IETF Logo Mail Archive

Re: [Netconf] Draft Charter Proposal for NETCONF WG

Mahesh Jethanandani <mjethanandani@gmail.com> Wed, 22 March 2017 21:53 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F0112950A for <netconf@ietfa.amsl.com>; Wed, 22 Mar 2017 14:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xm6896HA79U for <netconf@ietfa.amsl.com>; Wed, 22 Mar 2017 14:52:59 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB70F1294B5 for <netconf@ietf.org>; Wed, 22 Mar 2017 14:52:59 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id o126so96938438pfb.3 for <netconf@ietf.org>; Wed, 22 Mar 2017 14:52:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=2imTMJOzzYAxQpnt2iVULTEfVKjFu6RAR3D7wYrC42k=; b=MdoEe4QxKvbU8ZffaYc7qSEHEd5aLvmCENbeFMTQR4jCO3XdhfcB51wblYGcNHnOse mVxCcUpap25Whg69TqsCjSIhzcyLa+B+MM+4Ztp3hkrH0YjdL0s97ooyi8m8QJuy372e PVMWlnbCPuubyp9sMb1FyUOK0XwkcrM5Gv/vLaAGpsha3Lywvu7BI06I5VYknzCFg1OW SoZ6j+B9fRyWuGD9A5Xrq4yeXmhUW5suzxeyflwgbijxmsWqJ4f83TKfNLiC7ZwttKzp I0mzaHZ45pKiuZNjV/30+8F3zielIMj+vqiidscItv92qyDN2qVWH3GbccVZjG7mBETH VIvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=2imTMJOzzYAxQpnt2iVULTEfVKjFu6RAR3D7wYrC42k=; b=JLuNuIQd0oyHIx6B27KOXfR3vHfi3Ha4L7C5IZtpYXCr/v6/gqyTyMA1ZPtCzohs7B Ta510TKiTb08/DGG4INNMfImpxWIdeuIk9QFrjXzc272NRxn9XeRfOw7Y+pkVVelNzkX 1lOfskTjVELxP+zUoz11syzmub8B7LQUlhiSZn+TkrRa2BMiNqvIO5C/pXXkjAnR9jPg S35R4KD17jPh5YE5xQh05qYJskMzzo2jkQ0wqpSLH0GMWDYnKkUOp47p6w2zbLzogyk4 U24ZafFjt86C59chcwJz03yfHMvm60zNBTKbtf1+tCa5hRUxQI9nS9dZbgn3YFsdglSs rQvA==
X-Gm-Message-State: AFeK/H3eEtL9ZjSLjcrM85NGgpqGOI1XimJXjsqTJLUqiicXAT/tf6dAozBJ+fQ7QTSvAg==
X-Received: by 10.98.42.200 with SMTP id q191mr25884770pfq.73.1490219579277; Wed, 22 Mar 2017 14:52:59 -0700 (PDT)
Received: from [10.52.112.158] ([166.177.250.29]) by smtp.gmail.com with ESMTPSA id t67sm5761350pfd.76.2017.03.22.14.52.55 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 22 Mar 2017 14:52:55 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 22 Mar 2017 14:32:38 -0700
Message-Id: <FF00B7D1-0418-49C5-93AF-59D837354879@gmail.com>
References: <CABCOCHSacn15vfo8MR0K-UJJo6E0AZ14Gwj3M43KYkgbtwK8Kg@mail.gmail.com> <005101d2975f$ae87ac20$0b970460$@ndzh.com> <017d01d29769$0df70b20$29e52160$@gmail.com> <010701d29771$a45f66e0$ed1e34a0$@ndzh.com> <026601d2977f$8d059600$a710c200$@gmail.com> <685B9088-7557-4C6E-9A8F-54C3208DB312@juniper.net> <7217bc23-0e1e-c250-929d-e18c3f0a800f@cisco.com> <07b601d2a197$9865d5b0$c9318110$@gmail.com> <02ee01d2a22b$295b2be0$4001a8c0@gateway.2wire.net> <BA52FB19-D4B9-4E1A-BFE5-7CCE6F5554B1@juniper.net> <20170321174358.GA36769@elstar.local> <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net>
Cc: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, Netconf <netconf@ietf.org>
In-Reply-To: <65E2B5E1-A1D0-45C1-94E8-F10A35042295@juniper.net>
To: Kent Watsen <kwatsen@juniper.net>
X-Mailer: iPhone Mail (13G36)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/rhtsp2_nET7kCNE7_WrUWR6P9Uo>
Subject: Re: [Netconf] Draft Charter Proposal for NETCONF WG
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 21:53:02 -0000


> On Mar 21, 2017, at 11:56 AM, Kent Watsen <kwatsen@juniper.net> wrote:
> 
> 
> Again, a keystore is not limited to asymmetric keys.   At the moment it is exclusively asymmetric, but that's only because we (the authors) moved the passwords (read symmetric keys) that were present in the previous version to the ietf-ssh-client module, but they may return, as many real-world keystore mechanisms do manage passwords as well (e.g., Mac OSX's Keychain Access utility).
> 
> The module names are fine, but we could update the draft title. How about "A System-level Keystore Model"?

