Re: [netconf] Roman Danyliw's No Objection on draft-ietf-netconf-sztp-csr-12: (with COMMENT)
Kent Watsen <kent+ietf@watsen.net> Tue, 21 December 2021 20:05 UTC
Return-Path: <0100017dde9900c3-5a02bbf7-1188-4b56-ad5b-7adc1705faac-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498A53A12C1; Tue, 21 Dec 2021 12:05:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LA7zHjmNzrCH; Tue, 21 Dec 2021 12:05:11 -0800 (PST)
Received: from a48-110.smtp-out.amazonses.com (a48-110.smtp-out.amazonses.com [54.240.48.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F82D3A12C0; Tue, 21 Dec 2021 12:05:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1640117109; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=YUzrFZltPRwJ21XLf6DOvqRFNZS4xCHrLiXs/Z6gkns=; b=TRwt2YzCbLY7iPN9YMXWm4E1c8VOqGcmkLevwieepHpHGM4BVaN7ZN3yvon1cHaH m1tpLURcrVgC4eSZPZC5iSCwidPhFFFnqjaKtsjN8V8C1c7F23TR2Pq7wAvPJXXoS88 aMdpFsBHffTxOT/D80UbI3wiLV8WqHvw9KaTjGTQ=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <0100017dde9900c3-5a02bbf7-1188-4b56-ad5b-7adc1705faac-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F91CBDB4-D39D-4418-9E8B-CD65401DF9C6"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Tue, 21 Dec 2021 20:05:08 +0000
In-Reply-To: <163961310503.29838.2930717052258225050@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-netconf-sztp-csr@ietf.org, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, Mahesh Jethanandani <mjethanandani@gmail.com>
To: Roman Danyliw <rdd@cert.org>
References: <163961310503.29838.2930717052258225050@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2021.12.21-54.240.48.110
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/wbFlziCzRV6QVK38-rnfXqhm4dw>
Subject: Re: [netconf] Roman Danyliw's No Objection on draft-ietf-netconf-sztp-csr-12: (with COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2021 20:05:16 -0000
Hi Roman, Thank you for your review! Below are responses to your comments. Diffs: https://github.com/netconf-wg/sztp-csr/commit/f31f47932f60b88a746b8ec7a26a6f00986355e9 <https://github.com/netconf-wg/sztp-csr/commit/f31f47932f60b88a746b8ec7a26a6f00986355e9> Kent (and Sean and Russ) > On Dec 15, 2021, at 7:05 PM, Roman Danyliw via Datatracker <noreply@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-netconf-sztp-csr-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-netconf-sztp-csr/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Yaron Sheffer for the SECDIR review. > > ** Section 4.1.1. > > For instance, an NMS controller/orchestrator > application could periodically prompt the SZTP-client to generate a > new private key and provide a certificate signing request (CSR) or, > alternatively, push both the key and an identity certificate to the > SZTP-client using, e.g., a PKCS #12 [RFC7292]. > > I don’t have a sense of the classes of endpoints that would rely on SZTP. > Would it include highly constrained or battery powered devices for which this > re-keying would be too expensive? Possibly. For the most part, IoT deployments seem to be going to BRSKI route (though that isn’t any more efficient in this regrade). All of the SZTP deployments I’m aware of are easily able to generate fresh keying material. But note that, if extreme cases, the material could be pushed to the device via a p12, which obviates concern, no? [No update to the draft has been made to reflect this comment yet.] > > ** Editorial nits: > -- Section 2.1. s/an new/a new/ Fixed! (Change made by an earlier review) > -- Section 2.2. Typo. s/Following are/The following are/ Instead used s/Following are/Below are/ - otherwise okay to let copy editor handle? > -- Section 4.1.1. s/Forever contain/contain/ Fixed!
- [netconf] Roman Danyliw's No Objection on draft-i… Roman Danyliw via Datatracker
- Re: [netconf] Roman Danyliw's No Objection on dra… Russ Housley
- Re: [netconf] Roman Danyliw's No Objection on dra… Kent Watsen