Re: [netconf] crypto-types fallback strategy
"Rob Wilton (rwilton)" <rwilton@cisco.com> Wed, 18 September 2019 12:45 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E63BC120241 for <netconf@ietfa.amsl.com>; Wed, 18 Sep 2019 05:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VJ7sTyJV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=jQu0Chea
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSq-xVINmHGv for <netconf@ietfa.amsl.com>; Wed, 18 Sep 2019 05:45:23 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7C79120825 for <netconf@ietf.org>; Wed, 18 Sep 2019 05:45:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20400; q=dns/txt; s=iport; t=1568810723; x=1570020323; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=NuXGWRiIUBN6tSL3TNVPy1y/oVfpKDu6JkVO0pG3iCs=; b=VJ7sTyJVApnkp+dzePibTG3oqGIp7Hd3UFy/EiGuP/LNSlp9LWKQ6YuL z/Qh/aXQy7JgSrhqta6BUZqpFxNiQH9lXWfeMS0eVvdY/T5RDlzZg//zY zNFNytP+pemOzSDz330+mMqSXl0Bs9prCiXqwLcNYLRs/XfnZ1wpXVu44 Q=;
IronPort-PHdr: 9a23:/6WO8BfM1snp+nNS+1iGjj9tlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGRD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/dTM7GNhFUndu/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AUAADWJYJd/4YNJK1dCRoBAQEBAQIBAQEBBwIBAQEBgVUDAQEBAQsBgRUvUANtViAECyoKhBiDRwOKd4JciWaODYEugSQDVAkBAQEMAQEtAgEBhD8CF4JsIzYHDgIDCQEBBAEBAQIBBQRthS0MhUoBAQEBAxIRChMBATcBDwIBBgIRBAEBKwICAh8RHQgCBAENBQgagwGBHU0DHQEClFGQYQKBOIhhc4Eygn0BAQWFCA0LghcJgTQBikWBQxiBQD+BV4JMPoIaggAsgwkygiaPVIUnl0BBCoIikQOEG5kgjg+KFo5zAgQCBAUCDgEBBYFZAi+BWHAVgydQEBSBToNyilNzgSmOKgGBHQUBAQ
X-IronPort-AV: E=Sophos;i="5.64,520,1559520000"; d="scan'208,217";a="328565324"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Sep 2019 12:45:22 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x8ICjMnc009284 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Sep 2019 12:45:22 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 07:45:21 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 07:45:21 -0500
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 07:45:21 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MbzDvgMiScHvHts/HVADTu0xBorsCM3Fox+LiRT4mb/6B63tpYOzstmScN3122KPFZ16K9Gp0kdxBFPX+SEHdDZblwnP6EiYZsPUu5fMH2FHT+dW3uSr7qLMENUYcIoHVykLv0HdP6XH2EnXE84fxHkInhM96Jx27D11foVE1bGPynIBMtimVxyAXYZjpFL0jz6vxPHv5sx5H+HlpD2JYo3yqke2nlpjOlULyMlgFOQDGt+Iivxb6SP35kExryYoaBcNT5SL54hyraH3l7sSuLOnWOLDSWFbcuwz0T2zjvz7RHWFc6qFWSXj2AWJ4TFCU3iN+0YJgaD0mmsh/52Xkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NuXGWRiIUBN6tSL3TNVPy1y/oVfpKDu6JkVO0pG3iCs=; b=l+G3un4HFuRt2u3mNbQEyRuzLXS2K4P5k1QAaPfxccVgsk8kfh0FuIwmNr4/nHaPYM7Xlpp5mlfMY4ex+uoXVdi51TJ3wjX2ZIC4xDEk4ZfCzs9CkJLouMf+ruz+FbB7pLWeDq15mL6FnMWxDDOBgTN6dprNcZvVsU71hHv4yNUxhAPWYFh4Y1BnAqUBKZQhVm+3TmVqhB03W3usaWXDjse3yLbvzwrNacoyxpHSwuexHKewl+19HosS7bfWimKtyAMjdKJ/rcBi36jCMhIX7UpaCQH9E2ooemY/K9iG7hy/JjjI0sq0L/99UO8SwoHUzNv3FlGlveZ25GIWFAmSNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NuXGWRiIUBN6tSL3TNVPy1y/oVfpKDu6JkVO0pG3iCs=; b=jQu0CheadE9ntiEZILn11O0CDWlYkzy4FoCFO96SyBLqZEvJeE73k8rm6t8R1EcPbLPWV9RCh3Mfp8LvGtlzDLnMXI8A7vs6QwarViZtV8CSrb0nnozuODhXXYO/4ELde+g7TebMxUDvGaqoDJchdUCZ9EScMQ+0w01TOtpTdrk=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB4030.namprd11.prod.outlook.com (10.255.181.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17; Wed, 18 Sep 2019 12:45:20 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::6db3:f4c:467b:30f6]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::6db3:f4c:467b:30f6%7]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 12:45:20 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "Salz, Rich" <rsalz@akamai.com>, Kent Watsen <kent+ietf@watsen.net>
CC: Russ Housley <housley@vigilsec.com>, "netconf@ietf.org" <netconf@ietf.org>, Sean Turner <sean@sn3rd.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Thread-Topic: [netconf] crypto-types fallback strategy
Thread-Index: AQHVaNxVu0aQE+n/K0iPwVgOy8FH/KcpQIdQgAVLFQCAARKfAIAATvkAgAABvxCAAC5vAIAAAggggAADhQCAAQHLcIAARlAAgAAAT1A=
Date: Wed, 18 Sep 2019 12:45:19 +0000
Message-ID: <MN2PR11MB4366E4ECE10DFB018941BA5FB58E0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <MN2PR11MB4366AE6CF9E03B15EBEA3A39B5B30@MN2PR11MB4366.namprd11.prod.outlook.com> <0100016d3afa694e-ce58ee3a-792f-4c0e-89bb-83d0128a5194-000000@email.amazonses.com> <MN2PR11MB4366F63419F6BD4EF106766FB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <8053FDA0-77EA-488F-B5A7-F203359105E0@akamai.com> <MN2PR11MB43669B3A47A39FD93B47292FB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <6924CAD5-F740-4512-8689-E0307AF0BD88@akamai.com> <MN2PR11MB4366B5C09B4348FDAE33E2BCB58F0@MN2PR11MB4366.namprd11.prod.outlook.com> <99BFF357-6A2A-49E0-BB38-37C25DB04213@akamai.com> <MN2PR11MB4366F20EE2FD6DF04B965125B58E0@MN2PR11MB4366.namprd11.prod.outlook.com> <EBE4757D-E99E-41EB-A52B-A25F023BF4BC@akamai.com>
