Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
"Fries, Steffen" <steffen.fries@siemens.com> Thu, 03 March 2022 10:52 UTC
Return-Path: <steffen.fries@siemens.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8D443A14F7; Thu, 3 Mar 2022 02:52:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4LfCsOAni00u; Thu, 3 Mar 2022 02:52:01 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0a::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE373A14F5; Thu, 3 Mar 2022 02:52:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aYzqaFC3PWLhClho1+54SWX6dWKpDpm+ztdcoTipkprxR6uufa8uQCBRFX7EKcWM9MNbBYRunywaLe6YDe/3w9R+yLjhtIXZayYbo5IAIcVwH8U27TNw8I0f73kyTFkWd578iM9PAyA5dxrmum6vzeoHSAnwE7OGdTHRPPa+DvRkt8io8I4mtxWTK4YqpXLKfQVCxr9ismbCniKhzNqKfKASZO3fbx1xVf9dYDuiSiTHIJFDg5oCEhr9Khp2xLkPG0VtV/82lssdIYDkDnvXrc1EZkj3i6Q3T06o0Zitowg3ywdp6vTeVnwDFvR9YD5kK0K1dg/MG+HbwuZP432VRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OE/YU5Nn5c7YyeHeY7UgWfC+N7/nARv9+7aN93zSnMU=; b=bL74AcR9ctCRn7PlvgqKRrrfKNyXXsl3AimzDu/d/YhZmJxN6gzkGju+Hphlq/g6VSW68aeWkKGfxS1s4BPtpo/tQytEVgqcl9GJZBNpIV067VQG03aqwRr/nO0fCctFXwWAmkC8+ov6WjRhSMeMsF5NoQibAg+9bLmrkLXS8+7MHNArdYOf6t0UW1T5iO1kzswe/+Vz3wESXmpSDURPPvjqIhN6/rJPRJH4x7nWpATf7vQr/jzenFD/38sSHjeT7drEUINKcVp8wjHba27uksnaUhkYwfbJ+AE49MqNspG0sz7ML0OAuCB3QwubBO/CYr4ea74+dHt/O79hEM38bg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OE/YU5Nn5c7YyeHeY7UgWfC+N7/nARv9+7aN93zSnMU=; b=K7zGMSDhPqE+GbEnM54gTrlyDRw/8QOfqwX6m8Pn6LZjZm8vJz9rzfoLXAInejMZqGE4KNgGvciW4+xaJDIgoL5syspQOvQ5fhMlVE2uu+4ikImDKwLByU76njVC50zDGpvc/BtNHx5dIxegeqnYuBbXMw82SNlybGz5UwGEYdLQNwJu7v6PybOPPXE873g2WiJ+Zoex4Gfr5FwuN+L5ZOHakDBxk1c/4pHRrBHZj53stNlmTMsM8pog6tIfDZIvn5/DkRPswIjLRkB2Lf+39WVUXCmDAKMZZNY9oyDGvtdOfrDZkjexFJ44M3sWzltVC6pw/TnOwjuncnwxD7Rq+A==
Received: from DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:348::20) by AS4PR10MB5396.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:4be::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.25; Thu, 3 Mar 2022 10:51:56 +0000
Received: from DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM ([fe80::e0cc:3db5:7b7e:5e1b]) by DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM ([fe80::e0cc:3db5:7b7e:5e1b%5]) with mapi id 15.20.5017.026; Thu, 3 Mar 2022 10:51:56 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: Kent Watsen <kent+ietf@watsen.net>, "Rob Wilton (rwilton)" <rwilton@cisco.com>
CC: "draft-ietf-netconf-sztp-csr@ietf.org" <draft-ietf-netconf-sztp-csr@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] Question to draft-ietf-netconf-sztp-csr-13
Thread-Index: Adgim5hAuhUnTB2rQxqcftqkq5pS2wFZfD+AAAKCOmAAIX8JgAFJNDOAADo9zoAAE0Uv8A==
Date: Thu, 03 Mar 2022 10:51:56 +0000
Message-ID: <DU0PR10MB5196F309D580C291C486FC6FF3049@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM>
