IETF Logo Mail Archive

Re: [Netconf] Draft Charter Proposal for NETCONF WG

Kent Watsen <kwatsen@juniper.net> Thu, 23 March 2017 19:37 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F1E813163F; Thu, 23 Mar 2017 12:37:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1IeWQxGPhXOS; Thu, 23 Mar 2017 12:37:26 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0115.outbound.protection.outlook.com [104.47.41.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 563DD13163D; Thu, 23 Mar 2017 12:37:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Te7vsTPPTY7AUoJn33ycSrUZPdS6AsaisjTBjNvRsZ0=; b=Bm7xTP3wVivSHHaVMHGZCmAIORo6l34UkF572p7PXgFBDAcdLTSwgpRVx2KwMJl4qatZHQUyg0CO2FWtmpgV0JMGh69JMYOfMA5eXfW8LKm9BH4MYSCV+7BdmnoBHVooKvClmnypXuDjNA+PSi1oY+VJJt3AsGrg8B0SvP7goMI=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1443.namprd05.prod.outlook.com (10.160.117.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.4; Thu, 23 Mar 2017 19:37:25 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.0991.017; Thu, 23 Mar 2017 19:37:25 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "Acee Lindem (acee)" <acee@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>
CC: Netconf <netconf@ietf.org>, "draft-ietf-rtgwg-yang-key-chain.all@ietf.org" <draft-ietf-rtgwg-yang-key-chain.all@ietf.org>
Thread-Topic: [Netconf] Draft Charter Proposal for NETCONF WG
Thread-Index: AdKROeE3Cc7ORdXbRmOFzdaoTO5UHAAgSeNTAAMyYgAABKtfAAAmUhvuAAqrwYAAXzKn3gAB6uUAAAIQ/gAAyiJeAAAC57eAAAAVAwAAAlfsAAACJWiAAAN6WAD//+pRAIAPgnqAgATDTICAASefpIAAKg0AgABUkwD//9E3gIACAQEA///Hy4CAAALPAIAARuqAgAEdkQA=
Date: Thu, 23 Mar 2017 19:37:24 +0000
Message-ID: <EBD8F1CD-1053-41E7-B35E-00A2DB01CB2C@juniper.net>
References: <CABCOCHSacn15vfo8MR0K-UJJo6E0AZ14Gwj3M43KYkgbtwK8Kg@mail.gmail.com> <005101d2975f$ae87ac20$0b970460$@ndzh.com> <017d01d29769$0df70b20$29e52160$@gmail.com> <010701d29771$a45f66e0$ed1e34a0$@ndzh.com> <026601d2977f$8d059600$a710c200$@gmail.com> <685B9088-7557-4C6E-9A8F-54C3208DB312@juniper.net> <7217bc23-0e1e-c250-929d-e18c3f0a800f@cisco.com> <07b601d2a197$9865d5b0$c9318110$@gmail.com> <02ee01d2a22b$295b2be0$4001a8c0@gateway.2wire.net> <BA52FB19-D4B9-4E1A-BFE5-7CCE6F5554B1@juniper.net> <20170321174358.GA36769@elstar.local> <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net> <FF00B7D1-0418-49C5-93AF-59D837354879@gmail.com> <4A73C3C3-61F3-4988-B163-264B29EE1BA0@juniper.net> <445D4A52-0EC8-4AAD-ABC4-22CAC3B3169A@juniper.net> <D4F8733F.A3BE1%acee@cisco.com>
In-Reply-To: <D4F8733F.A3BE1%acee@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [66.129.241.11]
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1443; 7:gqIHXtkIOFVKjABWyDqgJyH9YTyxa69TSzZjd0dn7E0hoyq4mU4YMHO8aZ1WSsIDMFFS6/8hxd4c8Fkb11THGypuB61MR8kF9R2rz/fSiAgbMEBtayi+k/StEFquokAA6EqP+TVnjpAhM55Qwr3tWYYJ/84Hv0W63OXrF4RHfIuHZ2yAZj7SpHJeNYgQI7WmGwMKI+mmF1Zv+Y8iGJhJ5O794VwFK90ggao/btNfEhvsjjJFJ1l8zSjKHyAlnnHnZ2mtwrgKA61+fORnbXnKdHVqIHTmWOi59O1iYS4irsz3B3xLqFc1m47asMOy6EGJrWX+L0lOmM6Bqtdvnp/C7A==
x-ms-office365-filtering-correlation-id: 6fdb74c9-4195-4db8-0b04-08d472240855
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081); SRVR:BN3PR0501MB1443;
x-microsoft-antispam-prvs: <BN3PR0501MB14431DD76E57BF1F7D09D5A8A53F0@BN3PR0501MB1443.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(20161123558025)(6072148); SRVR:BN3PR0501MB1443; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1443;
x-forefront-prvs: 0255DF69B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39840400002)(39860400002)(39450400003)(39850400002)(6512007)(86362001)(33656002)(189998001)(97736004)(66066001)(4001350100001)(36756003)(122556002)(2900100001)(229853002)(50986999)(54906002)(54356999)(99286003)(76176999)(6436002)(93886004)(6486002)(2950100002)(5660300001)(77096006)(82746002)(83506001)(2906002)(3660700001)(39060400002)(6246003)(3280700002)(38730400002)(6116002)(102836003)(83716003)(53936002)(4326008)(8936002)(3846002)(8676002)(551544002)(81166006)(25786009)(7736002)(305945005)(6506006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1443; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <0FA7C716D7B60F4891F96A0045AEA4A0@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2017 19:37:24.9292 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1443
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/jS3iXX_wWu3ClIxacz_YCj_Pu4o>
Subject: Re: [Netconf] Draft Charter Proposal for NETCONF WG
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 19:37:28 -0000

>>Maybe one of the authors of the RTGWG key-chain draft to try
>> to express how the two modules differ,
>
> Is this a trick question? 

No, it was to see if you could articulate it better than I have
been able to date.


> As the author of ietf-keystore, I'd fully expect that you 
> know the difference.

I do.


>>and why they shouldn't be merged into one draft.
>
> They should't be merged since they serve entirely different 
> purposes and will be implemented and deployed by different 
> sets of network devices. 

Fundamentally, they both are talking about storing keys that
can be referenced.  I could easily make a case for why the
keystore module should include passwords, including policies
around expiration and rollovers, somewhat like RFC7210, which
the key-chain module emulates.  Yes, we're coming at this from
very different angles, but at the end of the day, they're more
alike than not.

FWIW, I'm not actually proposing we merge our drafts/modules,
I'm just using this as a thought exercise for others.

Not that it matters, but I disagree that these modules will 
be implemented by different sets of devices.  As I expect any
router implementing the key-chain module (to configure keys to
protect routing protocols) would also implement the keystore
module (to configure the keys/certificates used to protect e.g.
the SSH/TLS connections over which the key-chain module is 
configured).


> Furthermore, the key-chain draft is more mature and referenced
> by 6-10 other IETF YANG models.

Funny, maybe we should compare dependency graphs using Benoit's 
tool?   But let's wait until Monday since but the Syslog and 
PCE-PCEP drafts should post updates then that import the keystore
module  ;)


Thanks,
Kent

v2.23.0 | Report a Bug | By Email