Re: [netconf] Virtual "hum" for the "key generation" issue discussed at virtual meeting
"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 27 April 2020 16:41 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 342523A0F0A for <netconf@ietfa.amsl.com>; Mon, 27 Apr 2020 09:41:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ZylcxZTN; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=lLkpjDYJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5EIBqKSkDdnA for <netconf@ietfa.amsl.com>; Mon, 27 Apr 2020 09:41:41 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADCA93A0F06 for <netconf@ietf.org>; Mon, 27 Apr 2020 09:41:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24594; q=dns/txt; s=iport; t=1588005701; x=1589215301; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=p5fTmdnyPL16vYjdlvlAi2qdXCLS8ZMOMlttHeffPdY=; b=ZylcxZTNQ2EBZt8subQirbnp47m+BDC5k2y5lVgtDwv9r41s+dH9UW6I JTCdOHDFMMyYN0JKSkXzHkQCWTpZtahIA6+5MO3h1EteA9Ajv6XBgfR0R /sBdncQ66jt3hfUKvTX+m/x3FmpTkfG/qUdFy0vrv9ifHL7J4RMcAtWWf c=;
IronPort-PHdr: 9a23:r3CS7RegTCi7eaiKgBhlB2gglGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGRD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/dTM7GNhFUndu/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C9BQC+Cqde/5pdJa1dCRwBAQEBAQcBAREBBAQBAYIDgSUvUQVsWCAECyoKhBWDRgOKc4JfmC+CUgNUCwEBAQwBAR4PAgQBAYREAheCESQ4EwIDAQELAQEFAQEBAgEFBG2FVgyFcQEBAQEDEhEKEwEBNwEPAgEGAhABBAEBKwICAjAdCAIEAQ0FCBqDBYF+TQMuAQMLlzeQZwKBOYhhdoEygwABAQWBNgIBEAEOCYNQGIIOAwaBOIJjiBaBRBqBQT+BEUOCTT6CZwICARmBHRQaK4JlMoItkTuGFCOaNAqCRYgPkA6CW41OjFKPM0eJSJM+AgQCBAUCDgEBBYFpIoFDDAdwFTuCaVAYDZE0DBcVgzqFFIVCdAIzAgYBBwEBAwl8jRABgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.73,324,1583193600"; d="scan'208,217";a="753771952"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Apr 2020 16:41:38 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 03RGfcoB023857 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 Apr 2020 16:41:38 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Apr 2020 11:41:37 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 27 Apr 2020 11:41:37 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 27 Apr 2020 11:41:37 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X6pr5gpYjJiYshltdX4v62aIRfh7XEAGWVc9+cIksN28t5FWwvI87IthuA9JzU41MvAHYREXqpXYKnfBCMg5hbBUHgFuoZg0VoBPhyyF8eEaRHVuvYmyNJhX0KhmxoyWHTa1TXBohDKP2aQ3sN+id0/xKsL8fStxdZwlZLd2z85AeFylvT2Bcxaz92QpCoty/DMhEhXnLf0t8NvzsOQTMTgX09buyWQXgw7OOXRuFHH987X3LG7/WTIml+7fce2OFDyyPhG30kRGCMsW63rBnjsDPjh8q/sJuGmKmtWhITMNuF++gN/jUV19SF8nvscDFO8QdwcdqPiTYpLuKT49qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5fTmdnyPL16vYjdlvlAi2qdXCLS8ZMOMlttHeffPdY=; b=nZT/PUaoHShI9iHSsYFbK6MJbgCA52+4PUyQGgECuCYQuOltfDG3WAHjxzDhoL5UJLi6CPQNySj/lx3pWp8dgMyVNhcnLCLGjX5STnYPzViLvzip44+Y9WETE2vEZlBScezRRH7X3ac/HsgDqpFK6hVSJ9aAEtVrZBfyytXL1WZYS9I3b7jNB16OWai2UDC++/xq5ZEt1DbitxyJrPo6V+G6HXng4Pr5w2ohtLarPnM1bRPqxGOidikRM+jj78IN3ubvY31L2eRT9wKz0eKna/RDImbG9GZWfO+df7jM9n8Rod0eIdqWuNp4b1w2owQwm+JI3JKtzIpAnEPXxeiBYg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5fTmdnyPL16vYjdlvlAi2qdXCLS8ZMOMlttHeffPdY=; b=lLkpjDYJ/2jFxFDQXzGjLilrmOcKp6fJ3P6keIWFnq3NbEJpJyjF8zG8zfPeC2gGRNWmULTKre+HueHubARUd/78wJFmYoHjze2aa8hn3+WSdpnvDjGbRwOtMhZOc78m0fhTaiqHfIxkHqHFpS1Chr0aRe/jOTLzyNF9EQiGfVk=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4367.namprd11.prod.outlook.com (2603:10b6:208:18b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Mon, 27 Apr 2020 16:41:36 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3%5]) with mapi id 15.20.2937.023; Mon, 27 Apr 2020 16:41:36 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Kent Watsen <kent+ietf@watsen.net>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
CC: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Virtual "hum" for the "key generation" issue discussed at virtual meeting
Thread-Index: AQHWF2bXrSECauZ+fUyn7wWuc6EbxKiDIIkAgAB/rQCACXJewA==
