Re: [netconf] updates to client/server drafts
Martin Bjorklund <mbj@tail-f.com> Thu, 13 June 2019 15:43 UTC
Return-Path: <mbj@tail-f.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27C0E1202EA for <netconf@ietfa.amsl.com>; Thu, 13 Jun 2019 08:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yovwgZQ7FzuD for <netconf@ietfa.amsl.com>; Thu, 13 Jun 2019 08:43:29 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 23A951202D8 for <netconf@ietf.org>; Thu, 13 Jun 2019 08:43:29 -0700 (PDT)
Received: from localhost (h-4-215.A165.priv.bahnhof.se [158.174.4.215]) by mail.tail-f.com (Postfix) with ESMTPSA id 597B01AE0331; Thu, 13 Jun 2019 17:43:27 +0200 (CEST)
Date: Thu, 13 Jun 2019 17:43:26 +0200
Message-Id: <20190613.174326.268927196019178879.mbj@tail-f.com>
To: kent+ietf@watsen.net
Cc: j.schoenwaelder@jacobs-university.de, netconf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <0100016b5158eba2-6c8348a2-aacc-48c6-adf9-aab39b0ef3a9-000000@email.amazonses.com>
References: <20190613.130024.515576855897220606.mbj@tail-f.com> <20190613111023.ngllkl22zj2vsowp@anna.jacobs.jacobs-university.de> <0100016b5158eba2-6c8348a2-aacc-48c6-adf9-aab39b0ef3a9-000000@email.amazonses.com>
X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/pDPDPiLLy1om1dAd2oGL-Cv0voI>
Subject: Re: [netconf] updates to client/server drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 15:43:31 -0000
Kent Watsen <kent+ietf@watsen.net> wrote: > > >>> I am strictly against hiding actions by encoding 'verbs' in an ad-hoc > >>> data format. I rather not support creation of keys on the device. > >> > >> Remember we had this cases: > >> > >> 1. upload of keys > >> 2a. generation of keys on the box that will go into hardware protected > >> storage (and never be accessible) > >> 2b. generation of keys on the box that will be stored on disk > >> (and never be accessible over the mgmt interface) > >> 3. generation of keys on the box that become (protected) > >> configuration > > This list is missing cases #1 and #3 described here: > https://mailarchive.ietf.org/arch/msg/netconf/eRDvDhOHikEq4fRJJGj8dD7uIcc > <https://mailarchive.ietf.org/arch/msg/netconf/eRDvDhOHikEq4fRJJGj8dD7uIcc>. #1 (pre-existing key in hw) is orthogonal to the pain points we have here; it should be possible to handle this case. #3 (upload of hidden key) should also be straight forward with an action. > Also, we currently make no distinction between (2a) and (2b) - hidden > is hidden, however it's implemented. I know, but the discussion seems to imply that this would be useful and it seems trivial to support. > >> I think the previous version of the draft (with YANG actions) handles > >> 1 and 2 (a and b with trivial updates). > >> > >> It is only (3) that we don't have a solution for that everybody > >> accepts. > >> > >> So perhaps we should solve 1 and 2a and 2b, and publish that, and > >> leave 3 for the future? > > > > This may be a way to move forward. In 2a and 2b, will there be a way > > to remove a generated key via the mgmt interface or do I have to take > > a bigger hammer to accomplish this? > > I object to reverting to the approach that doesn't have the key's > 3-tuple (algorithm, public key, private key) marked as mandatory true, > our doing that before was unhelpful. I need to go back and re-read (again, I just read all threads on this issue) some mails to understand what this means. > I was hoping that the "verbs" > approach could leap over the impasse but, if Juergen is strictly > against it, then we should go back to the approach described here: > https://mailarchive.ietf.org/arch/msg/netconf/P-xcpHqUNq3LfX5meOCpNQMJusY > <https://mailarchive.ietf.org/arch/msg/netconf/P-xcpHqUNq3LfX5meOCpNQMJusY>, > for which a draft was never published. > > In the previous link, search for "Now let's discuss what this action > does" and note the two options: (1) is more user-friendly, but one > that Martin appears to be strictly against Yes, and Andy and Rob (at least). And I do not agree that it is user friendly at all! > and so perhaps (2) is all > we can agree on, and yes, there would need to be a third (not > mentioned) action to delete the key from <operational> (presumably > after having deleted the same from <running>). Yes, it is less > friendly, if you want more friendly, then let's do (1). I'll update > the draft shortly based on the less-friendly approach (2). I don't think (2) is the right solution either. I think the previous version of the draft was very close to a workable solution. > That said, I'm also okay with giving up (for now) trying to enable a > client request the server to generate a key (hidden or not) or request > the server to install a hidden key [note: these are #2 and #3 in my > first link above]. I don't it is necessary to give up this. IMO the only problematic use case is "let the device generate a key that then becomes part of the config". If we avoid that I think we can handle the other cases. > I would support this less complete solution > because it still supports basic configuration (#0) and > manufacturer-generated keys for, e.g., IDevID certificates (#1), and > thus a passable go-to-market solution. If folks don't like the update > per the previous paragraph, then this looks like a good fallback. /martin
- [netconf] updates to client/server drafts Kent Watsen
- Re: [netconf] updates to client/server drafts Kent Watsen
- Re: [netconf] updates to client/server drafts Juergen Schoenwaelder
- Re: [netconf] updates to client/server drafts Kent Watsen
- Re: [netconf] updates to client/server drafts Juergen Schoenwaelder
- Re: [netconf] updates to client/server drafts Martin Bjorklund
- Re: [netconf] updates to client/server drafts Juergen Schoenwaelder
- Re: [netconf] updates to client/server drafts Martin Bjorklund
- Re: [netconf] updates to client/server drafts Kent Watsen
- Re: [netconf] updates to client/server drafts Martin Bjorklund
- Re: [netconf] updates to client/server drafts Rob Wilton (rwilton)
- Re: [netconf] updates to client/server drafts Andy Bierman
- Re: [netconf] updates to client/server drafts Rob Wilton (rwilton)
- Re: [netconf] updates to client/server drafts Andy Bierman