Re: [netconf] Comment on typedef 'public-key-ref' of draft-ietf-netconf-trust-anchors-21
mohamed.boucadair@orange.com Wed, 13 December 2023 10:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F831C14F618; Wed, 13 Dec 2023 02:06:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-XnPAq1g42j; Wed, 13 Dec 2023 02:06:36 -0800 (PST)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.126.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9579DC14F610; Wed, 13 Dec 2023 02:06:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1702461996; x=1733997996; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=yZluUyFHBEvoDc5pLXZ4bbHpyaXmztT8G25MDbz3Mxk=; b=aZrbgbMCeftNL4t643RMvm3GLpJQymELDeke5e8bhAgJwo3x49kiBFQP QOwxurw95vqlYhuQkWfWrftYGMKa7erw/ymxfPThbJr9zibT3aaSIENbx OfhgRxj73icMLhDbQQwk1wxfj1NtlT1ubV0rovsWm0gWAJMc5tGo1d41H S2PX8A2veMJakoZZbZSjymKozPB2hog2pMhjGojY6lc/xJqGB23OfFbd1 cE7LRyvzkMwmk+vBL4xtKSJXNlW7/oOXLEoI/eJxelxPq4QdiATCPCHu8 21f/8Y1/DMthV/J4wIgduQtBDTq7hxJLSgRJKQn5D02XQgVcDX95dKkWS g==;
Received: from unknown (HELO opfedv3rlp0a.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2023 11:06:33 +0100
Received: from unknown (HELO opzinddimail4.si.francetelecom.fr) ([x.x.x.x]) by opfedv3rlp0a.nor.fr.ftgroup with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2023 11:06:34 +0100
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with SMTP id 4DCDABC183DE; Wed, 13 Dec 2023 11:06:33 +0100 (CET)
Received: from opzinddimail4.si.francetelecom.fr (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id 42210BC18E18; Wed, 13 Dec 2023 11:01:29 +0100 (CET)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail4.si.francetelecom.fr (Postfix) with ESMTPS; Wed, 13 Dec 2023 11:01:29 +0100 (CET)
Received: from mail-db3eur04lp2050.outbound.protection.outlook.com (HELO EUR04-DB3-obe.outbound.protection.outlook.com) ([104.47.12.50]) by smtp-out365.orange.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2023 11:01:28 +0100
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com (2603:10a6:10:49b::6) by DB9PR02MB9972.eurprd02.prod.outlook.com (2603:10a6:10:460::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.32; Wed, 13 Dec 2023 10:01:27 +0000
Received: from DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::27b4:adc2:3e72:3702]) by DU2PR02MB10160.eurprd02.prod.outlook.com ([fe80::27b4:adc2:3e72:3702%4]) with mapi id 15.20.7068.025; Wed, 13 Dec 2023 10:01:27 +0000
From: mohamed.boucadair@orange.com
X-TM-AS-ERS: 10.106.160.156-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
Authentication-Results: smtp-out365.orange.com; dkim=none (message not signed) header.i=none; spf=Fail smtp.mailfrom=mohamed.boucadair@orange.com; spf=Pass smtp.helo=postmaster@EUR04-DB3-obe.outbound.protection.outlook.com
