Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt

Kent Watsen <> Thu, 20 June 2019 15:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D95EF1200B3 for <>; Thu, 20 Jun 2019 08:44:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dwnYBV9Y_ZR6 for <>; Thu, 20 Jun 2019 08:44:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 79523120091 for <>; Thu, 20 Jun 2019 08:44:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;; t=1561045447; h=From:Content-Type:Mime-Version:Subject:Date:References:To:In-Reply-To:Message-Id:Feedback-ID; bh=wvmF0bHDiglalyZoUD4TGbV4MGZRyUdUOqb6H5ZfEFc=; b=SgbceMPpVt9nh5jUy+r3K4ADYd1c/iGzzPntkcZN1D6k9JG5FZDj2pgQIY6TfGnO cJwELFRdgsshNqup7MOgL35USDKvGRs6OzgCpYw11wR0lTgRB1oFp9H/I1x0xnrt72q SVOQiFW14M/cwUGbPdDfRcYp3z8rhVTzigMBS0I4=
From: Kent Watsen <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_533591F6-5930-4EDD-9A64-EAD44A15AF81"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 20 Jun 2019 15:44:07 +0000
References: <>
To: "" <>
In-Reply-To: <>
Message-ID: <>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.06.20-
Archived-At: <>
Subject: Re: [netconf] I-D Action: draft-ietf-netconf-crypto-types-09.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Jun 2019 15:44:11 -0000

This update converts the algorithms from being identities to enumerations.

This is suppose to be the result from the thread started on April 25 entitled "The maintenance of the algorithm identifiers in draft-ietf-crypto-types" but, actually, I think it's from an earlier thread in which I believe Lada stated rationale for using enumerations instead of identities (I can't find that thread right now).   Seeing that the enum "values" are just in position-order, I'm unsure what issue this change resolves, but it seems nicer that a server doesn't have to *implement* the module, and also the values don't have to be prefixed...

All said, I think that the maintainability issue remains.  IIRC, Tom Petch suggestion breaking the algorithms into smaller modules, that is, one module per what is now an "enumeration", and also I think that there was a recommendation for making these "iana-" modules...

This change is orthogonal to the update posted three days ago, which focused on how to support server-generated keys, etc.  No objections have been received so far, and thus I'm beginning to think it's okay and we can go into last call after the above discussion resolves.

Kent // contributor

> On Jun 20, 2019, at 10:52 AM, wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Configuration WG of the IETF.
>        Title           : Common YANG Data Types for Cryptography
>        Authors         : Kent Watsen
>                          Wang Haiguang
> 	Filename        : draft-ietf-netconf-crypto-types-09.txt
> 	Pages           : 56
> 	Date            : 2019-06-20
> Abstract:
>   This document defines YANG identities, typedefs, the groupings useful
>   for cryptographic applications.
> The IETF datatracker status page for this draft is:
> There are also htmlized versions available at:
> A diff from the previous version is available at:
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at
> Internet-Drafts are also available by anonymous FTP at:
> _______________________________________________
> netconf mailing list