Re: [netconf] Truststore: bags, sets, or other?
Randy Presuhn <randy_presuhn@alumni.stanford.edu> Mon, 03 February 2020 21:38 UTC
Return-Path: <randy_presuhn@alumni.stanford.edu>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3151512001E for <netconf@ietfa.amsl.com>; Mon, 3 Feb 2020 13:38:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzADd-QGdwdr for <netconf@ietfa.amsl.com>; Mon, 3 Feb 2020 13:38:20 -0800 (PST)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9DD912013C for <netconf@ietf.org>; Mon, 3 Feb 2020 13:38:19 -0800 (PST)
Received: by mail-pj1-f54.google.com with SMTP id fa20so347816pjb.1 for <netconf@ietf.org>; Mon, 03 Feb 2020 13:38:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XflyXrYvPTfFRWfXUfImPMIu3qujpR+mB/S++69uCFs=; b=eoMz8dptPP97EPxgQxHQRY7ssF5apwOvdtUQKbxRYbWHoYdlqysaE7KqIvpB2CGUFg FzICntMzW4NpkxpdVzLPw88KZBAkN+At10PZh1Tx6hk99VK1ywAL2Pd1PLENffkYy0i7 affcYYO8LisTikjpa39mbH12lJ5We45QBYezcAkFjh9gYeWTczwe+0yoDal9OV7iZzPv H9W9QLvhZ2epxCxpucg4KMMH/QoZruoaIKyyw51wDoUBuo9l80NwcJCKb2jj7lYqkFMa 7StE1atrdZrOeHoD20aFKfL6994A76SUA6tROsWwOx/8SFKfw65VwLlYlRbzx5XoIV6o toxA==
X-Gm-Message-State: APjAAAVx1QSzONG54PrtwhC8ayP9rcoVTJjzxKH/bUKVO4hKhiRUANDc okYwAc3fKGYGN+525LtBCVouGHKSnjU=
X-Google-Smtp-Source: APXvYqy2ZFsiNJnct4Hrk6iEud4FDqxfb/06Tqt6/z/KotQhUMxS3/Xo76pkqw9d/ZAPyUB25EthtQ==
X-Received: by 2002:a17:90a:d804:: with SMTP id a4mr1342089pjv.11.1580765899114; Mon, 03 Feb 2020 13:38:19 -0800 (PST)
Received: from [192.168.1.104] (c-73-231-235-186.hsd1.ca.comcast.net. [73.231.235.186]) by smtp.gmail.com with ESMTPSA id j8sm445591pjb.4.2020.02.03.13.38.18 for <netconf@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Feb 2020 13:38:18 -0800 (PST)
To: netconf@ietf.org
References: <0100016ff91dfd1b-9e8e6622-7e36-45dc-a661-f4702b494040-000000@email.amazonses.com> <20200131.111027.840757629039452002.mbj@tail-f.com> <0100016ffda3d528-f411ef14-2813-4372-99c4-8269e5ea435e-000000@email.amazonses.com> <20200201080916.yrlurqzzlconhxlr@anna.jacobs.jacobs-university.de> <MN2PR11MB4366AE21207AECD44DEF5D24B5000@MN2PR11MB4366.namprd11.prod.outlook.com> <010001700cb72510-63109303-e8df-4b7a-9910-1110131432b9-000000@email.amazonses.com>
From: Randy Presuhn <randy_presuhn@alumni.stanford.edu>
Message-ID: <4eac0f7d-cf0a-71d5-d9f6-4e5c1fbd7b07@alumni.stanford.edu>
Date: Mon, 03 Feb 2020 13:38:17 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <010001700cb72510-63109303-e8df-4b7a-9910-1110131432b9-000000@email.amazonses.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/gTJcIhkinkNkxaTjLRNKyNI36EE>
Subject: Re: [netconf] Truststore: bags, sets, or other?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 21:38:22 -0000
Hi -
There is no reason to use two terms for one thing.
Use the term "bag" only if what you're describing
is indeed not a set, i.e., if it is unordered and
allows duplicates.
Randy
On 2/3/2020 12:21 PM, Kent Watsen wrote:
> Searching online for “bag”, I found definitions vary (even amongst university CS sites) regarding if duplicates are allowed. FWIW, this variation also exists in IETF RFCs, as CMS uses the ASN.1’s "SET OF” syntax (duplicates not allowed) whereas PKCS#12 uses ASN.1’s “SEQUENCE” syntax (duplicates allowed). In any case, if duplicates are present, they have no impact on processing behavior (e.g., a certificate isn’t somehow more trusted if it appears more than once).
