IETF Logo Mail Archive

Re: [Netconf] Draft Charter Proposal for NETCONF WG

t.petch <ietfc@btconnect.com> Thu, 23 March 2017 17:47 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B5D31315D3; Thu, 23 Mar 2017 10:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.697
X-Spam-Level:
X-Spam-Status: No, score=-4.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YO0Igd2aRliV; Thu, 23 Mar 2017 10:46:58 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0090.outbound.protection.outlook.com [104.47.2.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 533D8129B2D; Thu, 23 Mar 2017 10:46:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5z7/1vg1QXHZSsAcIwA0/aF4fGkjU+YL8TWOPMhpPOs=; b=kBo0Fc0c3beyH1YSWBKm6moWzOkIszk1XRtIDO6rXjtggw2W00T6bobAhb+BV+uUSHz1rl6S8JEjoj5fGpUYvumacNEOG4x00IO+cxGbjfReDKpvfgMquvgMEf6cxsMeUKgLlAtBskihSzXZaahMfVFEqFh7QIX/AgU5+o6hVUQ=
Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=btconnect.com;
Received: from pc6 (86.185.203.75) by AM5PR0701MB2995.eurprd07.prod.outlook.com (10.168.156.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.2; Thu, 23 Mar 2017 17:46:42 +0000
Message-ID: <03a101d2a3fd$35353ae0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Kent Watsen <kwatsen@juniper.net>, Mahesh Jethanandani <mjethanandani@gmail.com>
CC: draft-ietf-rtgwg-yang-key-chain.all@ietf.org, Netconf <netconf@ietf.org>
References: <CABCOCHSacn15vfo8MR0K-UJJo6E0AZ14Gwj3M43KYkgbtwK8Kg@mail.gmail.com> <005101d2975f$ae87ac20$0b970460$@ndzh.com> <017d01d29769$0df70b20$29e52160$@gmail.com> <010701d29771$a45f66e0$ed1e34a0$@ndzh.com> <026601d2977f$8d059600$a710c200$@gmail.com> <685B9088-7557-4C6E-9A8F-54C3208DB312@juniper.net> <7217bc23-0e1e-c250-929d-e18c3f0a800f@cisco.com> <07b601d2a197$9865d5b0$c9318110$@gmail.com> <02ee01d2a22b$295b2be0$4001a8c0@gateway.2wire.net> <BA52FB19-D4B9-4E1A-BFE5-7CCE6F5554B1@juniper.net> <20170321174358.GA36769@elstar.local> <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net> <FF00B7D1-0418-49C5-93AF-59D837354879@gmail.com> <4A73C3C3-61F3-4988-B163-264B29EE1BA0@juniper.net> <445D4A52-0EC8-4AAD-ABC4-22CAC3B3169A@juniper.net>
Date: Thu, 23 Mar 2017 17:36:33 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.185.203.75]
X-ClientProxiedBy: VI1PR0701CA0059.eurprd07.prod.outlook.com (10.168.131.149) To AM5PR0701MB2995.eurprd07.prod.outlook.com (10.168.156.145)
X-MS-Office365-Filtering-Correlation-Id: 9df7510d-bb0c-4ba7-dae1-08d47214918a