Date: Mon, 27 Apr 2020 16:41:36 +0000
Message-ID: <MN2PR11MB4366810254654BAD3A07915AB5AF0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <0100017199cd7580-240a83ae-9934-4af3-a0e3-3b063286059f-000000@email.amazonses.com> <20200421063956.fgczjrjhh6ppjhnp@anna.jacobs.jacobs-university.de> <010001719d195262-4f097864-625d-437f-8e15-a79c4498342e-000000@email.amazonses.com>
In-Reply-To: <010001719d195262-4f097864-625d-437f-8e15-a79c4498342e-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [82.15.79.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 85fffac4-a084-4172-0941-08d7eac9da2d
x-ms-traffictypediagnostic: MN2PR11MB4367:
x-microsoft-antispam-prvs: <MN2PR11MB4367410EBD00937F35E10623B5AF0@MN2PR11MB4367.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0386B406AA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(396003)(346002)(39860400002)(376002)(136003)(9686003)(66476007)(8936002)(76116006)(53546011)(6506007)(66556008)(64756008)(66446008)(966005)(8676002)(110136005)(316002)(7696005)(55016002)(81156014)(33656002)(478600001)(5660300002)(26005)(2906002)(71200400001)(186003)(4326008)(9326002)(86362001)(52536014)(66946007); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GGDLvS5PEXvsxKinI+DiFf7rQq7cd1AjzhXsIkLuH7JhR787m9XMrEjnwTJ508eb8sKCtQoZ2LREC3vS5RFnYZ+ykOGVsgLvkebzCN9drInEh/mywTn81DJfEvevR3e1/K+57YCbrJSxr2caEinAXqVth3bBZufTaBoHf/8fm590kruO3OxoXi8heNp6TKMu5k3G1dqF9/EGEvREwZ9W7H91fQRcHIp07yTNgavVVBz9Naf2OT77BkrYLi87ZB6TG4ff4bE8EUtlYvsz7YPdiMvsVohjdJ/Ns2wyP3rtMU/whJvrSrjRdAMOUDl5uzo3v+TplQVmlsAYBOoq1eqYCageIHILjScXcDGLs6KUljSFhpS3qkM/piQ75qPJ94DAOG+yLkQeOtx6SQYC7aQSv9wDPqYoUY4DhHX0LIx3ly7R72yaZzj9D0z3Rf9RE96//EvDcV6jlcH/s/rYQv2UkToMJ03cwJpeeJnWrf3nQSMBCqn6FHLwDmCo26xTs4/gR7rU4JWywYUFJBIjgqIl7Q==
x-ms-exchange-antispam-messagedata: VbH+PfoK4O5bgCHa3KDAwRA2ZjGrusk/m/CPTNzdQtSjjdOu1Ms0VFIcd+ZcnWN/Qj1XVJ8WZq1MQZXLc/q+jCfUTWpmOi+FzM10BkexfAEpPi775oxNHwwS5yFSxd8ZmqCfLK+AURA5jEz170Vx4e2QTsJNMGWDWDbAJaGVcCCYFwGURsrh2cUhvs1FfaxFwGGVk1VnvYTjD96rHOUAGRHHPe1e0gA3tH1kUDTmfWBTEHAd9D7iHA12h1npDg4NgqB3mN9FHGQOPlcH7Ad+wH5u1o7KG3TBB1ZQbAR7f0CTrwDpypyBwl+JPgG77OtjJpv218apqw6COdDoVSfKH26Mi1meeBzVKzbaYGA4KEZPbe7GxJdBtnckxU2MrLOWHQr0SqSYLZUQCnWFu0aSrunP0wqVPTzAB1HUFji6cu/rtLbeOwO4VbMw9Ff8Ept5dPFEEeJs9R22CJNq+sOIlO9nzFtdMbAleDLkeK86NoSPRLRSZbGXuNf74ZaOnN+DhRXM0rMg0szX1icRTpWExrZoti3NSuEyXASxQCkLRxfo4DkzLpRxrEueQiJupMyDv7vpsByAuee+elA6PHYT0DuHCrb+tRk1GD37GMSzysPhw3PG4ffgBJNIrhznX3XQ/lYsiRrZOlngdKkSJCr01EBHgIs1v5ZNdnaUVokJCMP8N6zcxEK8whjBaWRJgRIBylBPMXUwX6mQJr5mukRxahbZlA9fwKZCoDdwDEBaEFNLeDSj5rl5O8INEDaLNZAJaLlmG83qWFFejSC/Re3BSMRYa7UXrNOMeKTyvPkZ65s=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366810254654BAD3A07915AB5AF0MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 85fffac4-a084-4172-0941-08d7eac9da2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2020 16:41:36.3886 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5x8Lxhz8cqbidkHA4cl0pu1U4JTOTe9y0v+7EDrTJ+8yhxnlW8p8jHNYZ2wYtLAoEnOMlnYI6hms3KzJFwiOdg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4367
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/q4Ki75JXZ32O_yWR8VAvxTvhTGI>
Subject: Re: [netconf] Virtual "hum" for the "key generation" issue discussed at virtual meeting
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 16:41:44 -0000
Hi Kent, Having just watched the video again, and read your comments below, I’m concerned that (1) might not really be a valid option, especially if this means that it would be likely to blow up in the IESG Secdir reviews. I prefer the 2nd choice from a technical POV: * Using identities rather than enums feels more flexible/extensible. * Having per protocol identities seems to more closely match the status quo, and it doesn’t seem to be a given that all protocols will necessarily want to support all crypto-types. E.g. a new protocol may choose to only support a subset. I mean this separately to what subset of crypto types a protocol implementation