Re: [netconf] Truststore: bags, sets, or other?
Kent Watsen <kent+ietf@watsen.net> Fri, 31 January 2020 22:06 UTC
Return-Path: <0100016ffda3d528-f411ef14-2813-4372-99c4-8269e5ea435e-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF5F3120041 for <netconf@ietfa.amsl.com>; Fri, 31 Jan 2020 14:06:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PK3gKbee8Hxg for <netconf@ietfa.amsl.com>; Fri, 31 Jan 2020 14:06:12 -0800 (PST)
Received: from a48-90.smtp-out.amazonses.com (a48-90.smtp-out.amazonses.com [54.240.48.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F4712002E for <netconf@ietf.org>; Fri, 31 Jan 2020 14:06:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1580508370; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=/FmObx7+mmja4txG+zhu1QBTZ5Pmt4PGaSTiRvBletI=; b=Nb9vqNWFH1wSZa2VEQZwV4MRVfr1TGqyzqOqKfY+HlLV8HkD4l7uCWE+SlculACJ AGTheaqbLqPz78AO+9AobQCgk67/a8dwE9UxNGFki56az8tmyzlE63nFv2/Br92axBO wO4V1aD8lnjP65L5oNkBm/s5nwQnhxsTyCL1hc7g=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100016ffda3d528-f411ef14-2813-4372-99c4-8269e5ea435e-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FCFFC781-1AF9-4153-AE1A-BDF60BF928CF"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Fri, 31 Jan 2020 22:06:10 +0000
In-Reply-To: <20200131.111027.840757629039452002.mbj@tail-f.com>
Cc: Russ Housley <housley@vigilsec.com>, "netconf@ietf.org" <netconf@ietf.org>
To: Martin Bjorklund <mbj@tail-f.com>
References: <0100016ff91dfd1b-9e8e6622-7e36-45dc-a661-f4702b494040-000000@email.amazonses.com> <20200131.111027.840757629039452002.mbj@tail-f.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2020.01.31-54.240.48.90
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ukggS5rYN0uhooJ3TSdx3MrfyHI>
Subject: Re: [netconf] Truststore: bags, sets, or other?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2020 22:06:14 -0000
Hi Martin,
>> NEW:
>> +--rw <thing>-bags {<thing-feature>}?
>> +--rw <thing>-bag* [name]
>> +--rw name string
>> +--rw <thing>* [name]
>> +--rw name string
>> …
>>
>> Better, right? Any other ideas?
>
> We have current published modules with both "-list" and "-set". No
> "-bag" so far.
>
> For example:
>
> "list rule-list" in ietf-netconf-acm
>
> "list module-set" in ietf-yang-library
True.
> There are some examples of "s" as well, but these are plural "s" for a
> normal list of singletons, and should have been named w/o the plural
> "s" (if we were to be consistent).
>
> I would try to avoid "s" for a "list-of-lists", but then pick the
> suffix that feels most natural in the domain. (For example, rather
> "list access-control-list" than "list access-control-set”).
Agreed.
> Perhaps you can argue that "-list" works better for ordered sequences,
> and "-set" and "-bag" for unordered. But then there are "ordeded
> sets" and "unordered lists" (and even apparently "ordered bag", in
> UML).
Perhaps.
> The plural "s" is better for a surrounding container (if one exists).
Agreed.
I also received a private response from Russ, who rather not join the netconf list, but said:
1) “bag” was originally created to deal with issues with ASN.1 the SET and SEQUENCE types, and since have entered general crypto parlance outside the PKCS#12 context.
2) “bag” is the ideal term for when conveying a unordered collection of X.509 certificates.
3) “bag” is not known to be used in the context of SSH host keys or RPKs, but there isn’t anything wrong or bad with doing so either.
All said, I believe the best course is to use “bag” and, more specifically, to use the "/x-bags/x-bag/…” structure that is present at the top of this message. Assuming there are no objections, this change will be in the next update.
Kent
- [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Martin Bjorklund
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Schönwälder
- Re: [netconf] Truststore: bags, sets, or other? Rob Wilton (rwilton)
- Re: [netconf] Truststore: bags, sets, or other? Kent Watsen
- Re: [netconf] Truststore: bags, sets, or other? Russ Housley
- Re: [netconf] Truststore: bags, sets, or other? Randy Presuhn
- Re: [netconf] Truststore: bags, sets, or other? Ladislav Lhotka
- Re: [netconf] Truststore: bags, sets, or other? Balázs Kovács