Re: [netconf] [Last-Call] Yangdoctors last call review of draft-ietf-netconf-trust-anchors-13

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 16 April 2021 12:15 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63E013A236E; Fri, 16 Apr 2021 05:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRFoLAyC4uSm; Fri, 16 Apr 2021 05:15:30 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40071.outbound.protection.outlook.com [40.107.4.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57C0D3A2371; Fri, 16 Apr 2021 05:15:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jnoJAIvGVekHQl/qRiGD+IybBESB8Hjau4hquaLERMuYKyHXuFosy3KaxVOFXWAi+3eJyn7khGg3jRbzXADSHp1QDSmdCVhydD3gNLZYXkIFzmSN+q8B4TfaVOzpTbXmm7yp28GyT4fm29cmlXLJVIagJwb6fB/9Lc1zugkcnYaa8KZYXhuZdV+Z/c8mMLYhGzAKz2mqJC1t5umpXXs4wEM7+uojtfvBJ34+R2nwvMGDVf4HyQE9utd6rlOF55ZsNOWsIOe4wXo8FqpEHYEXb8oyjpB9EcfsuC1p2lGbKjGs9OB0Vh92xNmtHOriazqY7UcJaXlOfIjUlG+TnxAZGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dRYpr+7BRDsIri9FvuVduVkNGOuvqbdH6ZweZV28/Ws=; b=ceou7cGfVJt2JKjfYkhLPctDJY3w52h3UmmUFSNaSwQoJK1Gpe0jzn07Ek44YdUXrM/N2oT9tWXrkLX1VKQRAmucAZT/zuRxh+VYv7GWXqQWnu8UbiQ2lkAygICtf3IYNodkLy8k/EZkzHIACd9H1UiolSTDfE2v92qbydMKxPZSAewRNzKlT0fxUIh0aPW+bljQifkbOGIaTJINzzIGM0zwUozbd2kuBIJp6PAWh2C1PTPADgOExXS11H3Dbr0aHPW+Axnc684r4GTCiL0sMx590Oo6lz1JVR7cdAQqeMbo9s8y0Ym0ApO1LRFcEc8q0K8C9bJ0s0mYk5c9j86idw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dRYpr+7BRDsIri9FvuVduVkNGOuvqbdH6ZweZV28/Ws=; b=l87srOs3wptaWAb07EPJHGkVu0gIgY0AK/edSz5wJACCV37ml9L7W2ko6tONK2EWDX1xhb3zPvqu2szKSA7csihcF4X1tx+DfOAuOjPS/0+IR8ouocX9Af2lbMirQVGjaMOtqQsC/9zbN0Trbqso8dOFt4zxBA0bpNy5lb5T2sY=
Authentication-Results: watsen.net; dkim=none (message not signed) header.d=none;watsen.net; dmarc=none action=none header.from=jacobs-university.de;
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23) by AM9P190MB1108.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:266::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.18; Fri, 16 Apr 2021 12:15:28 +0000
Received: from AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6]) by AM0P190MB0641.EURP190.PROD.OUTLOOK.COM ([fe80::e8a2:9886:8dfa:41c6%4]) with mapi id 15.20.4042.019; Fri, 16 Apr 2021 12:15:28 +0000
Date: Fri, 16 Apr 2021 14:15:27 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Kent Watsen <kent+ietf@watsen.net>
Cc: YANG Doctors <yang-doctors@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Message-ID: <20210416121527.z7z42ptkhxc734vy@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Kent Watsen <kent+ietf@watsen.net>, YANG Doctors <yang-doctors@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
