Re: [netconf] Updated client-server suite of drafts
Michal Vasko <mvasko@cesnet.cz> Fri, 12 January 2024 11:05 UTC
Return-Path: <mvasko@cesnet.cz>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDE2CC14F6A0 for <netconf@ietfa.amsl.com>; Fri, 12 Jan 2024 03:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.405
X-Spam-Level:
X-Spam-Status: No, score=-4.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cesnet.cz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0sEoAV_7Zm9 for <netconf@ietfa.amsl.com>; Fri, 12 Jan 2024 03:05:08 -0800 (PST)
Received: from office2.cesnet.cz (office2.cesnet.cz [78.128.248.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06869C14F684 for <netconf@ietf.org>; Fri, 12 Jan 2024 03:05:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cesnet.cz; s=office2-2020; t=1705057503; bh=FIhl/AYve1vdZGRDJStyBKSLDhWbeRRUfdGJ8b8LWo8=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=ApA1cJc1a/5PdiVXWKSIVfsnjNj5Zee5NgQj5ZA/ia29hHFjyKtRNi/KGa1O8vv68 qztH6WB8Kq3fNS2yiUb9W5UfKfjcg5bXxp3HCu1RKgjNgJ1rGYEg195btPkSDXq+b2 SnbnfTWWoQk+rEFJMYVLDPPl/fo7nHoGEhwOPe1MEGYyZCb1NEazqvKlOYqhHsAlDd lwJHubrDEGg6u/0uBLHOPDHeHV49yffxNnUtWpzasvi1RPanc1Cz+end60h312GIcn KyfyNlKyhBVH/4UKoIPJomSdpvNv2r3IJyE/y12/hSqSanYuRRobmFDCOH9eu8RGR9 7rCIFLGfuSjgA==
Received: from [IPV6:2001:67c:1220:80c:0:8:37ba:2b19] (unknown [IPv6:2001:67c:1220:80c:0:8:37ba:2b19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by office2.cesnet.cz (Postfix) with ESMTPSA id E6766118007D; Fri, 12 Jan 2024 12:04:57 +0100 (CET)
Message-ID: <20a7128e-c414-46db-9ecd-2265bcff02fe@cesnet.cz>
Date: Fri, 12 Jan 2024 12:04:56 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Kent Watsen <kent+ietf@watsen.net>, "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>, Roman Janota <Roman.Janota=40cesnet.cz@dmarc.ietf.org>, Jensen Zhang <jingxuan.n.zhang@gmail.com>, Mohamed Boucadair <mohamed.boucadair@orange.com>
Cc: "netconf@ietf.org" <netconf@ietf.org>
References: <0100018cb1c8816a-afd2b265-6502-4cb4-a508-66cee1636b2b-000000@email.amazonses.com>
From: Michal Vasko <mvasko@cesnet.cz>
In-Reply-To: <0100018cb1c8816a-afd2b265-6502-4cb4-a508-66cee1636b2b-000000@email.amazonses.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040206050005060104030101"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/xTL-3-tvhv6GaF4MBrhg3zVBqZ8>
Subject: Re: [netconf] Updated client-server suite of drafts
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2024 11:05:12 -0000
Hi Kent, I have looked at it and it seems fine to me, thanks. Unfortunately, Roman, which knows more about it and has actually implemented the modules is currently busy with exams and I am not sure he will have a chance to look at the changes before the last call ends. But I believe there are no more serious issues. Regards, Michal On 28. 12. 2023 19:55, Kent Watsen wrote: > All, > > I just published an update for the suite of client-server drafts. > Please see CHANGE LOGS at bottom for details. > > > Rob, > > These updates primarily address your AD reviews and provided for > your ability to see diffs. For ongoing “discuss” items, please > see my responses to your comments in the per draft AD-review email > threads. > > > Michal, Roman, > > Please review how private-keys not longer require public-keys to > also be specified. > > > Jensen, Med, > > Please note that ietf-truststore now defines typedefs and > groupings similar to in your alto draft. > > > > Kent // author > > > CHANGE LOGS > ============= > > Crypto-types > > * Mostly addresses AD review comments. > * Also addresses on-list comment regarding public-keys being > "mandatory true." > * Added note to Editor to fix line foldings. > * Factored 'private-key-grouping' from 'asymmetric-key-pair-grouping'. > * Made public-key in 'asymmetric-key-pair-grouping' be "mandatory > false". > * Renamed 'encrypted-by-choice-grouping' to 'encrypted-by-grouping'. > > > Truststore > > * Mostly addresses AD review comments. > * Also added typedefs and groupings similar to those created by Alto WG. > * Added note to Editor to fix line foldings. > * Renamed "truststore" to "central truststore" throughout. > * Removed "built-in" section text that overlaps with the > "system-config" draft. > * Added "certificate-ref-grouping" and "public-key-ref-grouping" > * Modified typedef certificate-ref's leafref path to NOT prefix > "certificate-bag". > * Modified