IETF Logo Mail Archive

[Netconf] updates to the client/server drafts

Kent Watsen <kwatsen@juniper.net> Fri, 21 September 2018 02:56 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EB41271FF for <netconf@ietfa.amsl.com>; Thu, 20 Sep 2018 19:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1iL5yL5-UmE for <netconf@ietfa.amsl.com>; Thu, 20 Sep 2018 19:56:57 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C5A2124D68 for <netconf@ietf.org>; Thu, 20 Sep 2018 19:56:57 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w8L2tKve028532 for <netconf@ietf.org>; Thu, 20 Sep 2018 19:56:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=kAeKQzZWAv1hvgyeIQxE3UlKizjG3tzh2ZwoOwR1Tkw=; b=KoSsAb1VMKk7WOEYRDejf0CVtujZ6uwG4IaqK/erlbhwrTGFh2n9UpgBSJETOxoQ21pa FUb0L/QRYuwI81QwzwwhiAsgJHLE4pJ2+qApvNT4nbEPulSP9TjwR87+mGIOKSwxyre3 pkt0yKwZPngmCL+GJ4JJafc5D48j7cyA9+f0QKAmaGNsBq9BNLLjJoWR83MvPhCLC8Hn a28drHAnOYOdu2TJbusvXoSNt6Ky72wQ/jj9HUH3HEN2BP3QWilxFhvwKc6KzcSiDNX1 72EXtLnTHbtAnTInpTGmkJGLV2jBteWJjkM4mMnDyXIDLqY5pDRChg3k4zLscbISOIWH uw==
Received: from nam01-by2-obe.outbound.protection.outlook.com (mail-by2nam01lp0178.outbound.protection.outlook.com [216.32.181.178]) by mx0b-00273201.pphosted.com with ESMTP id 2mmkkwrfem-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <netconf@ietf.org>; Thu, 20 Sep 2018 19:56:56 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB5099.namprd05.prod.outlook.com (20.177.223.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.10; Fri, 21 Sep 2018 02:56:53 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::544a:dd4d:9524:9e6d%5]) with mapi id 15.20.1164.014; Fri, 21 Sep 2018 02:56:53 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: updates to the client/server drafts
Thread-Index: AQHUUVbAvgWl9XKJDky/TADn8k/2zg==
Date: Fri, 21 Sep 2018 02:56:53 +0000
Message-ID: <1B690DF4-4174-41C2-8E85-C18DAAD01B54@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB5099; 6:SYh+Ui94g8/NJO/rRkB0lNVT8QFOe4kpWh5a7iWqH2GLp7nJTRZXmgE7ptlYTrWyqBsSpSqpWdZH2vsk05QwipOtJz6q7ZreSvkX8jMUV+BMiizbgsWGzMv+WtkyWuPZLhLD1R+WG7sMcGrE4txe/RPBWm5Zd+bzb3Hkj4zK8PNgF1tnz0hw/6njVAMSpoXAKA085Ss53wKghfMiC+yJ+LHczO3BE5SwCCu05EGfGb+twLKjpHnP4JcMVOLQZYY2geUu1n9UaasQAMo7Mto3irSKZzMUzaQsDZPmg85WisikIgAhv2K+jqNGSeWxw6Xkh9UJ3MyPUoMxW3sNiriLP4subyllrrqMahbenOBUlUEw33Rm79gh0X3Jrb27YVOlQMLy2qlak7o/48SjAG7ZBnMvjLXI4vPOCoOYJxsPl5M85AgH3ErVN4Ctf1Q4SQQlxe+YvgbExJf6osKJ+EMyyQ==; 5:UWoBsmZx+0USTfyeR1zUAikqJkbrj9qd6xuA46Ndb0xoHqy9utKVP0gq7ioOKSChEv9sHHdGyWRAonp31L0Ndxru5+CiqMTsGZPWjYF552SEA0tW8k9SyR8Hcho6GvonO8g4ECrd504X8jrtOHWAOXv5u++KHjwcf27g1n8496Y=; 7:rTUmbgyzqr4CdXWiFHzRE5qt/Cqw2AQPVGjgTAL2EiwsiUmuDgyQSvV35b1Xg/PN/TfUtluoK7HNB+4KFSjPPJ0HzuiVcZqyULJtoN6FBIS8oxnrM3TfQ/1y2U2k0e3nfe+UFMnXbQw7UTiin1NUqCsYhwE/SmVdXQ+iyzPHS5FyuD4Lc6zDA6lhEPwmO2mdYN+fTOYyQFE1CPWwdaZd4Ku+YQm/DyfrB2JE9jfW+3Q++wF4Ln5oFgeR9n9VE52Y
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 05185fae-7c31-4955-620c-08d61f6de2f5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB5099;
x-ms-traffictypediagnostic: DM6PR05MB5099:
x-microsoft-antispam-prvs: <DM6PR05MB509929D13EC5F3234727B4F9A5120@DM6PR05MB5099.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(17755550239193);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231355)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(201708071742011)(7699051); SRVR:DM6PR05MB5099; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB5099;
x-forefront-prvs: 0802ADD973
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(39860400002)(366004)(346002)(376002)(54534003)(199004)(189003)(1730700003)(81156014)(81166006)(6506007)(15650500001)(71190400001)(102836004)(71200400001)(53936002)(26005)(33656002)(6512007)(8936002)(186003)(6486002)(5640700003)(2351001)(6436002)(68736007)(2900100001)(7736002)(86362001)(5250100002)(305945005)(2501003)(82746002)(6916009)(97736004)(83716003)(8676002)(36756003)(105586002)(66066001)(6116002)(3846002)(99286004)(478600001)(5660300001)(2616005)(476003)(25786009)(106356001)(486006)(14454004)(2906002)(316002)(256004)(58126008); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB5099; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: OFDFx/X4pftKaPFvmsjpGiZXVQJsAJmd+JIDhFQBbngtZ2+htWZ/SBdwpZ1VNYqt7v4YZbeM/biaJPrubV0nfAt4E1fhbZO8m8Dozi1Mc96aXXDIFy/LQi1Ixsm40wt/m9/zBMmMIAtmjvI8wXxi2/4hTB0cgQFXaALjRDc9QlqAQpIq9I74RelF+4ZFSNuRd00ChszK6TWXErJylYKtBLqEydNBGsnnSX2cYtRAnHzbv8xMpPYdQEiaI8HtOmkMT5DiJcVkxXsAHvPPmcXq/G1dIGnTueFTYUmt6ClEVW3pfj8oR/bZYzXZS5MTCdnTCJMtPH9bmUiOxfrRWfYuv8aXoNKhSzCNsIFlAF5tSx0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <55AF2098042AE0489D989B8328511AEF@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 05185fae-7c31-4955-620c-08d61f6de2f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2018 02:56:53.8251 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB5099
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-09-20_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809210028
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/eWVycg8A5zSphoYXx9EF7Co7Ad4>
Subject: [Netconf] updates to the client/server drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Sep 2018 02:57:00 -0000