References: <161047687248.13931.17900123352005904827@ietfa.amsl.com> <010001778e67c4e0-c179290b-6eba-46df-b17f-ec474c44783c-000000@email.amazonses.com>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <010001778e67c4e0-c179290b-6eba-46df-b17f-ec474c44783c-000000@email.amazonses.com>
X-Originating-IP: [212.201.44.244]
X-ClientProxiedBy: AM8PR07CA0027.eurprd07.prod.outlook.com (2603:10a6:20b:21b::35) To AM0P190MB0641.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:194::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (212.201.44.244) by AM8PR07CA0027.eurprd07.prod.outlook.com (2603:10a6:20b:21b::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.8 via Frontend Transport; Fri, 16 Apr 2021 12:15:27 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f764a260-67c0-4f23-22d8-08d900d1524d
X-MS-TrafficTypeDiagnostic: AM9P190MB1108:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <AM9P190MB11086355FF9609249C7EDD4DDE4C9@AM9P190MB1108.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jPpKqGjnUy9s9SlYTRlcA0/zfsEPFlk6yDKmS670UTGPuB5QVo6gJhAatTHkBz5sQ/6jdCuJM76q1qyglitL9F3R1t5J1zU5/SZldA55X5BwWzhyro1MXOBDVFQi6sfZhFM2DpPNk3UqxcD+j5onBAuhYgm52TKnIylboWREX+ptv3pORVp0oG+997VDS/ir1rXAT4d7Ziv/Y1jzrViWy4WNSBWVnecg6/oMzl1lPunmkKAKFnLyguEBPV5X97aAmR717eCi3fMziWnCn2EC0GbWDA/BteyL2n/VhMgsxidy0vGzRse7zUPr9SfUAN/15fvmjq1tWvMW3yu2rQ6mih6CYpvwZuGY7+mq0q9j7aG/RmXvgxblQxhz8YFar4qsyQ7ffV4wupjiPe0sRHREacfw46BIF+/7h0ba1D/N7JZtUV1PCUGRjYFT9G15ku8GKjQKq4jFO9Of5zw3ze1O7Hy/ICEJh7ZG66XY2gAXAB7Is7p1IWonWZUBw5vuciEfN5cShWqNqz1zDdQQxW1dcHs7uvYVxYd0czkRD8yHxcsfBUgHgV99roaS55ReEsTAN7bvQGwbClBBDPiiwmw6MhveflT6JkjaXsSiizkKvp8tff0SEuUFBwCt6YpEMmxqoki0/SgnmWu0XvnfpqfgkRumJAKcnHP7IFebkcanDG3JRhwy1gVXTo7O7VNF9fbawIPjgTHEFSAfyIBwwKo21JbvSLzqk7bWL7tFvpGz14dnQ4bIpAHtpP28qt/g649u
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P190MB0641.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(366004)(136003)(39850400004)(396003)(346002)(38350700002)(2906002)(956004)(4326008)(26005)(38100700002)(786003)(478600001)(66574015)(1076003)(8676002)(83380400001)(16526019)(66556008)(316002)(86362001)(8936002)(66476007)(3450700001)(54906003)(53546011)(186003)(52116002)(6496006)(6486002)(5660300002)(66946007); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?TGo4ZHFhNDR0ZGppZTZTckVIaktUR2doQnd2SlcvMW1jNE1DNXAwVTRRazV5?= =?utf-8?B?M3VEdVQ1WnYyU25LMTdNK3B1a0tXYVRBY2FZSTFZSW5wWU9QZU9ZV3F4QXBv?= =?utf-8?B?Z0hMZmxXeTluT2FrUThHM2dnb3kyTUNyWkNDYjNndk9GdlI0MEdIeTUzOHMv?= =?utf-8?B?VGJveEg3SUhpdUIreVN5c3RLenNoRlpDdXlmUzlaNXhwd0JIOEZPMmcwZ3A3?