typedef public-key-ref's leafref path to NOT prefix > "public-key-bag". > * Added groupings "certificate-ref-grouping" and > "public-key-ref-grouping". > > > Keystore > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Renamed "keystore" to "central keystore" throughout. > * Renamed "encrypted-by-choice-grouping" to "encrypted-by-grouping". > * Removed "public-key-format" and "public-key" nodes from examples. > > > Tcp-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Added Security Considerations text to also look a SC-section from > imported modules. > * Fixed bug: s/augment "keepalives"/refine "keepalives"/ > * Set defaults for idle-time, max-probes, and probe-interval > (removed "mandatory true"). > * Updated examples to use IETF recommended values for examples. > > > Ssh-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Introduction now more clearly identifies the "ietf-" and "iana-" > modules defined. > * Clarified that the modules, when implemented, do not define any > protocol-accessible nodes. > * Clarified that IANA may deprecate and/or obsolete identities over > time. > * Added Security Consideration for the "generate-public-key" RPC. > * Added Security Considerations text to also look a SC-section from > imported modules. > * Fixed private-key "must" expressions to not require public-key > nodes to be present. > * Renamed leaf from "bits" to "num-bits". > * Renamed leaf from "hide" to "hidden". > * Added container "private-key-encoding" to wrap existing choice. > * Removed "public-key-format" and "public-key" nodes from examples. > > > Tls-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Introduction now more clearly identifies the "ietf-" and "iana-" > modules defined. > * Clarified that the modules, when implemented, do not define any > protocol-accessible nodes. > * Clarified that IANA may deprecate and/or obsolete identities over > time. > * Added Security Consideration for the "generate-public-key" RPC. > * Added Security Considerations text to also look a SC-section from > imported modules. > * Added missing if-feature statements. > * Fixed private-key "must" expressions to not require public-key > nodes to be present. > * Fixed ident-tls12-psk and ident-tls13-psk YANG and references. > * Renamed leaf from "bits" to "num-bits". > * Added missing "ordered-by user" statement. > * Added container "private-key-encoding" to wrap existing choice. > * Renamed container "encrypt-with" to "encrypted". > * Renamed leaf from "hide" to "hidden". > * Removed "public-key-format" and "public-key" nodes from examples. > > > Http-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Removed "Conventions" section as there are no "BASE64VALUE=" > values used in draft. > * Clarified that the modules, when implemented, do not define any > protocol-accessible nodes. > * Added Security Considerations text to also look a SC-section from > imported modules. > * Removed "A wrapper around the foobar parameters to avoid name > collisions" text. > * Removed "public-key-format" and "public-key" nodes from examples. > > > Netconf-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Removed netconf-client-grouping, since it was empty. > * Removed erronious statement "client-identity-mappings" must be > enabled by a "feature". > * Added Security Considerations text to also look a SC-section from > imported modules. > * Removed "A wrapper around the foobar parameters to avoid name > collisions" text. > * Added container "endpoints" to wrap list "endpoint". > > Resetconf-client-server > > * Addresses AD review comments. > * Added note to Editor to fix line foldings. > * Removed "Conventions" section as there are no "BASE64VALUE=" > values used in draft. > * Removed restconf-client-grouping, since it was empty. > * Removed erronious statement "client-identity-mappings" must be > enabled by a "feature". > * Added Security Considerations text to also look a SC-section from > imported modules. > * Removed "A wrapper around the foobar parameters to avoid name > collisions" text. > * Added container "endpoints" to wrap list "endpoint". > * Fixed if-feature "https-listen" to if-feature "https-call-home". > >
- [netconf] Updated client-server suite of drafts Kent Watsen
- Re: [netconf] Updated client-server suite of draf… Rob Wilton (rwilton)
- Re: [netconf] Updated client-server suite of draf… Michal Vasko