Received-SPF: Fail (smtp-in365b.orange.com: domain of mohamed.boucadair@orange.com does not designate 104.47.12.50 as permitted sender) identity=mailfrom; client-ip=104.47.12.50; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="mohamed.boucadair@orange.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 include:spfa.orange.com include:spfb.orange.com include:spfc.orange.com include:spfd.orange.com include:spfe.orange.com include:spff.orange.com include:spf6a.orange.com include:spffed-ip.orange.com include:spffed-mm.orange.com -all"
Received-SPF: Pass (smtp-in365b.orange.com: domain of postmaster@EUR04-DB3-obe.outbound.protection.outlook.com designates 104.47.12.50 as permitted sender) identity=helo; client-ip=104.47.12.50; receiver=smtp-in365b.orange.com; envelope-from="mohamed.boucadair@orange.com"; x-sender="postmaster@EUR04-DB3-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
IronPort-Data: A9a23:lLPoYaoond+OWg6m1W4EUvxjt+deBmItYhIvgKrLsJaIsI4StFCzt garIBmDaf7eMTejfdl+Od/lp0NTu8CBmtZnSwpo+ylmRChD9pacVYWSI3mrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefSAOOU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCmthg /uqyyHkEAHjg2Ic3l48sfrZ80o15a+q4Vv0g3RlDRx1lA6H/5UqJMJHTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiGtY+DyDX4pZlc/HKbix5m8AH+v1T2Mzwy6tgo27hc9hZk L2hvHErIOsjFvWkdO81C3G0H8ziVEFL0OevHJSxjSCc50iBdWnwkutNN2INNpEEodktXmMNx cVNfVjhbjjb7w636J+GcLEww+gJd4zsNo5ZvWx8xzbEC/pgWYrEX6jB+d5f2nE3m9xKGvHdI cEebFKDbjyZO0EJZghRUch4wb/AanrXK1W0rHqQoqo+5mXfigZ2zbPkPNPUYPSNX8xTkUver WXDl4j8KkhLbIzClmramp6qruDss32je5A1L4KH2/RznHaa4zZDIiRDADNXptHi0RTiBLqzM Xc8+Csoorgv/UrtSJ/vXxS+r1aLuxcdX5xbFOhSwAKAzLaX4guFCEAbRyJaZdpgssIqLRQmz FaHg5boCCBh9buYVXma8LnRsSmvIjRQJGkJZSgeViME7sXt5oYpgXrnSNt/G6mzgPX0FC3+h TeQo0AWjrEPiuYK2rm1u1fdjFqRSoPhSwc04kDbVDmo8xkhOIq9PdT1sR7c8OpKK5ufQh+Zp n8YlsOC7ecIS5aQiCiKR+ZLF7asjxqYDNHCqVsoGYs9piqOwF2YdpxMuw4ke0UqAv9RLFcFf 3TvkQ9W4ZZSOl6jYql2f5+9BqwWIU7IRI2Nuhf8P4ImX3RhSDJr6h2Ccmax8gjQfKUElKg+P dKXe52hEGxCVaB/lmLrH6EazKMhwT04ySXLX5fnwh+70L2YInmIVbMCN1jIZec8hE9lnOk32 4cGXydp40wEOAEbXsUx2dFKRbztBSdjba0aU+QNKoa+zvNOQQnN8cP5z7I7YJBClK9IjOrO9 XzVchYHkACj3SCXdl/SNywLhFbTsXBX/CtT0csEbA7A5pTfSdrztPp3m2YfIed4qLczla4co wctIJjdU6UUItg4x9jtRcKm9tA9HPharQePNDCiez8xY9ZrQBbRkuIIjSO+nBTi+hGf7JNky 5X5jl2zacNaG2xKUpyKANrxlAnZlSZGx4pPs77geYQ7lLPEq9QxdEQcT5Yff6kxFPk07mrDh 17GUU9H+IEgYeYdqbH0uExNlK/xe8MWI6aQNzCzAWqeXcUbwoai/WOEeMu1R2iBEU/eo+Clb +gTyOzgOvoamloMq5B7D7tg0aM54Z3ouqNeyQNnWn7MajxHz5t+d2Ke05AnWrJln9dkVcmeA ipjOeW2/Z2OIsrjH1NXLw0gBghG/e9BgSHctJzZP22mjBJKEGK7bHhv
IronPort-HdrOrdr: A9a23:ibbw06pQT96DxX2FMiewLjQaV5oYeYIsimQD101hICG9JPbo7v xG/c5rsCMd6l4qMk3I/OrsBEDuex/hHPJOjrX5Xo3SPjUO2lHJEGg41/qF/9SIIUSXndK1s5 0PT0EUMqySMbEVt6fHCKbTKadZ/DEqmprY4ds3bh1WPGZXV50=
