,
Rob

v2.23.0 | Report a Bug | By Email