How about "Asymmetric Key System-level Keystore Model"?

And add a reference to keychain model for symmetric keys. 

Mahesh Jethanandani 
mjethanandani@gmail.com
> 
> K.
> 
> 
> -----ORIGINAL MESSAGE-----
> 
> Unfortunately, nobody likes to make the distinction symmetric keys vs
> asymmetric keys clear and obvious - instead we have keystore
> vs. keychain and draft titles such as 'Keystore Model' and 'Routing
> Key Chain YANG Data Model'. And authors then prefer to qualify things
> as 'routing' and 'system' in the abstract, which does not help either.
> I meanwhile have given up on this.
> 
> /js
> 
>> On Tue, Mar 21, 2017 at 04:41:17PM +0000, Kent Watsen wrote:
>> Hi Tom,
>> 
>> We renamed our "keychain" module to "keystore" about four months ago, in part to help disambiguate it from the rtgwg's "key-chain" module.  The rtgwg's key-chain module is specific to symmetric keys used in routing protocols, whereas the netconf keystore module is primarily focused on asymmetric keys used in authentication protocols.  We discussed a while back (> 1yr ago) about potential overlap and decided that there was none.  During YANG doctor review, I encouraged Acee to add a statement about the non-relationship, but he didn't go for it.  FWIW, the PCE-PCEP module plans to use both the key-chain and keystore modules.
>> 
>> Kent
>> 
>> 
>> -----ORIGINAL MESSAGE-----
>> 
>> What interaction, if any, is there between
>> 
>> draft-ietf-rtgwg-yang-key-chain-15.txt
>> This document describes the key chain YANG data model.
>> file "ietf-key-chain@2017-02-16.yang"
>> 
>> currently in IETF Last Call, and
>> 
>> draft-ietf-netconf-system-keychain-00
>> This document defines a YANG data module for a system-level keychain
>> mechanism
>> file "ietf-system-keychain@2016-07-08.yang"
>> 
>> ?
>> 
>> Tom Petch
>> 
>> 
>> ----- Original Message -----
>> From: "Mehmet Ersue" <mersue@gmail.com>
>> To: "'Benoit Claise'" <bclaise@cisco.com>; "'Susan Hares'"
>> <shares@ndzh.com>
>> Sent: Monday, March 20, 2017 4:32 PM
>> 
>>> Dear All,
>>> 
>>> 
>>> 
>>> based on the recent discussion and proposals please find below the
>> updated
>>> charter proposal for NETCONF WG.
>>> 
>>> Please comment before March 24, 2017.
>>> 
>>> 
>>> Following Benoit's support the I2RS-related additions have been added
>> as a
>>> separated item.
>>> 
>>> Being dependent on netmod-revised-datastores point 6 and 7 have been
>> defined
>>> as a goal without a deadline.
>>> 
>>> 
>>> Mehmet
>>> 
>>> 
>>> Network Configuration (netconf)
>>> 
>>> -------------------------------
>>> 
>>> 
>>> 
>>> Charter
>>> 
>>> 
>>> 
>>> Current Status: Active
>>> 
>>> 
>>> 
>>> Chairs:
>>> 
>>>     Mahesh Jethanandani <mjethanandani@gmail.com>
>>> 
>>>    Mehmet Ersue <mersue@gmail.com>
>>> 
>>> 
>>> 
>>> Operations and Management Area Directors:
>>> 
>>>     Benoit Claise <bclaise@cisco.com>
>>> 
>>>     Joel Jaeggli <joelja@bogus.com>
>>> 
>>> 
>>> 
>>> Operations and Management Area Advisor:
>>> 
>>>     Benoit Claise <bclaise@cisco.com>
>>> 
>>> 
>>> 
>>> Mailing Lists:
>>> 
>>>     General Discussion: netconf@ietf.org
>>> 
>>>     To Subscribe:    https://www.ietf.org/mailman/listinfo/netconf
>>> 
>>>     Archive:
>> <https://mailarchive.ietf.org/arch/browse/netconf/>
>>> https://mailarchive.ietf.org/arch/browse/netconf/
>>> 
>>> 
>>> 
>>> Description of Working Group:
>>> 
>>> 
>>> 
>>>  Configuration of networks of devices has become a critical
>> requirement
>>> 
>>>  for operators in today's highly interconnected networks. Large and
>>> 
>>>  small operators alike have developed their own mechanisms or have
>> used
>>> 
>>>  vendor specific mechanisms to transfer configuration data to and
>> from
>>> 
>>>  a device and to examine device state information which may impact
>> the
>>> 