X-Talos-CUID: 9a23:AxIuGGj8rnCpvK6OW9o+tusWGzJudzrb3muBPWyDKl1iVKHOdgXP+uBUqp87
X-Talos-MUID: 9a23:d6kgiA6KbQojuj6jSg4Mlh2LxoxnwIrwUGMftq45hOSOLDBbMhLH3B6OF9o=
X-IronPort-AV: E=Sophos;i="6.04,272,1695679200"; d="scan'208,217";a="19085787"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QvOCiC1aQ6p7VKtbtv675XJJCAAyI87x1jBNkZlmSAOdrluk9qf1b/WLcdylvMX0QWiHgSq5AoOOaalYjOL9ptr1bVGLbyH1NcRJMzoG9lBkyLtOGiCgTJvcUGnp8dyREoOO+UsvezMT0Smfb+IuMyZn+lvS5sCC3elr+1/EFumjVehSiJOCB169rfU9O+FD0NFOLAg1CGtn5NBoghWvd/PCTAri8+FGaFUdUy1Y+0ilPXY2yD2PmiaTrfiHUKVSmORyC6p7AksrNDydAdRr9OgzHPcZO2uBz3n+fvIvzL5jfVkZpgsb73V5xmHcV68OI0YxpCV20gU1vjCjTMSn8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s0MXrCFBSXnLwAvo4P5a0AkM+NjISwvcKotHY5LElgg=; b=MecVanQVavzt0Ublp/YuLt1fOQaQ7UQaa4QH4VW1Y3pIiWLV6MALp3Ox2JiYJqGIlDd//Gd7/duQgKyivbqwuESVhekyEWHY0K9l3P4KPXDxzeh6ApNDOiV9ELtfk95W7z0kqOaSegL5Jz0BxMX79J5AJNYkKsvvczM7/GYzI8JzVWqPyWOS49z6JKboOXYuYbgKj2wOmD1pgU95CGlsJWZS+6akoc6ORtc8VyhtZ/SyQ9FJblLNRLM+JWoG/aMqZBrnYxj8svAbEXh2n0miL7eMEPcnnkF2jbbFGUUvmv3N1V+Aue5CAoGv1UnvuldhCy0y/+RKL2URjrkaG+h8Sg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: Jensen Zhang <jingxuan.n.zhang@gmail.com>, Kent Watsen <kent+ietf@watsen.net>
CC: "draft-ietf-netconf-trust-anchors@ietf.org" <draft-ietf-netconf-trust-anchors@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, IETF ALTO <alto@ietf.org>
Thread-Topic: [netconf] Comment on typedef 'public-key-ref' of draft-ietf-netconf-trust-anchors-21
Thread-Index: AQHaLSo+DI4RxCXDv02acSnMjzIIkbCmfwUAgAB1+/A=
Date: Wed, 13 Dec 2023 10:01:27 +0000
Message-ID: <DU2PR02MB10160255E0E6E098C055DA972888DA@DU2PR02MB10160.eurprd02.prod.outlook.com>
References: <CAAbpuypYpm863NC3ka6LvEJMBEarpSguQKdHNs7EiooSWNsXcA@mail.gmail.com> <0100018c5f5160d6-5b04359a-1517-4563-a9ab-42ee29b41a2e-000000@email.amazonses.com> <CAAbpuyqiscNH+m4M3=5z_3KcinjdhYeSS=xf0PcH0w-wtWxYkw@mail.gmail.com>
In-Reply-To: <CAAbpuyqiscNH+m4M3=5z_3KcinjdhYeSS=xf0PcH0w-wtWxYkw@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=18625fe4-54e8-48e4-bbc2-a96e9321c5b4; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2023-12-13T09:47:31Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true; MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU2PR02MB10160:EE_|DB9PR02MB9972:EE_
x-ms-office365-filtering-correlation-id: fbda738d-ddba-4cd7-3d2e-08dbfbc278c9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: apJ3NMDXZ7WgWvTW+wG8vuWpj2ADkaRHqg5lWdROasAp/hECGDhn6WqURItvS+4NRix29LenLSxC4JMx4sfxR6zQ+vfCpqoaUYGAj7OaC0rztqasL9Vu2qFZXzF7OduQ/lsvyG7QX8CfjbSC2+8lXU7CtSBlGeYTgktsc52NZbLyfLia8NClAJr7eAytvAtAe6PyizbodJ+v997S5lNsGHBRZ+PVoqw4q2L9+Mbu6G8/h+u9B4peJ0m2wwLiWdiuUNXUFAbxkyrxzZrEWZVTrCY5GSxIQlbitiGtq9Y+e8fuyQ7KrUuQ74ODPt4m61gjPAO0xNmp2HCoKTF7RjAUfIZPOBPA9aexYTul9LJE21Ml90O3XDDlzugtY0zqI3C+Bxpu/1QpWFklesoIZlzoz6yce3y/xpFhg0xfcS6b5SP0fONweMrmMXJwG1zu7tOMdMBh4jGU+939mXHnIfssHUEW/zcdnalepcqkUFOH2Mht6p0qgSlSHuTSIG/WiYkaEZz1qBsbTXwU6DdnvPzF7BPwi+7/zZMi7+hva6sbjIXGJ7NsIz1UpAgoM60b7j9BV9SldwovzTUnnGXEfbaD7KnhhuimFXK61PJiZUkbiHw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR02MB10160.