Updated the suite of drafts.

Issues from IETF 102 not yet addressed are:
 - Should algorithm identities be moved from ietf-[ssh/tls]-common
   to crypto-types? (some progress here, but nothing to report yet)
 - Add support for TCP Keepalives?  (this needs more discussion)

Note that for the issue "Should some of Keystore's groupings be 
moved to crypto-types?", I just went ahead and did it.  My idea
is that there is no way we'll know unless we try, so I did.  If
we don't like it, we can put it back.  [Please review!]

Changes made discussed post-102 include:
  - refactoring the ssh/tls client/server groupings (per Balazs)
  - replacing reconnect-timeout with period/anchor-time (per Martin)

Changes NOT made discussed post-102 include:
  - adding an "on-demand" connection-type. This needs more 
    discussion.

Changes made though NOT discussed:
  - removed the "on-demand" option for the periodic connection
    type.  This is related to the above non-change.  Basically,
    we need to think harder about on-demand connections and
    how they relate to the "call-home-reason" idea that was
    discussed some.

The per-draft Change Logs are listed below.

crypto-types:
   o  Moved groupings from the draft-ietf-netconf-keystore here.

trust-anchors:
   o  Added features "x509-certificates" and "ssh-host-keys".
   o  Added nacm:default-deny-write to "trust-anchors" container.

keystore:
   o  Added feature "local-keys-supported"
   o  Added nacm:default-deny-all and nacm:default-deny-write
   o  Renamed generate-asymmetric-key to generate-hidden-key
   o  Added an install-hidden-key action
   o  Moved actions inside fo the "asymmetric-key" container
   o  Moved some groupings to draft-ietf-netconf-crypto-types

ssh-client-server:
   o  factored the ssh-[client|server]-groupings into more reusable
      groupings.
   o  added if-feature statements for the new "ssh-host-keys" and
      "x509-certificates" features defined in draft-ietf-netconf-trust-
      anchors.

tls-client-server:
   o  factored the tls-[client|server]-groupings into more reusable
      groupings.
   o  added if-feature statements for the new "x509-certificates"
      feature defined in draft-ietf-netconf-trust-anchors.

netconf-client-server:
   o  Removed "idle-timeout" from "persistent" connection config.
   o  Added "random-selection" for reconnection-strategy's "starts-with"
      enum.
   o  Replaced "connection-type" choice default (persistent) with
      "mandatory true".
   o  Reduced the periodic-connection's "idle-timeout" from 5 to 2
      minutes.
   o  Replaced reconnect-timeout with period/anchor-time combo.


restconf-client-server:
   o  removed "idle-timeout" from "persistent" connection config.
   o  Added "random-selection" for reconnection-strategy's "starts-with"
      enum.
   o  Replaced "connection-type" choice default (persistent) with
      "mandatory true".
   o  Reduced the periodic-connection's "idle-timeout" from 5 to 2
      minutes.
   o  Replaced reconnect-timeout with period/anchor-time combo.



Kent // contributor

v2.23.0 | Report a Bug | By Email