>
> Of course, YANG only has ‘list’ and ‘leaf-list’ statements for collections. So perfect mappings aren’t always possible. As Martin noted in his message, the substring "set” is used in published modules (e.g., module-set). Interestingly, lists generally allow for duplicates, but YANG lists don’t, due to being keyed, unless the scope is reduce to the non-key fields, e.g., assuming certificate ‘C’, both {key1, C} and {key2, C} could be in the Truststore at the same time.
>
> I still feel that “bag” is the best term to use here due to it being a distinctive crypto-domain term used for set-like collections. I’m assuming that this (using “bag”) is okay since no real objection has been voiced yet, but please let me know if that is a misunderstanding on my part.
>
> Kent // contributor
>
>
>> On Feb 3, 2020, at 9:51 AM, Rob Wilton (rwilton) <rwilton@cisco.com> wrote:
>>
>> +1
>>
>> This would also be my normal interpretation of a structure described as a "bag", although they don't seem to be that commonly used.
>>
>> Thanks,
>> Rob
>>
>>
>> -----Original Message-----
>> From: netconf <netconf-bounces@ietf.org> On Behalf Of Schönwälder, Jürgen
>> Sent: 01 February 2020 08:09
>> To: Kent Watsen <kent+ietf@watsen.net>
>> Cc: Russ Housley <housley@vigilsec.com>; netconf@ietf.org
>> Subject: Re: [netconf] Truststore: bags, sets, or other?
>>
>> A common interpretation in various data structure libraries is this:
>>
>> set: unordered collection of something, duplicates not allowed
>> bag: unordered collection of something, duplicates allowed
>>
>> /js
>>
>> On Fri, Jan 31, 2020 at 10:06:10PM +0000, Kent Watsen wrote:
>>> Hi Martin,
>>>
>>>>> NEW:
>>>>> +--rw <thing>-bags {<thing-feature>}?
>>>>> +--rw <thing>-bag* [name]
>>>>> +--rw name string
>>>>> +--rw <thing>* [name]
>>>>> +--rw name string
>>>>> …
>>>>>
>>>>> Better, right? Any other ideas?
>>>>
>>>> We have current published modules with both "-list" and "-set". No
>>>> "-bag" so far.
>>>>
>>>> For example:
>>>>
>>>> "list rule-list" in ietf-netconf-acm
>>>>
>>>> "list module-set" in ietf-yang-library
>>>
>>> True.
>>>
>>>
>>>> There are some examples of "s" as well, but these are plural "s" for
>>>> a normal list of singletons, and should have been named w/o the
>>>> plural "s" (if we were to be consistent).
>>>>
>>>> I would try to avoid "s" for a "list-of-lists", but then pick the
>>>> suffix that feels most natural in the domain. (For example, rather
>>>> "list access-control-list" than "list access-control-set”).
>>>
>>> Agreed.
>>>
>>>> Perhaps you can argue that "-list" works better for ordered
>>>> sequences, and "-set" and "-bag" for unordered. But then there are
>>>> "ordeded sets" and "unordered lists" (and even apparently "ordered
>>>> bag", in UML).
>>>
>>> Perhaps.
>>>
>>>> The plural "s" is better for a surrounding container (if one exists).
>>>
>>> Agreed.
>>>
>>>
>>> I also received a private response from Russ, who rather not join the netconf list, but said:
>>>
>>> 1) “bag” was originally created to deal with issues with ASN.1 the SET and SEQUENCE types, and since have entered general crypto parlance outside the PKCS#12 context.
>>>
>>> 2) “bag” is the ideal term for when conveying a unordered collection of X.509 certificates.
>>>
>>> 3) “bag” is not known to be used in the context of SSH host keys or RPKs, but there isn’t anything wrong or bad with doing so either.
>>>
>>> All said, I believe the best course is to use “bag” and, more specifically, to use the "/x-bags/x-bag/…” structure that is present at the top of this message. Assuming there are no objections, this change will be in the next update.
>>>
>>>
>>> Kent
>>>
>>
>>> _______________________________________________
>>> netconf mailing list
>>> netconf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/netconf
>>
>>
>> --
>> Juergen Schoenwaelder Jacobs University Bremen gGmbH
>> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
>> Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
>> _______________________________________________
>> netconf mailing list
>> netconf@ietf.org
>> https://www.ietf.org/mailman/listinfo/netconf
>
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
>
- [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Martin Bjorklund
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Schönwälder
- Re: [netconf] Truststore: bags, sets, or other? Rob Wilton (rwilton)
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Russ Housley
- Re: [netconf] Truststore: bags, sets, or other? Randy Presuhn
- Re: [netconf] Truststore: bags, sets, or other? Ladislav Lhotka
- Re: [netconf] Truststore: bags, sets, or other? Balázs Kovács