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(39860400002)(396003)(136003)(346002)(84040400005)(230922051799003)(64100799003)(1800799012)(186009)(451199024)(38070700009)(66574015)(26005)(41300700001)(53546011)(7696005)(71200400001)(9686003)(6506007)(83380400001)(5660300002)(2906002)(4326008)(478600001)(52536014)(66946007)(66476007)(966005)(8936002)(8676002)(64756008)(110136005)(54906003)(76116006)(316002)(66556008)(66446008)(122000001)(33656002)(38100700002)(166002)(86362001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1FtQVffT1QRfzpXbzbA7IlPLxAG3Y5hIDXtMCW9IGDl14KpYNiPyUIJxErFmTUfaYOTg6Xc0eHycAmbn/JrU1991iZY8d25z2jbFOW/feiFfrgF9CgbmafI//leNAoLq5/DrsQFFKLj0+j8KGgdrkZVS/bez++s37SJBlw5RNMjhRLyd4zba7GkziBDlV6ay4GE+BdiZ9AVHTlIIKgvhTJi/jpAikgVOKDaviz6X79Xh0joOJnBXnQyoo2PPz5sOw6JRNzmMCOB6AMml8wbKUd4mD7H/WROcNc+3XqA26OmmaHmdsok38nk6p7pdlj94rju/vFKqhmaYaVYJu59IwvSrTajmGVUyqeLxCS39bW0ybw7sIQ7m+iU/9FJ8Fw2SwD8IAfLlNkw5xR+BH91S0uwT5xSgze3L8O6oXD+YkbC0tFs2SKn1xoHHjlsYv4lhxCIfQm9ItTA1GqkBXLrTJ997yhK4GKuC8SJYZ2lgcJ+SmuQeADNJKRzNEqlULCw2E3SWgKhxb7saBowhNxN/bkyoNH+PHJlvybzNh5+Gk04GRNjlz/97Be7W8eW/snerDIFDW7aUY3Mh8h9DxQpEgFqQtkz5f/PpXRr7vsZdZs1JszyAzWQBGT39qSqxwOSqMC+bvc3wReIGjN2M6Qa8FI8LT1JkX3O5mH7rjk3hq+qtnFfRrovU0YWpcwzKcK6XJX5EmqiytNs/jjleRqtz9MXbCqep7Lnsv8Xi3eGaSPyKT0H9OT8/hcQQ9LFhvBtIpwhPT/axy3MDTpha7IO/7uRSKzsbPS0ufwKKoMwd9PWe+/HslGreWE741jGjx+AlexaaIEhBUuBJ89tzbI3PGNLNNdWDzkWGP9v3fOVP8Qmg1XulB5eq2w15J5d30v2eagzAMr59zDYe5rZtdJd9RGBGjG64CoHBX2xYwmmFSXQAo3I35E6/k8YdveFMTZ3PhUDRJ1cIrsH5agX5S2cQkxDlLaOcrN3C7j4XevxXD0WCK0AQX7wv9GaECumtYjBUkVVEvKK3Lp8Sv+FCg/JgN5niIP/8kcOtd9t2f+7YOzXqrujcU7h4y2FuSqFtCH8WS944atDuAOO0ZovBb3JCB378frnfs4jwCfVy89Nz8+CgltIxmh8UzI8OTJW0pXctLWjTiiG2E8ebmYRgOfHa/784xJdDiIfahXnCxGZyTQXxw02Fy+KSbQIWEEfzGnwCN/pQ18I4xtYJSwrOZyO7PjV/4GqbsGZSdnL55cB60F00d2fZZ6PHgNVzy5oT7r20Sb6WhJPzMvEahRZCFAWTPg8pgiXwuawES/B4r2e/qctowKMmGUB0eAY7Fm1W8no18bLiaQc+gtkNr231gD1JAFTnPdWDGziGp+Ugsho1OcWE/ZzjSfFWtAsj3VWWynVYL5DsjySw69yGha/ndFmQoWjYPcv7F10C7na/aNhGqXB8uswjE0/+Qw+O8vmMlOKldkjYgE0K63mNCi1MPAMKW6/6n7koE6vPdaK/3gO3qdWnyY3ubD+VXPqc+gC2d9+STcQrsQanaBQQZDUSuyg24QPyZoloDYZEUPkUSZBaMEKdqXCb01y/geT1Xg3zC1fChFW9AlDBciVz55hmozLkOg==
Content-Type: multipart/alternative; boundary="_000_DU2PR02MB10160255E0E6E098C055DA972888DADU2PR02MB10160eu_"
MIME-Version: 1.0
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU2PR02MB10160.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fbda738d-ddba-4cd7-3d2e-08dbfbc278c9