= =?utf-8?B?dTNYVEc3b0FKRzZDY3dWdkIzeTU5d29Gb3hieGxTRW5EdldCdFQ0RFNhaHFr?= =?utf-8?B?Zm9pOG9iZEZjRElLSi9ZeGVzRjZ1cmZzeUNyckNobmMySEtRL0xBSS96QXAr?= =?utf-8?B?Z2ZudldVYW81VWNtdjNoeE5zc1ZtYTVEeDNjcEdnYzRZT1pVQXV6d2t4Zld0?= =?utf-8?B?bEMyTGVZNlE4dVhoakZldUZKTzY0NUw4R2JpU2JXaWRpU0pDUzZqejFrUkN4?= =?utf-8?B?WCswM2d5VlhTUFVDOEo1SWhRRGxpa2NxbGthVG5PQWFwdndoa0MzelpmdDRW?= =?utf-8?B?ZVpmTzZJcjVxbVlvVVBIakNVMmFQL0RlaXRVaEFjTzZUdk5EQlptekx1a3Za?= =?utf-8?B?R0dVL2RZMzd1TXpXVHJLN1dYMXVQUG5OdnhLdU1pRzEzR0dsbXNqZWNhblIr?= =?utf-8?B?NUVnUzFqd2pZN2oxdXhMOHRjVU9xRHFDZTRReU92SlpOc2YxZ2J0ZWQrUUJR?= =?utf-8?B?UHdEeFV1MllyV0hJQ0MzT25tNXlGY0ZJRG1DZHRxOVdzMkl3Zm9jU0x2aVpO?= =?utf-8?B?cXhMVUt0UjdXWExlL0s1UmhsL1VCTEZ0c0ZWVWZ3OHExMGNWeHkraTFuTmVu?= =?utf-8?B?NlcvRzN6ei9pTFlhOTcvd3BLZTZ1eGcxSG5UdlZUTWZmSy9sOEt1cnBWVnZ2?= =?utf-8?B?YllPUGVyd1JPcjZMZGU1M2xMd01tcXdXUnFjNHh3RWRCVUk4Y0s5dkY1VHRt?= =?utf-8?B?VExpQ1B5NkFadUZ2b0JBOVM0NjF3bUZPb2xtNTN2bGFlUGZuV1lUZ2dmTEdm?= =?utf-8?B?dEtCMzZnNFljRXVvZTRVTXZVRGk3RzJVMWJTSFo2MGhTQmNKbGZwQ0lXd1By?= =?utf-8?B?U1Mzd2JHMG1YQXp6eWYyOXd5YmhIM2Z5cmJQelBWUjVDVG5YblREUXVnRE1K?= =?utf-8?B?b1dOS25ONFQ5enFDZUl1RzZKRDh6MjB4c1NNSGU3NW96OGtFaHZNUXhsd1V2?= =?utf-8?B?TEJzLy9zZFR3VmIwemNmVEJRTDUwazhvdDJ1bzU1TUd2VSszMW9oSE8yNmhz?= =?utf-8?B?Y2Zlb3d3SjBaeDh1SzkySEdwOXdmRjhSZHI5eE5IcGw1VjJya3R2Y0VtaHUz?= =?utf-8?B?MG5rYittWWZZQVpNdmVVaWlvQ2E3K0t2QXd6NER5MzdOTVZDOHpmSG9jWm9y?= =?utf-8?B?c3dyM0daalhGRzU3Z2lkOU1QSVYwdTlzamJ2aVJMdVpWQUtnU2RBSWVRRWxs?= =?utf-8?B?a2pPSW5TaS91WExxUVJ1U21VQlk5OEQ3MGk2RzFiU2Y2WnU2bm1rYzhjeHVw?= =?utf-8?B?V3NURFU1cEFoQy92bnFUaWxQRjRLRkw1d2ZZSlVoVGRTWDltRHlDMlJ4NDRv?= =?utf-8?B?QlBMVFlLKzBjUWNwa1N6WVArbmN0OUp6SFh3U3hPV0FhVGwzRDViMVZFT3NX?= =?utf-8?B?eVkrYnhlWkhwaVhuL2hZOG1yczFId3Z2NEQxK3NDcFN0dE5XQ2lqQnRpRDd2?= =?utf-8?B?VU91UnNMdGxxZjZuSnFtelZ1cGY2bnh3VU5Ma08rNTNoS3VIYk9PYytIOWhH?= =?utf-8?Q?WAtGGkTQPYgyr18+1A04EX3INRayjPHI3lxbIXk?=
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: f764a260-67c0-4f23-22d8-08d900d1524d
X-MS-Exchange-CrossTenant-AuthSource: AM0P190MB0641.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Apr 2021 12:15:27.9633 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: WvNnSBZ4wS3piLwOZqkKXI87WyxaPkxFDclfJ04bMX/6w4csbn+U+mIUlzhvrqV48whuZdGlh4O15BhhGnyM2CsHorMnazWiDYaJ8YCtF78=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1108
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/je_Icuafb0vbYNaCTK6gIM3dK9c>
Subject: Re: [netconf] [Last-Call] Yangdoctors last call review of draft-ietf-netconf-trust-anchors-13
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2021 12:15:35 -0000

