Re: [netconf] crypto-types and keystore comments

Martin Bjorklund <mbj@tail-f.com> Thu, 14 November 2019 19:03 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1441A1200D7 for <netconf@ietfa.amsl.com>; Thu, 14 Nov 2019 11:03:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRa3Eb8iNgKZ for <netconf@ietfa.amsl.com>; Thu, 14 Nov 2019 11:03:21 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 2666C12002E for <netconf@ietf.org>; Thu, 14 Nov 2019 11:03:21 -0800 (PST)
Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 664DD1AE0312; Thu, 14 Nov 2019 20:03:19 +0100 (CET)
Date: Thu, 14 Nov 2019 20:03:19 +0100 (CET)
Message-Id: <20191114.200319.376479893059194256.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <20191114.165050.356278327445084771.mbj@tail-f.com>
References: <20191114.144738.728144006347516638.mbj@tail-f.com> <0100016e6a936a0d-47636ce9-345c-4009-8d74-9703905933aa-000000@email.amazonses.com> <20191114.165050.356278327445084771.mbj@tail-f.com>
X-Mailer: Mew version 6.8 on Emacs 25.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ohiTSgwfWfkQNW2xTK3WHIGv-y0>
Subject: Re: [netconf] crypto-types and keystore comments
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 19:03:23 -0000

Martin Bjorklund <mbj@tail-f.com> wrote:
> Kent Watsen <kent+ietf@watsen.net> wrote:
> > Hi Martin,
> > 
> > >> True.  But how can we define a way to get a list per instance?  Should
> > >> there be a "config false" list wherever the "algorithm" node appears
> > >> (i.e., put the list into the crypto-type groupings having the
> > >> algorithm node?)
> > > 
> > > I don't know, probably.  Do we really want that?  Probably not.
> > 
> > Per-instance may be too granular.  If thinking that said curations
> > occur of protocol boundaries, then maybe have a config false list in
> > ietf-ssh-common and ietf-tis-common?  Not perfect, as an application
> > may use more than one SSH library or more than one TLS library, but
> > it's much less likely.
> 
> Yes, better.
> 
> > > This is exaclty why I suggested earlier that we don't spend time
> > > trying to solve this problem at all now.  I'd rather not put in
> > > something that we know doesn't really work.
> > 
> > Wait, no, there is a very real issue here that cannot be ignored.  Or
> > do you feel that we should give up entirely on trying to enable
> > servers to proactively express what algorithms they support?
> > 
> > 
> > 
> > >>> Do you have a pointer to this?
> > >> 
> > >> There was an email from Juergen a few months back.
> > > 
> > > But that was based on a misunderstanding.  (or you mean something
> > > else)
> > 
> > Now I'm unsure what you're talking about, do you have a pointer to it?
> 
> I am talking about this:
> https://mailarchive.ietf.org/arch/browse/netconf/?q=

Should have been:

https://mailarchive.ietf.org/arch/msg/netconf/G9lHICXD5H9MzQ9D9-xMxdZIJRM


/martin