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2023 10:01:27.1224 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Qtvicv+SjlQkKXJT+05e4VDSr5HcWMC5Ucb5SWYl6CvLFvsGZ5i6OJeLoW9kaB+L2i2owaW0H8ksN0SY1RFzNG3fy30KRStxw8QG35Ha3DY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB9972
X-TM-AS-ERS: 10.106.160.156-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.0.1002-28054.006
X-TMASE-Result: 10--38.657800-10.000000
X-TMASE-MatchedRID: 0FbuSxFHrmkQ32W1L7j1f5lbG0HPEaFBCtzGvPCy/m4L//VMxXlyE1/8 lGqVstJXHGmALPPxetdyO+u7bFBJLcV7aFLwD4J7YilpKq/7JXfrCzoWXDcUYhniLo7qSg5vqfi noyxFzrfCKychs7yHQxlICDdzK5B7+e+CJ0+CjnCtZ3qbNS3vAaZVv5lkk9Y9frTt+hmA5bJOha GUVCnS5AwfBYyGYzpWF8NKa4AxCmBhy4N4ECRtTV5Saok1/fZCrAAr3VwJKJeCJKEqkH7OTeQyd RUvl3QTDBsHp9ZCSqwYmbFYWrixJ9Uf8/gZ0Wa4EuYl3YX/IW4qy6shOlK/4xhH6ApagZfO7VQE PYPezjKU62zvc1DloyHNZbrVyt5YPfRUVBjvSwsorloDfMP7y9yd/Ok1CeG8h0fzKa5AlhMR34r o7k23nW8GLH2U1HrNHIBAyAOCKMaRlo1QWxTtF3YfYGKLPeytr7+qhZS/khnX4KnRCDcFnv7spk gIRsSyQ0rE18rDtKLakblnXNsPhIPbw023vELIAErDB4bSMgVwKlYjOzXY1evFkOeR1lmBKV4Gm oKj60gwhBahsGBBJJTA8ZDJ48J2/ZPxQQwIKaiU4ete/ETR9BO7C3UVWhpn31asM/gsp2mdKA+S 8N206BKkpg8dQmdKV6FnwkMygZcf1AdLUyG7nW0Xr+fj3ww/UgKYbZFF6Gi87rU89eLPKZnB2qz M3UOUxOv8bbijtGuqNuoozuAP+QXw7c+gymvCpd9eRR8QtJXDwzxYvNXdQK7tzl8n4dIAxuio8D r7zyROBQo6IPXuUtl9DHcHloy4U9IBYcMFyd0j5/iH9rzNmX11ZumDuRp7fS0Ip2eEHny8eR0+G c2mPyE95pUwcexM4wnhOb+JR+TqChA6lSRJvtLvsKjhs0lda9+JVKonO7dFBb+8aiSF0FwdeEkb aghz33fj+sMArfMaMUyeC0staEkVAPr0TXS8
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
X-TMASE-XGENCLOUD: 127ca5ae-ee90-4f15-bd92-8b5331cbac75-0-0-200-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/jlADNV9U8BmXIdxMD3tN6DlJrPY>
Subject: Re: [netconf] Comment on typedef 'public-key-ref' of draft-ietf-netconf-trust-anchors-21
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2023 10:06:41 -0000
Hi all, Kent, fwiw the alto draft was already in the IESG review and that a new version is expected to come address the IETG review. On the specific point about moving some items to draft-ietf-netconf-trust-anchor, this will introduce a direct normative dependency to draft-ietf-netconf-trust-anchor, which was indirect via draft-ietf-netconf-tls-client-server. Having direct or indirect dependency won’t change the fact that the ALTO spec will be waiting in seems to be a large cluster for draft-ietf-netconf-trust-anchor, but this will require some effort to track whether changes to the groupings in draft-ietf-netconf-trust-anchor do not have implication on the ALTO spec. Cheers, Med (ALTO OAM doc Shepherd) De : netconf <netconf-bounces@ietf.org> De la part de Jensen Zhang Envoyé : mercredi 13 décembre 2023 03:33 À : Kent Watsen <kent+ietf@watsen.net> Cc : draft-ietf-netconf-trust-anchors@ietf.org; netconf@ietf.org; IETF