>>>  configuration. Each of these mechanisms may be different in various
>>> 
>>>  aspects, such as session establishment, user authentication,
>>> 
>>>  configuration data exchange, and error responses.
>>> 
>>> 
>>> 
>>>  The NETCONF protocol (RFC 6241) provides mechanisms to install,
>>> 
>>>  manipulate, and delete the configuration of network devices. NETCONF
>>> 
>>>  is based on the secure transport (SSH is mandatory to implement
>> while
>>> 
>>>  TLS is an optional transport). The NETCONF protocol is data modeling
>>> 
>>>  language independent, but YANG (RFC 7950) is the recommended NETCONF
>>> 
>>>  modeling language, which introduces advanced language features for
>>> 
>>>  configuration management.
>>> 
>>> 
>>> 
>>>  NETCONF WG recently finalized the development of RESTCONF protocol
>>> 
>>>  (RFC 8040) which provides an interface over HTTPs for accessing data
>>> 
>>>  defined in YANG. RESTCONF is based on the capabilities and uses the
>>> 
>>>  datastore concept defined in the NETCONF protocol specification. In
>>> 
>>>  support of RESTCONF the YANG-Patch (RFC 8072) mechanism has been
>>> 
>>>  provided for applying patches to configuration datastores. The YANG
>>> 
>>>  Module Library (RFC 7895) provides information about all YANG
>> modules
>>> 
>>>  used by a network management server.
>>> 
>>> 
>>> 
>>>  Last but not least NETCONF and RESTCONF Call Home (RFC 8071) have
>> been
>>> 
>>>  developed, which enable a server to initiate a secure connection to
>> a
>>> 
>>>  NETCONF or RESTCONF client respectively.
>>> 
>>> 
>>> 
>>>  In the current phase of NETCONF's incremental development the
>>> 
>>>  workgroup will focus on following items:
>>> 
>>> 
>>> 
>>>  1. Finalize the YANG data module for a system-level keystore
>> mechanism,
>>> 
>>>  that can be used to hold onto asymmetric private keys and
>> certificates
>>> 
>>>  that are trusted by the system advertising support for this module.
>>> 
>>>  Based on the known dependencies this draft has the highest priority
>>> 
>>>  for the WG.
>>> 
>>> 
>>> 
>>>  2. Finalize Server and Client Configuration YANG modules for both
>>> 
>>>  NETCONF and RESTCONF as well as the Client and Server Models for SSH
>>> 
>>>  and TLS.
>>> 
>>> 
>>> 
>>>  3. Finalize the Zero-touch provisioning for NETCONF or
>> RESTCONF-based
>>> 
>>>  Management as a technique to establish a secure network management
>>> 
>>>  relationship between a newly delivered network device configured
>> with
>>> 
>>>  just its factory default settings, and the Network Management
>> System)
>>> 
>>> 
>>> 
>>>  4. Provide a revised version of RFC 6536 (NETCONF Access Control
>>> 
>>>  Model) by adding support for RESTCONF and the YANG 1.1. constructs
>>> 
>>>  like "action" and the "notification" statements.
>>> 
>>> 
>>> 
>>>  5. Provide a set of documents enabling advanced notification/
>>> 
>>>  subscription capabilities, which gracefully co-exist in a deployment
>>> 
>>>  of RFC 5277. The new capabilities include e.g. transport
>> independence,
>>> 
>>>  multiple dynamic and configured subscriptions in a transport
>>> 
>>>  session. RFC 5277 will be obsoleted in parallel to the publication
>> of
>>> 
>>>  the new document set. Following specifications will be addressed:
>>> 
>>>   - Protocol-neutral notification framework, i.e., explaining the
>>> 
>>>     concepts of subscriptions, filters, subscription state
>>> 
>>>     notifications, replay, etc. and defining the associated YANG data
>>> 
>>>     model, RPCs, etc.
>>> 
>>>   - Definition of notifications sent over NETCONF and how YANG
>>> 
>>>     notifications are encoded in XML and JSON. Include considerations
>>> 
>>>     for parallel support / implementation compatibility with
>> RFC-5277.
>>> 
>>>   - Definition of notifications sent over RESTCONF and HTTP2 and how
>>> 
