IETF Logo Mail Archive

Re: [netconf] [Last-Call] Genart last call review of draft-ietf-netconf-crypto-types-28

Kent Watsen <kent@watsen.net> Fri, 26 January 2024 23:29 UTC

Return-Path: <0100018d481b5a8f-7e488118-1b15-4b0f-87bc-523272fbf672-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DB1C14CE39; Fri, 26 Jan 2024 15:29:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pV2on2es-aV9; Fri, 26 Jan 2024 15:29:36 -0800 (PST)
Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29F88C14F705; Fri, 26 Jan 2024 15:29:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1706311768; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=qk00m1yhbaL0YgpnaHsNn3NCYKmP0XU586dNt5oeFOg=; b=LIir3EK7fu2qDqRvdB75bSH5vEXkbAZgHOP1bR9Rmbb9hoBatzO4J6QJGQoWfkbV CsQE9Q58jlCnhdzStZbgQK7QbRJbC9GJvpVeCRL62PFyolFH+oEuGFzViwRFwMkF0ag PG3qq2UQHzDcS4lI0oiaW2rQzxL1/W4buCdu1dmU=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Kent Watsen <kent@watsen.net>
In-Reply-To: <5E3EADC9-556B-425D-B5C1-69A7978B2E4B@akamai.com>
Date: Fri, 26 Jan 2024 23:29:28 +0000
Cc: "draft-ietf-netconf-crypto-types.all@ietf.org" <draft-ietf-netconf-crypto-types.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID: <0100018d481b5a8f-7e488118-1b15-4b0f-87bc-523272fbf672-000000@email.amazonses.com>
References: <170593840890.54102.14012506624636913765@ietfa.amsl.com> <5E3EADC9-556B-425D-B5C1-69A7978B2E4B@akamai.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2024.01.26-54.240.8.31
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/mdoGkFw_xnBQc0A-GzjbQSCd8F8>
Subject: Re: [netconf] [Last-Call] Genart last call review of draft-ietf-netconf-crypto-types-28
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2024 23:29:40 -0000

Thanks Rich!  

Your help before was hugely instrumental to getting us here  :)

K.


> On Jan 22, 2024, at 10:49 AM, Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
> 
> Seems the Netconf Crypto stuff is almost out the door.
> 
> Congrats!
> 
> On 1/22/24, 10:47 AM, "last-call on behalf of Dale Worley via Datatracker" <last-call-bounces@ietf.org <mailto:last-call-bounces@ietf.org> on behalf of noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
> 
> 
> Reviewer: Dale Worley
> Review result: Ready with Nits
> 
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please treat these comments just
> like any other last call comments.
> 
> 
> For more information, please see the FAQ at
> 
> 
> <https://urldefense.com/v3/__https://trac.ietf.org/trac/gen/wiki/GenArtfaq__;!!GjvTz_vk!WP1AIKvopR5fAdu49leEn5l7T1tMA_QG7ZaNEffIBzhPf06pDJ1-Cn9DM1WCQcq3yAUrgUv7BWgy$ <https://urldefense.com/v3/__https://trac.ietf.org/trac/gen/wiki/GenArtfaq__;!!GjvTz_vk!WP1AIKvopR5fAdu49leEn5l7T1tMA_QG7ZaNEffIBzhPf06pDJ1-Cn9DM1WCQcq3yAUrgUv7BWgy$> >.
> 
> 
> Document: review-draft-ietf-netconf-crypto-types-28
> Reviewer: Dale R. Worley
> Review Date: 2024-01-22
> IETF LC End Date: 2024-01-24
> IESG Telechat date: [not known]
> 
> 
> Summary:
> 
> 
> This draft is basically ready for publication, but has nits that
> should be fixed before publication.
> 
> 
> Nits/editorial comments:
> 
> 
> Editorial Note (To be removed by RFC Editor)
> 
> 
> Tree-diagrams in this draft may use the '/' line-folding mode defined
> in RFC 8792. However, nicer-to-the-eye is when the '//' line-folding
> mode is used. The AD suggested suggested putting a request here for
> the RFC Editor to help convert "ugly" '/' folded examples to use the
> '//' folding mode. "Help convert" may be interpreted as, identify
> what looks ugly and ask the authors to make the adjustment.
> 
> 
> Throughout this paragraph, slash '/' should be replaced by backslash
> '\'.
> 
> 
> 1.1. Relation to other RFCs
> 
> 
> The dependency relationship between the primary YANG groupings
> defined in the various RFCs is presented in the below diagram.
> 
> 
> Perhaps there is a convention that I am not aware of, but when I see
> in the figure e.g.
> 
> 
> crypto-types
> ^ ^
> / \
> / \
> truststore keystore
> 
> 
> does that mean that crypto-types contains a reference to truststore,
> or does it mean that truststore contains a reference to crypto-types?
> The usual convention is that arrows point from referencer to
> referenced, but also the usual convention is that the referenced thing
> is written physically below the referencer. Perhaps add an
> explanatory sentence.
> 
> 
> Table 1: Label to RFC Mapping
> 
> 
> In -28, this caption appears visually to be the caption of both the
> dependency diagram at the top of page 5 and the label-to-RFC mapping
> table at the bottom of page 5, and so probably should be amended to
> describe both of them together.
> 
> 
> 1.4. Conventions
> 
> 
> Various examples used in this document use a placeholder value for
> binary data that has been base64 encoded (e.g., "BASE64VALUE=").
> 
> 
> This would be clearer if it stated directly that the (only)
> placeholder value used is "BASE64VALUE=". Perhaps
> 
> 
> Various examples in this document use "BASE64VALUE=" as a
> placeholder value for (usually binary) data has has been base64
> encoded.
> 
> 
> 2.1.2. Identities
> 
> 
> +-- csr-format
> +-- p10-csr-format {p10-csr-format?}
> 
> 
> This construct ends with "?}", whereas a number of other constructs
> end with "}?". Are all of these correct?
> 
> 
> 2.1.3. Typedefs
> 
> 
> * Additionally, all the typedefs define a type for encoding an ASN.1
> [ITU.X680.2021] structure using DER [ITU.X690.2021].
> 
> 
> It seems like it would be useful to have a typedef "asn-1-der" that
> extends "binary", to be used specifically for DER-encoded ASN.1 data,
> and which in turn is extended here. E.g.
> 
> 
> binary
> +-- asn-1-der
> +-- csr-info
> +-- csr
> +-- x509
> | +-- trust-anchor-cert-x509
> ...
> 
> 
> Unfortunately, what would make such an extended type valuable is that
> DER-encoded ASH.1 strings are used in a number of RFCs, which means
> that this document might not be the best place to introduce such an
> extended type.
> 
> 
> 2.3. YANG Module
> 
> 
> I am no expert on Yang, so my examination of the module itself was
> superficial. The Datatracker says that Yang doctors looked at -18 on
> 2021-01-12, which presumably means that -19 reflected their report.
> The differences between the module in -19 and -28 appear to me to to
> be minor.
> 
> 
> 3.5. Strength of Keys Conveyed
> 
> 
> ... it is desireable ...
> 
> 
> Wiktionary describes "desireable" as "an archaic form of desirable".
> The RFC Editor's opinion on this should probably be sought.
> 
> 
> 3.10. The "ietf-crypto-types" YANG Module
> 
> 
> The title of this section seems to be uninformative given that 'The
> "ietf-crypto-types" YANG Module' is the subject of the entire
> document. Is this title what was intended?
> 
> 
> Some of the readable data nodes defined in this YANG module may be
> considered sensitive or vulnerable in some network environments. It
> is thus important to control read access (e.g., via get, get-config,
> or notification) to these data nodes. These are the subtrees and
> data nodes and their sensitivity/vulnerability:
> 
> 
> The use of "These" in the last sentence does not have an unambiguous
> referent as I read it. Perhaps "These subtrees/data nodes have these
> particular sensitivities/vulnerabilities:" Similar considerations
> apply to the last sentence of:
> 
> 
> Some of the operations in this YANG module may be considered
> sensitive or vulnerable in some network environments. It is thus
> important to control access to these operations. These are the
> operations and their sensitivity/vulnerability:
> 
> 
> [END]
> 
> 
> 
> 
> 
> 
> -- 
> last-call mailing list
> last-call@ietf.org <mailto:last-call@ietf.org>
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/last-call__;!!GjvTz_vk!WP1AIKvopR5fAdu49leEn5l7T1tMA_QG7ZaNEffIBzhPf06pDJ1-Cn9DM1WCQcq3yAUrgV8TlRY0$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/last-call__;!!GjvTz_vk!WP1AIKvopR5fAdu49leEn5l7T1tMA_QG7ZaNEffIBzhPf06pDJ1-Cn9DM1WCQcq3yAUrgV8TlRY0$> 
> 
> 
> 
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email