Re: [Netconf] Updating RFC 5539 WAS:FW: New version of draft-badra-netconf-rfc5539bis
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 04 April 2012 07:52 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57FD21F8621 for <netconf@ietfa.amsl.com>; Wed, 4 Apr 2012 00:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.839
X-Spam-Level:
X-Spam-Status: No, score=-101.839 tagged_above=-999 required=5 tests=[AWL=-0.890, BAYES_00=-2.599, HELO_EQ_DE=0.35, MANGLED_BEEF=2.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIhY+62vi5np for <netconf@ietfa.amsl.com>; Wed, 4 Apr 2012 00:52:47 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by ietfa.amsl.com (Postfix) with ESMTP id ED48921F865C for <netconf@ietf.org>; Wed, 4 Apr 2012 00:52:46 -0700 (PDT)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id 23F9420C2E; Wed, 4 Apr 2012 09:52:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 8Tf4a9-dOzQX; Wed, 4 Apr 2012 09:52:46 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 1ECEC20C24; Wed, 4 Apr 2012 09:52:44 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 8DA071E2DF54; Wed, 4 Apr 2012 09:52:45 +0200 (CEST)
Date: Wed, 04 Apr 2012 09:52:45 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Kent Watsen <kwatsen@juniper.net>
Message-ID: <20120404075245.GA13871@elstar.local>
Mail-Followup-To: Kent Watsen <kwatsen@juniper.net>, Alan Luchuk <luchuk@snmp.com>, "mbadra@gmail.com" <mbadra@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
References: <201203121922.PAA06844@adminfs.snmp.com> <84600D05C20FF943918238042D7670FD48C0A290BA@EMBX01-HQ.jnpr.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <84600D05C20FF943918238042D7670FD48C0A290BA@EMBX01-HQ.jnpr.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "netconf@ietf.org" <netconf@ietf.org>
Subject: Re: [Netconf] Updating RFC 5539 WAS:FW: New version of draft-badra-netconf-rfc5539bis
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netconf>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 07:52:47 -0000
On Tue, Apr 03, 2012 at 03:34:18PM -0700, Kent Watsen wrote: > >The suggestions sound reasonable. How about changing the typedef and > >YANG object to: > > > > typedef tls-fingerprint-type { > > type binary { > > length "1..255"; > > } > > Better now that min-length has been bumped from '0' to '1' I had a discussion about this with Martin. While SNMP adds the byte identifying the has algorithm to the hash value so that updates are atomic, I think in a YANG world this looks kind of awkward. I would rather see something like this in a config representation: <fingerprint> <sha1>de:ad:...:be:ef</sha1> </fingerprint> Most tools that compute fingerprints do not seem to produce the format with the embedded code for the hash algorithm. To achieve the above, we would need an IANA controlled grouping such that we achieve crypto agility. > >>Regarding "certificate-to-username-transform-count"... > >>Regarding "certificate-to-username-transform-last-changed"... > > > > These are patterned after informational objects in the SNMP-TLS-TM-MIB. > > I have no strong preference whether or not these are retained in the > > YANG module. Resetting the value to 0 is intended to allow implementation > > on devices that cannot keep time across reboots. > > If they're not referenced, then I don't believe they have any value and thus imagine they should be removed. The last one we do not really need since we have config change notifications (in case someone is interested to be notified). The counter - well not really essential either; I guess I prefer to keep this data model config true only. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [Netconf] Updating RFC 5539 WAS:FW: New version o… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Bert Wijnen (IETF)
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Ersue, Mehmet (NSN - DE/Munich)
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Bert Wijnen (IETF)
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Ladislav Lhotka
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Kent Watsen
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Andy Bierman
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Martin Bjorklund
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Phil Shafer
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Alan Luchuk
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Wes Hardaker
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Kent Watsen
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Kent Watsen
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Mohamad Badra
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Juergen Schoenwaelder
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Kent Watsen
- Re: [Netconf] Updating RFC 5539 WAS:FW: New versi… Kent Watsen