Re: [netconf] WGLC on draft-ietf-netconf-tls-client-server

Kent Watsen <kent@watsen.net> Mon, 19 April 2021 23:19 UTC

Return-Path: <01000178ec6ee506-50ea847c-93a5-4e6b-a99a-02e85a2e74fc-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72EF3A48DE for <netconf@ietfa.amsl.com>; Mon, 19 Apr 2021 16:19:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.017
X-Spam-Level:
X-Spam-Status: No, score=-0.017 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LyvitcHFBrC for <netconf@ietfa.amsl.com>; Mon, 19 Apr 2021 16:19:55 -0700 (PDT)
Received: from a48-90.smtp-out.amazonses.com (a48-90.smtp-out.amazonses.com [54.240.48.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 292E23A48DC for <netconf@ietf.org>; Mon, 19 Apr 2021 16:19:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1618874394; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=wKn3HaTD0J3rQ44uoaFH37IuUvKbTCysZfBC2JWn914=; b=X+cZGxP2U6/7neO6XLX7rS5S6zX132j76Z2LHJQOg6Yfx0y6mq4Pwo5oIftP4s+Y GuWjxounu8qAsRYVKahq0ZMNqDJFi79phjIzPgaHgx0j2K0+6SeiIDn69YEIFpBKrZ9 S1AuBEphy96KBroZLpp0Pf8rK5eTpalYFO4rawEw=
From: Kent Watsen <kent@watsen.net>
Message-ID: <01000178ec6ee506-50ea847c-93a5-4e6b-a99a-02e85a2e74fc-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2A4AFC1B-C92E-4890-B7E2-1AB73E67E10C"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Mon, 19 Apr 2021 23:19:53 +0000
In-Reply-To: <CAB75xn6DyaE8TM=c_j63MK3FJfmhYZcA8Bdu6YNXPg-+OHy7dw@mail.gmail.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, "netconf@ietf.org" <netconf@ietf.org>
To: Dhruv Dhody <dhruv.ietf@gmail.com>
References: <E8878253-12DD-4943-8E26-0CBE121290DA@gmail.com> <CAB75xn6DyaE8TM=c_j63MK3FJfmhYZcA8Bdu6YNXPg-+OHy7dw@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2021.04.19-54.240.48.90
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/uWaN-dbdpCowQp7uQ52OTFlgX1g>
Subject: Re: [netconf] WGLC on draft-ietf-netconf-tls-client-server
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2021 23:20:00 -0000

Hi Dhruv,

Thank you for your review!

Below are responses to your comments.

K.


> On Apr 13, 2021, at 4:42 AM, Dhruv Dhody <dhruv.ietf@gmail.com> wrote:
> 
> Hi Mahesh, WG,
> 
> I have reviewed the draft. The PCE YANG uses these groupings and I am happy to see the WG make progress on this I-D.

:)


> Few comments -
> - Both abstract and introduction say that the first module is the TLS client whereas the first module defined in this I-D is the TLS common.

Fixed (also fixed in other drafts where the issue arose)


> - I am wondering if anything needs to be done for the older versions of TLS which are made historic. The use of features helps, is there any other guidance that needs to be given?

We could set the “status” to “deprecated”.  That said, it's one thing to say that a protocol is deprecated and another to say that the configuration for a still somewhat widely-used deprecated-protocol is deprecated…thoughts?



> - Why is there no identity for TLS 1.3?

Because the draft has been a work in progress for longer then TLS 1.3  ;)

Just added an identity for 1.3.


> - For the feature tls-1_3, the description says 1.2

Fixed!


> - Copyright year in the YANG modules is still 2020

Fixed (in all drafts)


> - Authors in the YANG module is inconsistent with the I-D


Correct, Gary Wu helped with the YANG module only (in the “ssh” draft also).  For both drafts, I’ve created a new “Contributors” section to better call out his contribution.


> - Reference used in YANG (FIPS PUB 180-4) needs to be added in the I-D as well. 

Reference added.


> 
> Thanks!
> Dhruv

Thanks!

K.