IETF Logo Mail Archive

Re: [netconf] WGLC on draft-ietf-netconf-tls-client-server

Dhruv Dhody <dhruv.ietf@gmail.com> Wed, 21 April 2021 04:21 UTC

Return-Path: <dhruv.ietf@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5DDD3A0BA8 for <netconf@ietfa.amsl.com>; Tue, 20 Apr 2021 21:21:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YW8gwi6k4gbw for <netconf@ietfa.amsl.com>; Tue, 20 Apr 2021 21:20:59 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D073A0BA0 for <netconf@ietf.org>; Tue, 20 Apr 2021 21:20:59 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id q25so9427537iog.5 for <netconf@ietf.org>; Tue, 20 Apr 2021 21:20:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rs0qG0rnnScAVsDyMfAK886WvhngatCEsQoujowQ81o=; b=PY2m4g8SndTHMsof3qzl3jYLQjugm50dF31IRYVdkNbjB7LrdGGoHumFCT5cpIb5IH 1GAG4D0MNEP7zjvFFObE4GQrteOJUdgXqLtgQSS3Zf2LbWy96/N6/KtXloUR8h2TTtaw rEgzi2/m8UPLMfdTqvpOeHCV4EN1/pVUgdENpfWVYYkcroMrMUB5prV35kabUcJ30PV2 RCnWeVn1X5dZH66hYkQU4AFU98OnQ76m2cU5TIFP8B3Wbmbw5npJ2tb1ryDvC7YR5pYh 9bPEXtf/JLjgERtHg8DfsRm8lZdroDOeDxOCi6j6RWpTRsSLgnIBIPU/gq9R/SZUqiEn WDCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rs0qG0rnnScAVsDyMfAK886WvhngatCEsQoujowQ81o=; b=V8m/ckcD2BhJSL+1engpQFXPn8w56CCfpSPDOsGdyUsvyQHwopc9YYZCAor8Sg16dH D1Pd6ml0CJHYW/0CMluAywW4Xa1HSlv29MQl+jvhv2Va0RQjLDsmmNvwayaioKUjvGrl yW6EyXby54UpMV2qiy10z/dMlBUA6YWxECyZsbww3IhFZltSS/kw+suk32Hocpg9ba1X 4HY5NOkrW38OV0JA7wq32LyTJED7t7de7wCo8vMFdV1oIBucZPShp9NZe8rkAdzwwXZI +lRUBDaA6Ce9wj6cSgMn6A6mib/o//zIIywEnr4IiAIrq+epcEHE3N0Z0W2gSMDwFSxb TZvA==
X-Gm-Message-State: AOAM533UEQ8YPuurkAuLcSdDUvw3QD6IVL3YRNG8a0W6wlTyKXmliYcx xsH9gN1B12/EMYaNtNl8QbG98wlVjKCcZ9kw6EM=
X-Google-Smtp-Source: ABdhPJzkKZ2Kc+qZyZoS9zdXyREouk+GRYprXKDuETZVTHPvWgH+ffifDKkH5JWQcKZ6J5QownuWuoIL1c+aEsktg6I=
X-Received: by 2002:a6b:4908:: with SMTP id u8mr21998610iob.143.1618978858013; Tue, 20 Apr 2021 21:20:58 -0700 (PDT)
MIME-Version: 1.0
References: <E8878253-12DD-4943-8E26-0CBE121290DA@gmail.com> <CAB75xn6DyaE8TM=c_j63MK3FJfmhYZcA8Bdu6YNXPg-+OHy7dw@mail.gmail.com> <01000178ec6ee506-50ea847c-93a5-4e6b-a99a-02e85a2e74fc-000000@email.amazonses.com> <CAB75xn6U2Sy4B+v7Nm1uoia2OCUnBWmAPZhdX5zMKyOfb5ua3w@mail.gmail.com> <01000178f1fb7326-30c5cb08-c218-4987-a097-718628511e5b-000000@email.amazonses.com>
In-Reply-To: <01000178f1fb7326-30c5cb08-c218-4987-a097-718628511e5b-000000@email.amazonses.com>
From: Dhruv Dhody <dhruv.ietf@gmail.com>
Date: Wed, 21 Apr 2021 09:50:19 +0530
Message-ID: <CAB75xn4b21xf3gn1dtxusk9fCHk_FjYYK9hEYteCnzzowMBUxQ@mail.gmail.com>
To: Kent Watsen <kent+ietf@watsen.net>
Cc: "netconf@ietf.org" <netconf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bb1b6f05c073e304"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/dGGP4kQU8EnlcMVMq1ZZ0uAYBO0>
Subject: Re: [netconf] WGLC on draft-ietf-netconf-tls-client-server
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 04:21:05 -0000

Hi Kent,

On Wed, Apr 21, 2021 at 6:41 AM Kent Watsen <kent+ietf@watsen.net> wrote:

> Hi Dhruv,
>
> - I am wondering if anything needs to be done for the older versions of
>> TLS which are made historic. The use of features helps, is there any other
>> guidance that needs to be given?
>>
>>
>> We could set the “status” to “deprecated”.  That said, it's one thing to
>> say that a protocol is deprecated and another to say that the configuration
>> for a still somewhat widely-used deprecated-protocol is
>> deprecated…thoughts?
>>
>>
>>
> I agree that we need to allow the configuration of older TLS versions in
> the YANG module.
>
> I found this comment from Ben to be useful -
> https://mailarchive.ietf.org/arch/msg/last-call/oVO7XyHyTtX4bdkpN9PymiovieA/
> . I ended up putting MD5 and SHA-1 support under a feature 'deprecated’.
>
>
> Wait, you put the support under a feature called “deprecated” or under a
> deprecated feature (called something else?
>
>
The former. Maybe I can use a different name to avoid confusion.



>
>
> In this case, I think just adding some text in the description around the
> existing features for older TLS could also do the job.
>
>
>
> That’s easy enough.  For each feature except 1.3, I added to the
> “description” statement:
>
>     "Please note that TLS 1.? is obsoleted and thus it is NOT
>      RECOMMENDED to enable ths feature.”
>
> Is it what you had in mind?
>
>
Yes!

Thanks!
Dhruv



> K.
>
>
>
>

v2.23.0 | Report a Bug | By Email