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:AM5PR0701MB2995;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 3:VeW+TVSwSjnDWsuk0pRAWjkBrw+n+aTj9eTyZ36IuXjrfD7c4FNyvHNJPuLKO52o/JS2kRUcGppENMZpqAN8YQSKJb5YZXdtUvDwPAuEOienyLEU6/+zt/Fbf3Br1RnoK7BhjiaKtcvcgen98kGE4sHOmgC226yRZ5Ppjbdvq5J8qfWbpSs87C/4yzw3jcNkyzYRs7PmAD3+yOsLYbyG3YhBucMMlTB4hwdiiyD+rQG0DhlM7pjPe5zbuSAxYvfQ0pKw9QfgimaBI8zKVfyRPA==; 25:OuoS5QePFdaKWR9kHEuPNG7v3aHS8dGPDVq4flzEQXgUsWjTtAFMdS+wBfUteryzEyn7SPA6yVlTXkSaHjlIKvuATV1wmcHxapPmRYz9yxv8fTKr/RpefgUXZ0ANrRLP3oIzzPUKUCKjZCfeofSJL1oNKL6UNCI+7sWRBXvy40wKDsmHrEf98ynj/clOcstkrV+GDNOG0Cd9NG5MdQbNSoXde9dpqMh3mJVlh4CjptWI5C3EDjGHxHi8cWuVc1U0jvWgGQagOT0XpnH7h58j3+iv77EQZU3g7OdWHhpQwK9X5NdUc6yh62B2+PESRxN0jYrRMHjkJbO7D4F95jzIkB1ayoJWCjROvFWraE2uhMKVlZLFX9zKAajzpYCDla0rQQSSO6+I0A/iaT4gzW2DQd7YH2tNbJXsK2B42JSng8W/uQyb7N618MZUVzyTOgTpo3StzyChD3BgkIrb7vt5aA==
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 31:mBpywvWAPDvoVh51hJ5l8PWqDCyWDg0pxvhayTQ3fgV7WrFWhFT8EeV+al7UcRfb8O8K3htDRr9eM4YCa32wSr8ZwjInsKLQuggCOJy6nzCNSFKfySyg7UskTwVDJEcEN3Rfv6J8/szzIRrIlnTH3o1vbn/mJmJoxlgFGZhhLDKR0rSCLuxYhDCzAHAs502zUDmsn8Jx1Q+T5cx0VWu6LtrOXzlGZnpfsRkLejormIKlM/ER3BBMqB0FGxUtQtJnG6wpgYBzkX18qZpS9IMKCQ==
X-Microsoft-Antispam-PRVS: <AM5PR0701MB29955920BCC2843393365A41A03F0@AM5PR0701MB2995.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(138986009662008);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123558025)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(6072148); SRVR:AM5PR0701MB2995; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB2995;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 4:2889Dua+c2+Q14GZlKaSntZ5oss/OVmidw3UvqjjZNt0Msq9XYoPf4kbFlkv/QPwR4SF8gRRjadsE42g1G2ldUfojuZnrlYRebQyW3ZfO/6SIdP0Wm0vG1suTaE6/aqBoxXuwHwYVKtxArhWbgw8txFSZPvGMHRgsL2X1FWcvk4PeoyQz/owx3Gqu6tN/fJzKuSCDJiBBUYAEuXyZ5I+v5cZSJw5xgyY0+OyMe/IA4Stvtv9tuOHJ3gg+tRpdycjBuwSpBJ8/PbPiB0LCN0rMssvbCjI6rkxZ2aPYOL3o3Pu0Lg1oj/jnRX29T/ogGFBGx14Rplx45hoL8FCzPNyKzI8hfA1RFYcA2mXchTnbV/V3nGljzUki+60KNgXv+F4ttN5BUp4xRKYJpzbZKTWssl9WoWUucW33v8AVOfIuss2xRR1Hg3GsvKpTXM+sPLcTuqbDz7PyWQF5/9kTbyGBHH5fZdToguImIZy3yq5qNyVnkO7ikPnMzYjiCyNsBaYKIadqyy1vqdU4JMuKxevqM4fZFZ0xKLAyFsLbIKJcPuKiWKTfOhAEG5upYZ6apvPcgd+EnuWlednZjZMP+7II+vSu/Z+T8QwwjfmhugtM9odYPEGBjkb1QxzRRtUIfuSPgr2UTNpS/Y9iHKU8smM8A==
X-Forefront-PRVS: 0255DF69B9
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(39410400002)(39840400002)(39450400003)(13464003)(377454003)(7736002)(305945005)(1941001)(86362001)(44736005)(6486002)(5890100001)(44716002)(6246003)(84392002)(4326008)(8676002)(93886004)(50226002)(1456003)(81166006)(62236002)(116806002)(8666007)(54906002)(551544002)(47776003)(189998001)(25786009)(9686003)(50466002)(229853002)(23756003)(3846002)(6116002)(6496005)(81816999)(1556002)(230700001)(61296003)(38730400002)(2906002)(66066001)(42186005)(53936002)(5660300001)(76176999)(4720700003)(50986999)(33646002)(6666003)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0701MB2995; H:pc6; FPR:; SPF:None; MLV:sfv; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 