Re: [netconf] Truststore: bags, sets, or other?

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 03 February 2020 14:51 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAA22120044 for <netconf@ietfa.amsl.com>; Mon, 3 Feb 2020 06:51:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Klwl/xKp; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=0TjLOW+W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzNDLmhhRnCP for <netconf@ietfa.amsl.com>; Mon, 3 Feb 2020 06:51:32 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1E481200B9 for <netconf@ietf.org>; Mon, 3 Feb 2020 06:51:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4636; q=dns/txt; s=iport; t=1580741492; x=1581951092; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=HaOcZc/hMokJtoDqCk2d9MdWVe0r0S6FBBvmXyvv3Hg=; b=Klwl/xKpw8RaE+En2YNIUsnUlZnrV5psyqIJbJLgxCPBdKwzJW+jV+yI uswMAvbBVV7RqbiSzTJUEM3rVdhMyF9XfkdCH+iYkLYb2DNludoWBZ4nq BbEg8ekgBh+iVK8n7lw6raDAnvchqNV/WfedIPq7Adhny7AuAWU727eK6 A=;
IronPort-PHdr: 9a23:OiUf5xOp/FS2du1OQ5Ml6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu60/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBjhM//ucys8NM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ApAAArMjhe/51dJa1iAxoBAQEBAQEBAQEDAQEBAREBAQECAgEBAQGBagIBAQEBCwGBU1AFbFggBAsqCoQKg0YDinaCX5gPglIDVAkBAQEMAQEYCwoCAQGDe0UCF4IdJDcGDgIDDQEBBAEBAQIBBQRthTcMhWYBAQEBAwEBEBERDAEBLAsBBAcCAgIBBgIQAQQBAQECAiYCAgIZDAsVCAgCBAENBQgagwWCSgMuAQIMj3aQZgKBOYhidYEygn8BAQWFCBiCDAMGBYEJKgGKXIFDGoFBP4ERR4FOfj6CZAEBgWcVCiaCSTKCLI0+gxmGBJgVdgqCO5ZbgkiYQI5hgUuZTwIEAgQFAg4BAQWBaCOBWHAVO4JsUBgNgRqNAwwXg1AzhGGFP3SBKYxQAYEPAQE
X-IronPort-AV: E=Sophos;i="5.70,398,1574121600"; d="scan'208";a="420909173"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Feb 2020 14:51:31 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 013EpVtB018158 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 3 Feb 2020 14:51:31 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 08:51:31 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 3 Feb 2020 09:51:30 -0500
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 3 Feb 2020 08:51:30 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l+4kOcyfXmWRD4YiSgCYixx0WnVqBVNnar/syM4LcJSoU4HYBvWEsGU0z0ZZzhep9MeWmvyx4eAqPuyf4tEzwSs5gqRwDwHPKtDtvkREwoSStrNYTnxsRKkzBJ6OlJlE3/SwtiOvEzm9ocKpWkCO41uTCTnQXW+bwKeX50AGxWC4UzBLqHiNTuU1EyMk2Nnjgw30iET5Gbp1Qfu5MkZ4UJV5/cQ4K0X7MSF8pNZbFzVd4KCDX+XeXrD2sVseOQ0pwdc/Z7nlM4ljHpK9AMJuw9shFJh1urrzpti5PeHP7sKgCeDondtnMOQ/Dx0CupAOD4bWRQMhD5R8evEJf6EiyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HaOcZc/hMokJtoDqCk2d9MdWVe0r0S6FBBvmXyvv3Hg=; b=EFkk7gvh+Tfv/T9/7EFddPT78W8toPck/auF9pCMH+oaCxgPsn0vly9WXhf/FkbFLQ3aY0lRHQIwhQ5SrcBXJ5qDoPZJ5zXPhGp6N+3ccAQGOFotHFx+pN+0S2XSlK6uWrUd3blwRDjkiS1r6mE7wtuwhDijjUtTLBthXUOK722PTH5bTGtUpsyhjFw0LR2aV9u4DPFuEK8lOlClLeeLIjYTKoSvxXMFx7KjOu5nEY7Wr846Ly+TP11S72yLKYo4hE9xdR6zwe0M/jTvB5GQs9825NaorUnZevFrMO4zzvR89dwUpdTlWj1bTG8cex10X84ez6PRi7Tqpn6RujcSRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HaOcZc/hMokJtoDqCk2d9MdWVe0r0S6FBBvmXyvv3Hg=; b=0TjLOW+WnekD/cAylCZPQJTzpm9tPb1gZmhFoA3yCNnKO/3LtZqGFyn7IYwlFAP4CEreFLFCZfGgrnSfb0plEP/ahJK/KXATlT3OzQlL+hcqfNyjq0qF34ZfBjk4kVnU3WLDKKOqp1R8eYiBhBWq+OKfyI2nhe7A81ispZoHWJE=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB4448.namprd11.prod.outlook.com (52.135.39.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32; Mon, 3 Feb 2020 14:51:29 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::b9ce:1058:5fa6:44a1]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::b9ce:1058:5fa6:44a1%7]) with mapi id 15.20.2686.031; Mon, 3 Feb 2020 14:51:29 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>, Kent Watsen <kent+ietf@watsen.net>
