Re: [netconf] Truststore: bags, sets, or other?
Martin Bjorklund <mbj@tail-f.com> Fri, 31 January 2020 10:10 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033271200D6 for <netconf@ietfa.amsl.com>; Fri, 31 Jan 2020 02:10:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0c5FpOmtd-1v for <netconf@ietfa.amsl.com>; Fri, 31 Jan 2020 02:10:30 -0800 (PST)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 2141D120026 for <netconf@ietf.org>; Fri, 31 Jan 2020 02:10:30 -0800 (PST)
Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 13A711AE02F0; Fri, 31 Jan 2020 11:10:28 +0100 (CET)
Date: Fri, 31 Jan 2020 11:10:27 +0100
Message-Id: <20200131.111027.840757629039452002.mbj@tail-f.com>
To: kent@watsen.net
Cc: netconf@ietf.org, housley@vigilsec.com
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016ff91dfd1b-9e8e6622-7e36-45dc-a661-f4702b494040-000000@email.amazonses.com>
References: <0100016ff91dfd1b-9e8e6622-7e36-45dc-a661-f4702b494040-000000@email.amazonses.com>
X-Mailer: Mew version 6.8 on Emacs 25.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/p4K_5alH54CQzxIngVgvQi_eovM>
Subject: Re: [netconf] Truststore: bags, sets, or other?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 10:10:32 -0000
Hi, Kent Watsen <kent@watsen.net> wrote: > [CC-ing Russ, who says he knows a lot about bags ;) > > > The truststore draft [1] has the following general structure: > > module: ietf-truststore > +--rw truststore > +--rw certificates* [name] {x509-certificates}? > | +--rw name string > | +--rw certificate* [name] > | +--rw name string > | ... > +--rw host-keys* [name] {ssh-host-keys}? > | +--rw name string > | +--rw host-key* [name] > | +--rw name string > | ... > +--rw raw-public-keys* [name] {raw-public-keys}? > +--rw name string > +--rw raw-public-key* [name] > +--rw name string > ... > > > I have been struggling with the naming of the top-level nodes > (/certificates, /host-keys, etc.) being plural while also being ‘list’ > elements. What is intended is that each of these top-level nodes is a > "list of sets/bags of things. To resolve this issue, I’m thinking > about the following change: > > OLD: > +--rw <thing>s* [name] {<thing-feature>}? > +--rw name string > +--rw <thing>* [name] > +--rw name string > … > > NEW: > +--rw <thing>-bags {<thing-feature>}? > +--rw <thing>-bag* [name] > +--rw name string > +--rw <thing>* [name] > +--rw name string > … > > Better, right? Any other ideas? We have current published modules with both "-list" and "-set". No "-bag" so far. For example: "list rule-list" in ietf-netconf-acm "list module-set" in ietf-yang-library There are some examples of "s" as well, but these are plural "s" for a normal list of singletons, and should have been named w/o the plural "s" (if we were to be consistent). I would try to avoid "s" for a "list-of-lists", but then pick the suffix that feels most natural in the domain. (For example, rather "list access-control-list" than "list access-control-set"). Perhaps you can argue that "-list" works better for ordered sequences, and "-set" and "-bag" for unordered. But then there are "ordeded sets" and "unordered lists" (and even apparently "ordered bag", in UML). The plural "s" is better for a surrounding container (if one exists). /martin > > Note that the term “bag” is the commonly used term in crypto circles > with regard to PKI and, in particular, in reference to the “CertBag” > type defined in Section 4.2.3 in RFC 7292 [2]. That said, I don’t > think that “bag" is commonly used in reference to SSH host keys or raw > public keys. I don’t know if that is any issue but, in case it is, > the choices are: > > 1) use “bag” for all three > 2) use “set” for all three > 3) use “bag” for certificates and “set” for the other two > 4) <another idea?> > > Thoughts? > > > [1] https://tools.ietf.org/html/draft-ietf-netconf-trust-anchors > <https://tools.ietf.org/html/draft-ietf-netconf-trust-anchors> > [2] https://tools.ietf.org/html/rfc7292#section-4.2.3 > <https://tools.ietf.org/html/rfc7292#section-4.2.3> > > Kent > >
- [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Martin Bjorklund
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Schönwälder
- Re: [netconf] Truststore: bags, sets, or other? Rob Wilton (rwilton)
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Russ Housley
- Re: [netconf] Truststore: bags, sets, or other? Randy Presuhn
- Re: [netconf] Truststore: bags, sets, or other? Ladislav Lhotka
- Re: [netconf] Truststore: bags, sets, or other? Balázs Kovács