[netconf] 答复: I-D Action: draft-ietf-netconf-crypto-types-09.txt

"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Mon, 24 June 2019 02:28 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7AB4C12008A for <netconf@ietfa.amsl.com>; Sun, 23 Jun 2019 19:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YnbwyOHyh-4v for <netconf@ietfa.amsl.com>; Sun, 23 Jun 2019 19:28:10 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3BEC120033 for <netconf@ietf.org>; Sun, 23 Jun 2019 19:28:09 -0700 (PDT)
Received: from lhreml704-cah.china.huawei.com (unknown []) by Forcepoint Email with ESMTP id CD5F56B1C353FAFC9ACD for <netconf@ietf.org>; Mon, 24 Jun 2019 03:28:07 +0100 (IST)
Received: from lhreml711-chm.china.huawei.com ( by lhreml704-cah.china.huawei.com ( with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 24 Jun 2019 03:28:07 +0100
Received: from lhreml711-chm.china.huawei.com ( by lhreml711-chm.china.huawei.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 24 Jun 2019 03:28:07 +0100
Received: from DGGEMM401-HUB.china.huawei.com ( by lhreml711-chm.china.huawei.com ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Mon, 24 Jun 2019 03:28:06 +0100
Received: from DGGEMM511-MBX.china.huawei.com ([]) by DGGEMM401-HUB.china.huawei.com ([]) with mapi id 14.03.0439.000; Mon, 24 Jun 2019 10:28:03 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Kent Watsen <kent+ietf@watsen.net>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt
Thread-Index: AQHVJ3gWqvO+wlO2ckCVAWawaqasCaakKPCAgAXsrRA=
Date: Mon, 24 Jun 2019 02:28:03 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E7AFCC6@dggemm511-mbx.china.huawei.com>
References: <156104236883.3035.10764109194950999587@ietfa.amsl.com> <0100016b758f31cd-97380f81-31bc-4eab-9bc0-af15545c47ab-000000@email.amazonses.com>
In-Reply-To: <0100016b758f31cd-97380f81-31bc-4eab-9bc0-af15545c47ab-000000@email.amazonses.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F13E7AFCC6dggemm511mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/pRkvMr0mTkYW-GLDAeN3Csg0gY4>
Subject: [netconf] 答复: I-D Action: draft-ietf-netconf-crypto-types-09.txt
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2019 02:28:13 -0000

Hi Kent and all,
Please see my comments inline:

发件人: netconf [mailto:netconf-bounces@ietf.org] 代表 Kent Watsen
发送时间: 2019年6月20日 23:44
收件人: netconf@ietf.org
主题: Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt

This update converts the algorithms from being identities to enumerations.

This is suppose to be the result from the thread started on April 25 entitled "The maintenance of the algorithm identifiers in draft-ietf-crypto-types" but, actually, I think it's from an earlier thread in which I believe Lada stated rationale for using enumerations instead of identities (I can't find that thread right now).   Seeing that the enum "values" are just in position-order, I'm unsure what issue this change resolves, but it seems nicer that a server doesn't have to *implement* the module, and also the values don't have to be prefixed...
[Frank]: FYI, the earlier thread discussing and proposing a good solution for currently using enumerations instead of identities is: https://mailarchive.ietf.org/arch/msg/i2nsf/CKUsox3ua9JitEb5pQMN8-Iogwg   (Thanks Lada, Mahesh, Juergen, Martin, Andy, Acee, Paul Wouters and etc. for the productive discussion). The next issue to be addressed is whether the enum “values” can be in position-order, or should be the same as their respective IANA defined crypto algorithm numbers? For the latter case, which IANA should they be aligned: TLS, IPSec or SSH?

All said, I think that the maintainability issue remains.  IIRC, Tom Petch suggestion breaking the algorithms into smaller modules, that is, one module per what is now an "enumeration", and also I think that there was a recommendation for making these "iana-" modules...
[Frank]: Should we define the YANG modules for crypto types in yang IANA page?


This change is orthogonal to the update posted three days ago, which focused on how to support server-generated keys, etc.  No objections have been received so far, and thus I'm beginning to think it's okay and we can go into last call after the above discussion resolves.

Kent // contributor

On Jun 20, 2019, at 10:52 AM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Network Configuration WG of the IETF.

       Title           : Common YANG Data Types for Cryptography
       Authors         : Kent Watsen
                         Wang Haiguang
  Filename        : draft-ietf-netconf-crypto-types-09.txt
  Pages           : 56
  Date            : 2019-06-20

  This document defines YANG identities, typedefs, the groupings useful
  for cryptographic applications.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

netconf mailing list