CC: Russ Housley <housley@vigilsec.com>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Truststore: bags, sets, or other?
Thread-Index: AQHV19IVu2XZbPG0hUqJ53Cuw+3kZagEja2AgADH+ACAAKiCgIADkbFg
Date: Mon, 03 Feb 2020 14:51:29 +0000
Message-ID: <MN2PR11MB4366AE21207AECD44DEF5D24B5000@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <0100016ff91dfd1b-9e8e6622-7e36-45dc-a661-f4702b494040-000000@email.amazonses.com> <20200131.111027.840757629039452002.mbj@tail-f.com> <0100016ffda3d528-f411ef14-2813-4372-99c4-8269e5ea435e-000000@email.amazonses.com> <20200201080916.yrlurqzzlconhxlr@anna.jacobs.jacobs-university.de>
In-Reply-To: <20200201080916.yrlurqzzlconhxlr@anna.jacobs.jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [173.38.220.53]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fd0c225c-fb47-4164-1797-08d7a8b88d6e
x-ms-traffictypediagnostic: MN2PR11MB4448:
x-microsoft-antispam-prvs: <MN2PR11MB44489FEEBE13C3C3DDE4848EB5000@MN2PR11MB4448.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0302D4F392
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(376002)(39860400002)(366004)(346002)(199004)(189003)(966005)(478600001)(71200400001)(26005)(186003)(5660300002)(8936002)(81166006)(81156014)(54906003)(110136005)(33656002)(7696005)(52536014)(76116006)(2906002)(66446008)(316002)(64756008)(66556008)(66476007)(66946007)(8676002)(53546011)(4326008)(6506007)(66574012)(55016002)(9686003)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4448; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A/AbYdxEletb5OW3y8yb3mB20HB7PKha7WQDxQj+elLEG5orAt2wseqfNQsMpawNEqf5N3ThSKnk7z5VzTfX/wfP+vrXIaE8ZiLsW+eIVG6lkRqiymDgQy3h0IWNaPMt/ihuvE3DDVlrVxofNPXEZnaaLfYfkXOzzrcV9XQcbVnUTFfz3APBJ97K8JoAcr6tgeGLSmPEN6jfQgZxwqRnO4m2p8hDUvQnUnNMvdOVoHcQCoZtNHYiM6enUXsuS8YlxwqDiuOfSC3oHNvtOSQjOXgRkx0HbcSbHxApGx24e5TzetaUIldSYF12aWZ4UOynvpUf5RatF8Nub4T+Uqg50fcVs2TC3P+bZvSHAqN6jeqMLQUihoRkvIthhVYI95QqaUvzcfwdm+5tS7SD0XaoWh2ZfSw8dILaeV1oCUDhXgk78Oj4dvI9aro/rVrmpPlTem7eCo7C27YQQhjykuXJPDEX1E2buToZiKkOHNpaS9FSycM4SDemZ5APqaMZKstB+9YMfu1MRuqdTMEsgeTefQ==
x-ms-exchange-antispam-messagedata: vS6BLbfka9LVL0dQnPr0ADC1tWXz2hWpdlr4lP+MO7mXiNPtJ0+EjoPHFnA4rUiS46dgaQh6chiqM772vLUMqfKlFgGSxefLZt2wn42CSCEL9BwFm6YssLmfQDiTlEtU5tx+zLmW5upwT0I4w2s7dg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: fd0c225c-fb47-4164-1797-08d7a8b88d6e
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2020 14:51:29.4626 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 29J2IQqgAB8IdDy0aZvmVCUeREfyiMVHLms4MYLLACa2nJqFxnURUmfdgmjFzXrXXjx5RhWImvUO75oGiVr3kw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4448
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/t6gdNPNe3UHTrIBTPVIQRnUxtl8>
Subject: Re: [netconf] Truststore: bags, sets, or other?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 14:51:36 -0000