In-Reply-To: <EBE4757D-E99E-41EB-A52B-A25F023BF4BC@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [173.38.220.61]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 62beb5e4-d6e7-4053-bb6c-08d73c3610a8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4030;
x-ms-traffictypediagnostic: MN2PR11MB4030:
x-microsoft-antispam-prvs: <MN2PR11MB40303460B6647BE68461202EB58E0@MN2PR11MB4030.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2582;
x-forefront-prvs: 01644DCF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(346002)(366004)(396003)(199004)(189003)(7696005)(3846002)(110136005)(71200400001)(6246003)(64756008)(6306002)(71190400001)(66556008)(476003)(6436002)(486006)(5660300002)(256004)(7736002)(86362001)(9686003)(55016002)(66476007)(66946007)(33656002)(66066001)(66446008)(54896002)(74316002)(76116006)(316002)(2906002)(8936002)(6116002)(53546011)(790700001)(8676002)(4326008)(52536014)(229853002)(81156014)(102836004)(81166006)(26005)(99286004)(11346002)(446003)(478600001)(25786009)(14454004)(54906003)(6506007)(186003)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4030; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: CxS45q+KE1D8w37Bcb1hXkDau7aIk9wNrjKgLz7Wn1z7aosTp2OOeUbLVEArru/Jgz476W/uBTO0fP6O5hbuW2B8TGSgxSmnD6DKygQH2s1Ma7HyrRFQd/JRchPpKemDMO2yYLppESsrqSRPF9d8o+FEqBpTtgifiG7tSeEjMCi8eNnqXw4K5hBar46XBLGaFBC75OBXZdkXnH9Tl+zg6WNhJImhtQ13YsWpMQxL62LFtCVvBP3Q+B4cXvD5CGzj/GM4e6ozuuxqSZlkt4M2IX1PV84uWARjQOKrqkMJv5QVM6kFGlALut81TgWSTlDXUkVQKiN1KqLxaybKRYVfvyKAyFdZtS+uGRo2q33E4FvN4sJdB82tHrhbKiIZfmVn6wwjkpswihqdPYsl9mq384oJSSpjGjHR9R6EkYDfRx0=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366E4ECE10DFB018941BA5FB58E0MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 62beb5e4-d6e7-4053-bb6c-08d73c3610a8
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 12:45:20.0349 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7jbpfzb3MhXLTC8kwci5pT8wFjvSTmgFXqBBm4kXtWLJshx50edVftHRECp/bOMa8IlWcGFatuX0INBUewgwfw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4030
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/nLvAOfiK2WN7xOy7DeVRBi0E7XQ>
Subject: Re: [netconf] crypto-types fallback strategy
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 12:45:26 -0000
From: Salz, Rich <rsalz@akamai.com> Sent: 18 September 2019 13:41 To: Rob Wilton (rwilton) <rwilton@cisco.com>; Kent Watsen <kent+ietf@watsen.net> Cc: Russ Housley <housley@vigilsec.com>; netconf@ietf.org; Sean Turner <sean@sn3rd.com>; Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Subject: Re: [netconf] crypto-types fallback strategy Ø OK. So, in YANG I think the definition of a base identity is effectively defined by how it is intended to be used. I.e. somewhere in the model there is an identity reference that indicates that it can take any identity value that is derived from that base identity. I will have to go learn a heck of a lot more about YANG before the next IETF. [RW] Probably sections 7.18 Identities and 9.10 Identity-ref of RFC 7950 are probably the key ones for this discussion. Ø We still need to have care here. Presumably there will be cases where the same key algorithm is used in multiple places. I was partly trying to tie the partitioning into modules about where the algorithms are being defined (i.e. which RFCs) rather then where they are necessarily used. Luckily TLS and SSH are defined in separate RFC’s. :) [RW] Yes, 😉
- [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Per Hedeland
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- [netconf] FW: crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Holland, Jake
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] [Taps] crypto-types fallback strate… tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Rob Wilton (rwilton)
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy tom petch
- Re: [netconf] crypto-types fallback strategy Wang Haiguang
- Re: [netconf] crypto-types fallback strategy Salz, Rich
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Schönwälder
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Kent Watsen
- Re: [netconf] crypto-types fallback strategy Martin Bjorklund