See inline, I cut what I feel has been resolved or does not deserve a
further comment.

On Thu, Feb 11, 2021 at 12:05:01AM +0000, Kent Watsen wrote:
> 
> > On Jan 12, 2021, at 1:41 PM, Jürgen Schönwälder via Datatracker <noreply@ietf.org> wrote:
> > 
> > Reviewer: Jürgen Schönwälder
> > Review result: Ready with Issues
> > 
> > The crypto modules aim at providing a flexible reusable infrastructure
> > of groupings for modeling cryptographic keys and related concepts. The
> > flexibility of the definitions provided of course comes with a certain
> > amount of complexity.
> > 
> >> From a YANG perspective, draft-ietf-netconf-trust-anchors-13.txt is in
> > a good and close to publish state (a couple of minor issues left).  I
> > also tried to understand what is being modeled here and hence I also
> > have some questions concerning the concepts modeled and I hope these
> > are easy to answer/resolve as well.
> > 
> > - I have compiled the YANG modules using yanglint 0.16.105.
> > 
> > - The prefix 'ts' is rather short, the set of two letter prefixes is
> >  rather small limited. This comment also applies to the other
> >  documents, crypto-types uses 'ct. Perhaps this is not a problem
> >  since collisions can be handled but if we go for rather short
> >  prefixes, we will have to exercise the collision resolution. (I see
> >  that 'ct' has already been used by ietf-complex-types, RFC 6095.) A
> >  possible alternative could be to use sec-ct, sec-ts, sec-ks, ...).
> 
> Ugh (me, whenever a naming-discussion comes up ;)
> 
> <rant>I don’t know why prefixes are registered, as the prefix is defined at the top of each module.  The only value I see is not syntactic but rather for consistency, to aid human readability across disconnected sets of modules.</rant>
> 
> Prefixing the prefix with “sec-“ may work for trio of drafts you just reviewed, but it seems undesirable when getting to the client-server drafts, as they're more *protocol* oriented.  If “ks” and “ts” aren’t taken, then maybe we claim “first mover” advantage?  If not, then maybe “kstore” and “tstore” might be meaningful fallbacks?  Assuming we claim “first mover” advantage for “ks” and “ts”, then we just need to handle “ct”, which maybe could be “ctypes” or “cryptypes” or “ct2”?  So, 1) prefix the trio or 2) claim first-mover advantage on two and figure out something for “ct”?  …or maybe 3) keep “ct” also noting that a) “SHOULD NOT” is not a “MUST NOT” (in the text below), b) my “rant” might have some merit, and c) short and terse is nice (per your next comment).
>

I suggest you think over it and pick whatever you think seems to be a
good solution. ;-)

> > - Is the feature truststore-supported really needed? Does the YANG
> >  library not already provide the information whether a module has
> >  been implemented or just imported to access type and grouping
> >  definitions?
> 
> This was discussed before.  The bottom of Section 2.1.4 says: "The reason for why the "truststore-grouping" exists separate from the protocol-accessible nodes definition is to enable instances of the truststore to be instantiated in other locations, as may be needed or desired by some modules.”.  Case in point, the MacOS “Keychain Access” utility maintains both system-level and user-level trust anchors.  [UPDATE: you had a similar comment in the keystore draft, which you self-resolved there and then said to ignore this comment.  Just the same, let’s ensure the drafts are clear.]

This explanation gives a reason why there are groupings. My question
concerned the feature truststore-supported. Is the YANG library not
already providing the information whether a module has been
implemented or only used for getting access to definitions? In RFC
8525, you have a list of modules implemented and a list of modules
used for import only. My question is does feature truststore-supported
mean the same as the module shows up in the implemented module set in
the YANG library?

> > - Does it make sense to be explicit about the fact that the cert/key
> >  references are all weak references in the sense that they can exist
> >  without the corresponding cert/key being present? In other words, in
> >  order to safely delete a cert/key, one would have to check that
> >  there are no dangling references left (which is difficult in case
> >  references are scattered over multiple (proprietary) data models).
> >  For YANG savvy people this may be obvious since there is no
> >  require-instance statement in the leafref type definition but not
> >  every implementer may recall this - and it would be good to document
> >  that using weak references was an explicit design decision and not
> >  an oversight.
> 
> Correct, there are no "require-instance” statements, but the "require-instance” statement defaults to “true”.  Do you mean the text should be explicit that strong references are enforced?

Oops, my understanding of YANG is aging. Since referential integrity
is required to be valid, nothing needs to be said I think. Ignore my
comment.

I have looked through the diffs, looked all good to me.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>