may choose to support. * It also seems more user friendly to me to have the RPCs defined under the protocols, and having the RPCs defined does seem important/useful. One question I have, is whether the crypto-types could still define identities for the base algorithms. The protocol specific identities could optionally derive from a base algorithm identity and a protocol specific identity. This might then give you the “basic algorithms are the same, but can be used/interpreted slightly differently by different protocols”. I know that you are busy, do you think that it would be feasible to (2) and then go to WG LC (e.g. before IETF 108)? I.e. use WG LC as a forcing function to resolve any remaining issues. Or is there too much work? Rob, [As an individual contributor] From: netconf <netconf-bounces@ietf.org> On Behalf Of Kent Watsen Sent: 21 April 2020 15:17 To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Cc: netconf@ietf.org Subject: Re: [netconf] Virtual "hum" for the "key generation" issue discussed at virtual meeting Hi Juergen, So what do the numbers mean? 1 = highest priority or 1 = lowest priority? In the SurveyMonkey interface: 1 = 1st choice / preference 2 = 2nd choice / preference 3 = 3rd choice / preference If using the drag-n-drop ability, the top-most row is the 1st choice. SurveyMonkey will nicely automatically assign it the value ‘1’. Sadly, when setting the values directly, SurveyMonkey inconsistently does not reorder the rows... Can you explain what 'fastest closure' means? What is your estimate of the time difference between otions #3 and #2? There is a big difference for me between lets say 3 months and 2 years. The presentation begins at the 5:05 mark here: https://www.youtube.com/watch?v=-OByWiciRrc. Fastest closure is just me deleting stuff from the crypto-types, keystore, ssh-client-server, and tls-client-server drafts (1 week?) at which point I think we could start a WGLC. Options #1 and #2 both have uncertain endings. In theory, Option 1 is done (just a little clean up), but SecDir and SecAD think it might blow up in IESG review. Option 2 has less blow up potential, but as it hasn’t been worked on yet, it’s unclear how it might land, and then there is labor effort, for which I get little help. In either case, it wouldn’t surprise me at all if we were still talking about them a year from now. On the list, it was already said that #2 be done later if we do #3. Let me refine this question. Can #2 be done later via an augmentation? If so, we may do #3 and work on #2 concurrently. But it all boils down to what the estimate of the time delta between #2 and #3 is. Both #1 and #2 could equally well be done later if we do #3 now. Stated another way, picking #3 doesn’t cause us to do anything that might preclude or complicate doing #1 or #2 later. Rather, it’s more akin to doing nothing, leaving a void that could be filled in either way when the time arises. Since the crux of YANG modules is the definition of groupings, I imagine “-bis" RFCs needing to be published, more so than having other RFCs augment the groupings. This being the case, working of concurrent publications doesn’t seem feasible to me. The proper link to the slides seems to be: https://datatracker.ietf.org/meeting/interim-2020-netconf-01/materials/slides-interim-2020-netconf-01-sessa-status-and-issues-for-the-client-server-suite-of-drafts.pptx Thanks for sending out the correct link! Kent
- [netconf] Virtual "hum" for the "key generation" … Kent Watsen
- Re: [netconf] Virtual "hum" for the "key generati… Juergen Schoenwaelder
- Re: [netconf] Virtual "hum" for the "key generati… Kent Watsen
- Re: [netconf] Virtual "hum" for the "key generati… Rob Wilton (rwilton)
- Re: [netconf] Virtual "hum" for the "key generati… Kent Watsen
- Re: [netconf] Virtual "hum" for the "key generati… Rob Wilton (rwilton)
- Re: [netconf] Virtual "hum" for the "key generati… Kent Watsen