+1

This would also be my normal interpretation of a structure described as a "bag", although they don't seem to be that commonly used.

Thanks,
Rob


-----Original Message-----
From: netconf <netconf-bounces@ietf.org> On Behalf Of Schönwälder, Jürgen
Sent: 01 February 2020 08:09
To: Kent Watsen <kent+ietf@watsen.net>
Cc: Russ Housley <housley@vigilsec.com>; netconf@ietf.org
Subject: Re: [netconf] Truststore: bags, sets, or other?

A common interpretation in various data structure libraries is this:

set: unordered collection of something, duplicates not allowed
bag: unordered collection of something, duplicates allowed

/js

On Fri, Jan 31, 2020 at 10:06:10PM +0000, Kent Watsen wrote:
> Hi Martin,
> 
> >> NEW:
> >>            +--rw <thing>-bags {<thing-feature>}?
> >>               +--rw <thing>-bag* [name]
> >>                  +--rw name string
> >>                     +--rw <thing>* [name]
> >>                        +--rw name string
> >>                         …
> >> 
> >> Better, right?   Any other ideas?
> > 
> > We have current published modules with both "-list" and "-set".  No 
> > "-bag" so far.
> > 
> > For example:
> > 
> >  "list rule-list" in ietf-netconf-acm
> > 
> >  "list module-set" in ietf-yang-library
> 
> True.
> 
> 
> > There are some examples of "s" as well, but these are plural "s" for 
> > a normal list of singletons, and should have been named w/o the 
> > plural "s" (if we were to be consistent).
> > 
> > I would try to avoid "s" for a "list-of-lists", but then pick the 
> > suffix that feels most natural in the domain.  (For example, rather 
> > "list access-control-list" than "list access-control-set”).
> 
> Agreed.
> 
> > Perhaps you can argue that "-list" works better for ordered 
> > sequences, and "-set" and "-bag" for unordered.  But then there are 
> > "ordeded sets" and "unordered lists" (and even apparently "ordered 
> > bag", in UML).
> 
> Perhaps.
> 
> > The plural "s" is better for a surrounding container (if one exists).
> 
> Agreed.
> 
> 
> I also received a private response from Russ, who rather not join the netconf list, but said:
> 
> 1) “bag” was originally created to deal with issues with ASN.1 the SET and SEQUENCE types, and since have entered general crypto parlance outside the PKCS#12 context.
> 
> 2) “bag” is the ideal term for when conveying a unordered collection of X.509 certificates.
> 
> 3) “bag” is not known to be used in the context of SSH host keys or RPKs, but there isn’t anything wrong or bad with doing so either.
> 
> All said, I believe the best course is to use “bag” and, more specifically, to use the "/x-bags/x-bag/…” structure that is present at the top of this message.   Assuming there are no objections, this change will be in the next update.
> 
> 
> Kent
> 

> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf


-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>
_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf