IETF Logo Mail Archive

Re: [netconf] updates to client/server suite of drafts

Martin Bjorklund <mbj@tail-f.com> Thu, 21 November 2019 11:11 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9D2120844 for <netconf@ietfa.amsl.com>; Thu, 21 Nov 2019 03:11:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eVRVJN3FwLiS for <netconf@ietfa.amsl.com>; Thu, 21 Nov 2019 03:11:01 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2F21200C1 for <netconf@ietf.org>; Thu, 21 Nov 2019 03:11:01 -0800 (PST)
Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 5F2441AE018B; Thu, 21 Nov 2019 12:10:59 +0100 (CET)
Date: Thu, 21 Nov 2019 12:10:27 +0100
Message-Id: <20191121.121027.792252830481287907.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016e8a7ebfef-d490b1b8-f55b-45f9-885c-b5bf1d90ec7f-000000@email.amazonses.com>
References: <0100016e8a7ebfef-d490b1b8-f55b-45f9-885c-b5bf1d90ec7f-000000@email.amazonses.com>
X-Mailer: Mew version 6.8 on Emacs 25.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/mlYJSvxrFkQgqUkPFOXcKl0yD50>
Subject: Re: [netconf] updates to client/server suite of drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 11:11:02 -0000

Hi,

Two quick comments inline. 

Kent Watsen <kent+ietf@watsen.net> wrote:
> I just pushed an update to all the client/server drafts (except TCP).  Below is the change log entry for each draft.
> 
> The most noteworthy update is that the http-01 update should (hopefully) resolve the concerns raised by the httpbis chairs.
> 
> The biggest non-update is that the "config false" algs-supported lists were NOT moved from crypto-types to the ssh/tls drafts, only because I ran out of time (and I'm hoping that my co-authors all do it).
> 
> There are still number of FIXME's remaining in the drafts.
> 
> Kent // contributor
> 
> 
> crypto-types:
>    -  Added the four features: "[encrypted-]one-[a]symmetric-key-
>       format", each protecting a 'key-format' identity of the same name.
>    -  Added 'must' expressions asserting that the 'key-format' leaf
>       exists whenever a non-hidden key is specified.

This can be made simpler:

OLD:

       leaf public-key-format {
         nacm:default-deny-write;
         when "../public-key";
         type identityref {
           base public-key-format;
         }
         description "Identifies the key's format.";
       }
       leaf public-key {
         nacm:default-deny-write;
         type binary;
         must "../public-key-format";
         mandatory true;
         description
           "The binary value of the public key.  The interpretation
            of the value is defined by 'public-key-format' field.";
       }

Now, since public-key is mandatory, the 'when' expression on
public-key-format will always be true (in a valid config).  Hence it
isn't needed.  And also, since public-key is mandatory the must on
public-key really just says that public-key-format is also mandatory:

NEW:

       leaf public-key-format {
         nacm:default-deny-write;
         mandatory true;
         type identityref {
           base public-key-format;
         }
         description "Identifies the key's format.";
       }
       leaf public-key {
         nacm:default-deny-write;
         type binary;
         mandatory true;
         description
           "The binary value of the public key.  The interpretation
            of the value is defined by 'public-key-format' field.";
       }

>    -  Improved the 'description' statements and added 'reference'
>       statements for the 'key-format' identities.
>    -  Added a questionable forward reference to "encrypted-*" leafs in a
>       couple 'when' expressions.

Questionable indeed.  I suggest you remove the when expression
instead. You have must expressions that says thatt the key-format leaf
must exist in the relevant cases anyway.


/martin

v2.23.0 | Report a Bug | By Email