ALTO <alto@ietf.org> Objet : Re: [netconf] Comment on typedef 'public-key-ref' of draft-ietf-netconf-trust-anchors-21 Hi Kent, Thanks for your quick response. Maybe I did not make it clear. I am just pointing out a very simple specific issue in the current 'ietf-truststore' module, which is that the typedef 'public-key-ref' cannot be used by another module. The reason is very simple: Based on the description, if module A wants to use this typedef to reference a public key in the central trust store, it is supposed to provide another sibling leaf node called 'public-key-bag' that has the typedef 'public-key-bag-ref', so that the public-key-ref can use the relative path '[ts:name = current()/../ts:public-key-bag]' to locate in which public-key-bag the referenced public key should be. However, in this relative path, 'public-key-bag' is prefixed by 'ts', it cannot reference the sibling leaf node 'public-key-bag' defined in module A correctly. The fix should also be very simple: Just remove the prefix of the 'public-key-bag', i.e., OLD: + "[ts:name = current()/../ts:public-key-bag]/" NEW: + "[ts:name = current()/../public-key-bag]/" You mentioned that the 'ietf-restconf-server' module also uses the 'ietf-truststore' module. But does it use the typedef 'public-key-ref' anywhere? I don't find any other module that uses the current typedef 'public-key-ref'. Do you have such a successful example? About your other feedback, please see my responses inline :) Thanks, Jensen On Wed, Dec 13, 2023 at 2:36 AM Kent Watsen <kent+ietf@watsen.net<mailto:kent%2Bietf@watsen.net>> wrote: Hi Jensen, On Dec 12, 2023, at 7:47 AM, Jensen Zhang <jingxuan.n.zhang@gmail.com<mailto:jingxuan.n.zhang@gmail.com>> wrote: Hi authors, I am one of the authors of the draft-ietf-alto-oam-yang draft. Our draft is trying to reuse some groupings and typedefs in this document to support some TLS authentication features. But we find the current typedef 'public-key-ref' cannot be used by another module. To be more concrete, in the current document, the path of the typedef 'public-key-ref' enforces a prefix of the relative path to the sibling 'public-key-bag' leaf: typedef public-key-ref { type leafref { path "/ts:truststore/ts:public-key-bags/ts:public-key-bag" + "[ts:name = current()/../ts:public-key-bag]/" + "ts:public-key/ts:name"; } ... } From my understanding, this typedef is for other modules to reference a public key in the trust store. The sibling 'public-key-bag' leaf should be in the same module of the leaf using this typedef, instead of the module 'ts'. To make this typedef usable, I believe it should look like the following: typedef public-key-ref { type leafref { path "/ts:truststore/ts:public-key-bags/ts:public-key-bag" + "[ts:name = current()/../public-key-bag]/" + "ts:public-key/ts:name"; } ... } Otherwise, we have to define another typedef in our own module like this: https://github.com/ietf-wg-alto/draft-ietf-alto-oam-yang/blob/284d2e630cec00f752ea94f586469797786c6f57/yang/ietf-alto.yang#L612-L628 This is my first time looking at Alto. It may take me a little to fully grok what’s going on. Please let me know if you think a call would be helpful. Looking at the linked YANG module, I see that it looks very much like the "ietf-restconf-server" module’s grouping "restconf-server-listen-stack-grouping”, which is fine. I take it that Alto is okay referencing the central truststore (not defining its own instances of "truststore-grouping") as well as supporting inlined definitions. I do not see the Alto module augmenting the centralized truststore and, in general, it seems to behave just like the ietf-restconf-server module, though I’m sure I’m missing something ;) What I don’t understand is why what seems to work in ietf-restconf-server doesn’t work in ietf-alto. Can you help me understand? Separately, did ALTO WG ever consider renaming to “ietf-alto-server”? Would there be value to extending that convention for consistency? The module 'ietf-alto' provides both server and client configurations. I guess you are suggesting to separate them into two modules. It may not be necessary unless somebody has a strong opinion on this. But still thanks for your comment. One last thought, I notice that ietf-alto defines a number of typedefs that seem generic enough to move to ietf-truststore. Is this thought yours as well? Good point. The reason why ietf-alto defines those typedefs and groupings is that we don't find the reusable typedefs and groupings in another module. It definitely will be great if ietf-truststore can provide some of them. Specifically, I believe the typedef 'public-key-ref' and grouping 'truststore-public-key-ref' can be moved to ietf-truststore. But for the typedefs and groupings related to the inline certificates, I have no idea how to make them generic properly. Because the inline certificates defined by the 'inline-or-truststore-certs-grouping' grouping will have different absolute paths when it is used in different modules. Thanks, Jensen Kent // author ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [netconf] Comment on typedef 'public-key-ref' of … Jensen Zhang
- Re: [netconf] Comment on typedef 'public-key-ref'… Kent Watsen
- Re: [netconf] Comment on typedef 'public-key-ref'… Jensen Zhang
- Re: [netconf] Comment on typedef 'public-key-ref'… mohamed.boucadair
- Re: [netconf] Comment on typedef 'public-key-ref'… Martin Björklund
- Re: [netconf] Comment on typedef 'public-key-ref'… Kent Watsen