[netconf] Today's update to client-server drafts

Kent Watsen <kent+ietf@watsen.net> Wed, 20 May 2020 21:30 UTC

Return-Path: <0100017233fe7ff7-8e22b4b1-aa03-4c8e-bf9d-fdbc7d3e41fd-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A68DC3A00D5 for <netconf@ietfa.amsl.com>; Wed, 20 May 2020 14:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BeQCfqAy798q for <netconf@ietfa.amsl.com>; Wed, 20 May 2020 14:30:18 -0700 (PDT)
Received: from a48-90.smtp-out.amazonses.com (a48-90.smtp-out.amazonses.com [54.240.48.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCC1B3A00D2 for <netconf@ietf.org>; Wed, 20 May 2020 14:30:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1590010216; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Message-Id:Date:To:Feedback-ID; bh=YFz17zzAFiiGJ34gTApGgdApbrj8WQPjEwKTWDDbl0Q=; b=Gxq9gkXpi71VCeBlTlOjBnVTIQGBQOxURoSeqfOeQg0YsUNqjJ9hNRtjhaEh/V4o v/P1VWpe+Fz+VJYJtSBY4vywJCurZ8NEBcYPb+cDKl7pajmswc4kqIHhwVh4o86M38Q AQS5lMvKdJCKX7imzgdMDwG6GiksIENMHcU6ScXw=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-ID: <0100017233fe7ff7-8e22b4b1-aa03-4c8e-bf9d-fdbc7d3e41fd-000000@email.amazonses.com>
Date: Wed, 20 May 2020 21:30:16 +0000
To: "netconf@ietf.org" <netconf@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2020.05.20-54.240.48.90
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/l8i2Vf_uzCc3MsZ1YuLKxGLPBHs>
Subject: [netconf] Today's update to client-server drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 21:30:20 -0000

The entire suite of drafts were updated today.
The first three drafts are ready for WGLC.
All of the other drafts are almost ready for WGLC.
Below is the Change Log entry for each draft.

K.


For all drafts:

   o  Added a "Note to Reviewers" note to first page.


For crypto-types:

   o  Removed the IANA-maintained registries for symmetric, asymmetric,
       and hash algorithms.

   o  Removed the "generate-symmetric-key" and "generate-asymmetric-key"
       RPCs.

   o  Removed the "algorithm" node in the various symmetric and
       asymmetric key groupings.

   o  Added 'typedef csr' and 'feature certificate-signing-request-
      generation'.

   o  Refined a usage of "end-entity-cert-grouping" to make the "cert"
       node mandatory true.


For trust-anchors:

   o  Removed "algorithm" node from examples.

   o  Removed the no longer used statements supporting the old "ssh-
       public-key" and "raw-public-key" nodes.


For keystore:

   o  Removed augments to the "generate-symmetric-key" and "generate-
       asymmetric-key" groupings.

   o  Removed "generate-symmetric-key" and "generate-asymmetric-key"
       examples.

   o  Removed the "algorithm" nodes from remaining examples.

   o  Renamed/updated the "Support for Built-in Keys" section.

   o  Added new section "Encrypting Keys in Configuration".


For tcp-client-server:

   o  Removed commented out "grouping tcp-system-grouping" statement
       kept for reviewers.


For ssh-client-server:

   o  Updated the "keepalives" containers to address Michal Vasko's
       request to align with RFC 8071

   o  Removed algorithm-mapping tables from the "SSH Common Model"
       section

   o  Removed 'algorithm' node from examples.

   o  Added feature "client-identity-publickey"

   o  Removed "choice auth-type", as auth-types aren't exclusive.

   o  Renamed both "client-certs" and "server-certs" to "ee-certs"

   o  Switch "must" to assert the public-key-format is "subject-public-
       key-info-format" when certificates are used.


For tls-client-server:

   o  Updated the "keepalives" containers in part to address Michal
       Vasko's request to align with RFC 8071 and in part to better align to RFC 6520

   o  Removed algorithm-mapping tables from the "TLS Common Model"
       section

   o  Removed the 'algorithm' node from the examples.

   o  Renamed both "client-certs" and "server-certs" to "ee-certs"


For http-client-server:

   o  Removed "protocol-versions" from ietf-http-server based on HTTP WG
       feedback.

   o  Slightly restructured the "proxy-server" definition in ietf-http-
       client.

   o  Added http-client example show proxy server use.


For netconf-client-server:

   o  Updated examples to remove the 'algorithm' nodes.

   o  Updated examples to reflect the new TLS keepalives structure.

   o  Added keepalives to the tcp-client-parameters section in the
       netconf-server SSH-based call-home example.

   o  Added a TLS-based call-home example to the netconf-client example.


For restonf-client-server:

   o  Updated examples to remove the 'algorithm' nodes.

   o  Updated examples to reflect the new TLS keepalives structure.

   o  Removed the 'protocol-versions' node from the restconf-server
       examples.