23:+oqcxUqGdwOSOjpvT9DxpTJL7ILMnf85R9/vAYSyZX4tm1rCzFGk3aWGDozwWUNgfbTUPHrzAwKo5g3iTgI/UX8ehh7VrbXvya6l5PzlCHwxStbPmpGgwfvg5dxoyKQcc4egu+0WneMzu5J2NNSnhjdJbq0p3/2Tz+kO+ORpPU8AdTi8KTEH8/Y6ACZ/uE4ZsG7iMcq+yMBW5e0XbYIXDXsTsU/VzHagadYK+2NxwpZvqwu6vNMp+Vob+6kvb8FtbfrTyXazo8w9wI9+pf+kezKo59ONJoawDszhPb7KbOfS7RYMq96CyY2nmOfbRaSM9JR0o5XMoCcUqowBEEFTYRgtgay32w0cdq0PaMeFB5+ZPT0J9FT3hyfkWqr2xyRhitYQJTDnoGR/r/TGMDyp1HrWGR/DXi8jw4ZvuEe6nqp6+JAK9/tjUImNUWMB+hS2qySThfIhXsGq2ghum6B3aPjNbN/DKMx+ZXG3V3fjSWxRhtTGFcHl3Y2Pdgup97OMYP7CjHfJZXhQowU/6r1X7ciEEmn+n2zMQ3xmIuScPpXuaGHS/3YGt8LbAbqqArbLsTIMpE77KTk35x0ydtog55EQHci2MBtEWuipdkbwOBpL3LTTeSUA6rnyxJWMbtFcAwS9S1irwWJFQxm+nmlndcqXO/gybXNJ/OCH0W2l6e20lMgX/VdiW7gTgmuIhgnYpzHivz0uJqm45lAu+9qwGp3mAzj5Nn0ViYdsi5UPFNP/MYOgYZpUcc5xPbruD/Cs653xL2oynpsrcg6L8Wn7ZfMUvdx4xP19y4yRPRi9iYGFc27SfTHE9g5eTqfhllJ+7QlFuAASmudCrw40N3eBUFcdnnOgyCD2C0k9YXKyYXdxEq545XAU7CrqF9M8fCX0A0CtSKkvG3gvNgRUZMVNl9f6kFnOaVghZr6DgE1ft8if4XD6pgz1NORWdVVcXYuQpEVW+qOMvWUg0EmlEIXNEFz14QPoKExDOO6YqvphX1q+Y/dYXPO82r1XDTNe7Dau09l9m1OQdX/PUDTeOSjO6Yl/+9a/qXUeeuD9LD9yI1pToDlplC765TTpxrl3Amf7Im2+Wjas7C8G9jf+iW0kf3mf1hcDox78GytwUYgbJ9V4jjSUSHZUqEFNFgCw/DWCIr2sx113WNZVHfVe4I76KY5FRCFwYmOUiCwVYeLewyBlt/V3twccWEru81mtBaJTeVIRfznmIst12WMoY00L2vAgUCss5TcnM624XqeMoQe8TkXWgCYMwcRuvK+wbBouVzs+DXHty0l2XY2ILrOnPnKiSF9IL2UNahyqEyMzW4M=
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 6:V3Q7f5RgTSou+uaDE9P/+waW2WQQqx+9UI0dkXnbre25236CDsVdF5F9Ul+t8Xtj82CXqYp3uw4SE500LZl4Dz53GRALnkJEbb+lsi+bJIN1Gdq1Mzs7dsKdhP1IPzqRfkE539YJ5aPvpVX5E2j0keHmWmUxFFvhYEIIkE0tu8Cq/q/5Q/aFkCbHGg/FmIHebFzm3ATEjF/bSyJm6NF9abmcKfjwo8BDlg7PDmMHSZgHH87SXo9jWeT1X944ljTsK507+EfBjJsSU3C7ajZ1mztLY2pQlnCdCI21xn/psD/GapJf7+psc+mgb+ztNo5B7Trern9FoWQ+2OxDkZQtU4SIkAnxUrBcfr3Cg2RZ2LEPPkydFCYc3x716uUSBSpkb6qVDBpyDTYHa2PHl8zrlg==; 5:OdGWWEsqHcZlrVW2r+5UceDg9Gm0sUcUX8OiRkt0dXQwO17jVgeDknQPeqz7w/VysG8IgfieOgACxRH85qOBH55HDSMGysrpQg92cYO3TQK9x6v5F5VxgjlusFy0SdpZwx5wCkx2yzn6mIialjYLjw==; 24:JSDRgCZIyYpdWP6H3HXCiUrIzXVplQDgZmyfITP4h5pjvGj9qJQf5FWgzeUqkySZCJtsmhrTbiTwbGOiBqcQ5Ejtwe7Ld15kAmFmBG8UMDI=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0701MB2995; 7:Omn4x84MUh+acYRkvqkcbVMDZrBLkXyplTeY052c27nm2JbVc5MkA5OYLDltXy2ycvgC9vxD4cEd8rmOi+roxd715euo/GrmgHwKfGH3BdseLzjui67EKR55GZB2z5/7ADhPlFw6gAdAxheYB6hvu8YfRNmQRI3kgAGNQkKUpbfQioe4jzcPie4a4pPu2avr9NB+KO38Lw8j6SshCuelgIZJawXlbvWir1nSKevEUtGwQk8SllIGy9KGVAKSXSAkO3Pp9BfPPl2SAPMZXwTI4JPsO5VYFlTKI2Sule38l5b0tChahejyltQJmPbCqsJMubY9slnOzDgCpSzJXJDwEA==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Mar 2017 17:46:42.7506 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2995
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/is6MeVn0IAMNSf_HrWE_Nj036HM>
Subject: Re: [Netconf] Draft Charter Proposal for NETCONF WG
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 17:47:02 -0000