>>>     YANG notifications are encoded in XML and JSON. Include specifics
>>> 
>>>     of call-home and heartbeat for subscriptions.
>>> 
>>>   - The subscription and push mechanism for YANG datastores allowing
>>> 
>>>     subscriber applications to request updates from a YANG datastore.
>>> 
>>> 
>>> 
>>>  6. Provide a revision for the NETCONF and RESTCONF protocols and the
>>> 
>>>  used datastore framework building on the datastore concept in NETMOD
>>> 
>>>  revised datastores work. Bug fixing will be done and potential
>>> 
>>>  extensions will be added. Provide guidance on how to adapt and use
>>> 
>>>  YANG with NETCONF and RESCONF protocols. NETCONF XML Encoding Rules
>>> 
>>>  from RFC 7950 will be moved to RFC6241bis.
>>> 
>>> 
>>> 
>>>  7. Define capabilities for NETCONF and RESTCONF to support I2RS
>> protocol
>>> 
>>>  and ephemeral state datastore requirements.
>>> 
>>> 
>>> 
>>>  Based on the implementation, deployment experience and inter-
>>> 
>>>  operability testing, the WG aims to produce a NETCONF status report
>>> 
>>>  in a later stage. The result may be clarifications for RFC6241 and
>>> 
>>>  RFC6242 and addressing any reported errata.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Goals and Milestones:
>>> 
>>>  Done     Submit NETCONF/RESTCONF Call Home to AD/IESG for
>> consideration as
>>> Proposed Standard
>>> 
>>>  Done     Submit YANG Library to AD/IESG for consideration as
>> Proposed
>>> Standard
>>> 
>>>  Done     Submit RESTCONF to AD/IESG for consideration as Proposed
>> Standard
>>> 
>>>  Done     Submit YANG Patch to AD/IESG for consideration as Proposed
>>> Standard
>>> 
>>> 
>>> 
>>>  May 2017  WGLC for Zero-touch configuration mechanism
>>> 
>>>  Jun 2017  Submit Zero-touch configuration to AD/IESG for
>> consideration as
>>> Proposed Standard
>>> 
>>>  May 2017  WGLC for system-level keystore mechanism
>>> 
>>>  Jun 2017  Submit keystore mechanism to AD/IESG for consideration as
>>> Proposed Standard
>>> 
>>>  May 2017  WGLC for Server and Client models for NETCONF and RESTCONF
>>> 
>>>  Jun 2017  Submit Server and Client Configuration models to AD/IESG
>> for
>>> consideration as Proposed Standard
>>> 
>>>  May 2017  WGLC for Client and Server Models for SSH and TLS
>>> 
>>>  Jun 2017  Submit Client and Server Models for SSH and TLS to AD/IESG
>> for
>>> consideration as Proposed Standard
>>> 
>>>  Jun 2017  WGLC for RFC 6536bis (NETCONF Access Control Model)
>>> 
>>>  Jul 2017  Submit RFC 6536bis to AD/IESG for consideration as
>> Proposed
>>> Standard
>>> 
>>>  Jun 2017  WGLC for advanced Notification/Subscription specifications
>>> 
>>>  Jul 2017  Submit Notification/Subscription specifications to AD/IESG
>> for
>>> consideration as Proposed Standard
>>> 
>>> 
>>> 
>>> 
>>> 
>>> From: Benoit Claise [mailto:bclaise@cisco.com]
>>> Sent: Friday, March 17, 2017 4:49 PM
>>> To: Kent Watsen <kwatsen@juniper.net>; Mehmet Ersue
>> <mersue@gmail.com>;
>>> 'Susan Hares' <shares@ndzh.com>; 'Andy Bierman' <andy@yumaworks.com>
>>> Cc: 'Netconf' <netconf@ietf.org>
>>> 
>>> 
>>> 
>>> On 3/8/2017 12:57 AM, Kent Watsen wrote:
>>> 
>>> I agree with Mehmet, any changes to the NC/RC protocols should be done
>> in
>>> the NETCONF WG.
>>> 
>>> +1.
>>> 
>>> Regards, Benoit
>> 
>> <snip>
>> 
>> 
>> _______________________________________________
>> Netconf mailing list
>> Netconf@ietf.org
>> https://www.ietf.org/mailman/listinfo/netconf
>> 
>> 
>> _______________________________________________
>> Netconf mailing list
>> Netconf@ietf.org
>> https://www.ietf.org/mailman/listinfo/netconf
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> 
> 
> _______________________________________________
> Netconf mailing list
> Netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf

v2.23.0 | Report a Bug | By Email