[Netconf] mbj comments on draft-kwatsen-netconf-crypto-types-00
Martin Bjorklund <mbj@tail-f.com> Wed, 21 March 2018 17:38 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE649127863 for <netconf@ietfa.amsl.com>; Wed, 21 Mar 2018 10:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dnyHwLHBZOUW for <netconf@ietfa.amsl.com>; Wed, 21 Mar 2018 10:38:49 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 44EB912762F for <netconf@ietf.org>; Wed, 21 Mar 2018 10:38:49 -0700 (PDT)
Received: from localhost (dhcp-89c1.meeting.ietf.org [31.133.137.193]) by mail.tail-f.com (Postfix) with ESMTPSA id 96FB81AE0398 for <netconf@ietf.org>; Wed, 21 Mar 2018 18:38:47 +0100 (CET)
Date: Wed, 21 Mar 2018 17:38:48 +0000
Message-Id: <20180321.173848.2165570230305025347.mbj@tail-f.com>
To: netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/eR9HGpIYovf7H_DKF5L--_pOfHg>
Subject: [Netconf] mbj comments on draft-kwatsen-netconf-crypto-types-00
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 17:38:51 -0000
Hi,
Some quick comments on draft-kwatsen-netconf-crypto-types-00:
o identity hash-algorithm
I suggest you remove the sentence:
This identity is used in the ietf-zerotouch-information
module (draft-ietf-netconf-zerotouch)";
o leaf private-key
"A binary that contains the value of the private key. The
interpretation of the content is defined by the key
algorithm. For example, a DSA key is an integer,
Is it clear how an integer is stored in a "binary"?
o action generate-private-key {
Will the public key be instatiated as well?
o It should be stated that if the client tries to set the private-key
to "hardware-protected" (or invalid binary data), the server
returns an error.
o What happens if the client first configures a key, and then invokes
the action "generate-private-key"? Will it just be a mismatch
beteen the config and operational state?
Maybe the action should only be available when no private key
exists?
o Should the algorithm be mandatory in the config; then it is not
needed as an input parameter to the action.
What happens if the algorithm doesn't match the key, either both in
config, or the key in hardware?
o grouping certificates-grouping {
description
"Certificates associated with this key.
Which key? There is no key in this grouping.
/martin
- [Netconf] mbj comments on draft-kwatsen-netconf-c… Martin Bjorklund