----- Original Message -----
From: "Kent Watsen" <kwatsen@juniper.net>
Sent: Wednesday, March 22, 2017 10:21 PM

> Hi Mahesh,
>
> >> Again, a keystore is not limited to asymmetric keys.   At the
moment
> >> it is exclusively asymmetric, but that's only because we (the
authors)
> >> moved the passwords (read symmetric keys) that were present in the
> >> previous version to the ietf-ssh-client module, but they may
return,
> >> as many real-world keystore mechanisms do manage passwords as well
> >> (e.g., Mac OSX's Keychain Access utility).
> >>
> >> The module names are fine, but we could update the draft title. How
> >> about "A System-level Keystore Model"?
> >
> >
> > How about "Asymmetric Key System-level Keystore Model"?
> >
> > And add a reference to keychain model for symmetric keys.
>
> Regarding "asymmetric", as mentioned above, while the keystore module
> is currently exclusively asymmetric, it's probable that passwords will
> be added to it in the future.
>
> Regarding "system-level", I'm not 100% sure.  Specifically, the
PCE-PCEP
> use of the ietf-tls-client module, which uses the keystore module,
gives
> me pause.  Is it still a system-level use then?
>
> Maybe one of the authors of the RTGWG key-chain draft to try to
express
> how the two modules differ, and why they shouldn't be merged into one
> draft.

Kent

Sorry about mixing up keystore and keychain - I did download the updated
draft last week but failed to find it when I was drafting my post.
However, while I know the English semantics of store and chain, I do
find it more difficult to attach different semantics to keystore and
key-chain, and I do find the Abstracts of the two I-Ds rather similar
which leaves me uncertain about the scope of the work in Netconf.

When the proposed charter says
"  1. Finalize the YANG data module for a system-level keystore
mechanism,
  that can be used to hold onto asymmetric private keys and certificates
  that are trusted by the system advertising support for this module."
I am still uncertain.

You are saying symmetric keys may come in future but should this be part
of the charter now? I am divided on this.

You are saying you are unsure about system-level but what is it then,
not that I have ever realised what is meant by system-level (unless it
means not just for routers, but then the Abstract of key-chain, for the
first five sentences, sounds like a system-wide model with sentence six
only saying it is commonly used for routing protocols, it does not say
it is not also for system-wide use!).

I would then avoid system-level, since I do not understand it:-(
"Generic keystore mechanism" perhaps.

I note that the charter does say 'asymmetric' which I think needs saying
and also adding to the I-D; and I do think that the Netconf I-D should
recognise the existence of other I-Ds relating to the storage of  keys,
although that detail is not a matter for the charter.

Tom Petch

> Thanks,
> Kent
>

v2.23.0 | Report a Bug | By Email