References: <DU0PR10MB5196969030E39300696054D0F3349@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM> <0100017f2210e849-73639b73-109c-46bb-be2f-5f52f96449e6-000000@email.amazonses.com> <DU0PR10MB5196D760CD7247B21B255664F33B9@DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM> <DB6PR1001MB126956FBB638EC719DBE9ADFFE3C9@DB6PR1001MB1269.EURPRD10.PROD.OUTLOOK.COM> <BY5PR11MB419617B1A3F400C2A0DD4BEAB5029@BY5PR11MB4196.namprd11.prod.outlook.com> <0100017f4d6d64e0-48dc9ee9-af9c-4c17-8e06-3f49f94ecb66-000000@email.amazonses.com>
In-Reply-To: <0100017f4d6d64e0-48dc9ee9-af9c-4c17-8e06-3f49f94ecb66-000000@email.amazonses.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2022-03-03T10:51:55Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=6bab73d6-a64d-48e2-adbf-50a83ea14ee8; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 89391dbd-7b29-4def-1955-08d9fd03d5fe
x-ms-traffictypediagnostic: AS4PR10MB5396:EE_
x-microsoft-antispam-prvs: <AS4PR10MB53962FA511143FF472CB44B2F3049@AS4PR10MB5396.EURPRD10.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 74/dAdkpVOCU1pFFQQJXVpOrqmF3MAQo1UsWLBD5JyMKtbviIdcENqzvUeNIv/MwgWGT0jrvbuNU3HkJ96SAOOhY69RC7/cYS9ySfMr//8QAptkXumKMCp6SD+ibF4tT/6EW1uQMtUVIAjuLGJfZfF+MXHftuzU2tz/Gbx2IYE0dQlkwfCmDUxLcBMj4WZ5BNKvw61KkSsdvoh+3pXYlax6SgWCCb74FlWCO+jIsDBvdNE0maMtUGuWLvia/Fprk4zq8Q6M7i7qRkZsgRJDtp2Tv/GXMHj2DcbMOSu3c9vS3m4CFZfizQ+pAYKVzv4+Xs9nNbEEKw7M2bGcuLfzwlVJPLm0Gopmn3sUzasCOYmNKfGI0cFS6/HILgOEcN1RxNA5zKA9k5GoYxYeo7NBWl3cWwOWqROS22qZ8/l1do9d4H2fnejzCC7SxoVfFj9NL4Q+t1Z6WMKa7SP8NuP8tAZjXtC2R24g7ZivTgfFH3TGwL974WpDr5kTsqRvREDuHSQORCbuUWGggdpVKpK0uzth15idCpza+c6NwQJm7pk1FBJ2QbIVqlnYtwcI6WcYFr0Q+9e33Y+hH03O9PDhFvqsEqQSTBUOxfcN3VABh2aPQ3B+JoWRcbseU7MmkP92NRtWVbCAANbKEXOBtuTUN7uWzEMP9dB8RhkGXgrQK7m5peyMJzQc6BE2tsYE5v9Fp7W4atq1u03X77XsLP/Uo8Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38070700005)(82960400001)(86362001)(122000001)(38100700002)(66556008)(66476007)(64756008)(8676002)(66946007)(4326008)(66446008)(5660300002)(76116006)(54906003)(316002)(110136005)(2906002)(8936002)(55016003)(9326002)(186003)(71200400001)(26005)(53546011)(33656002)(83380400001)(66574015)(508600001)(9686003)(7696005)(6506007)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: utk7wnMvEeSug1iyWpmiShicACP7MASiwIDb1IKe4nyzvcPo18QT2xiRhKXYbBuB7wVm5h1HiDYLHeNhewaJP45ZQBe5EZQ82ifwjDrlysYzHDicwxHDd7yFauQOPoCU2FVpoJ2HPosC609vqB8e6UXqJ2Z5FgOrlC61lBjFSKSqWqkW2UOFchjEE8ni3cLDvKpYu/2GkoUqxMJ9oV2h93D4JZa/S3/NQd4affXlI+R7ck8nx92MoXbk0BjXR1gf+YX0s+TOKFoW3OvzDjF4FKZGqsw3bzKog1v2vLEQikBKGiL69Pk/d+xPdqYaj0XfbFaQjsVOVuMCUuX3AGTIDX7u14CMoC9kVLUaDHgSbDuwFowhkOZahSVm+n5Mwg142TEOK3F8lE9iicpOh2KQBQFtIdeXedqwAzg35tdkBgEIebjDA8h7QldObojh2G/1vROHNQMPvqLpiyVP9Vn4tIvK2V1duNgaPBgqWji/F+kHBu4OjDceC5o4ZeRB88+ZuTSS48mcUfUNP4ZjQdBDYVIudcR7FPHAwRTYa4/1H+kYPJdXBpi1nBstlyHwf5H0dMesmRgDiMnzfbxk2bEDDm4vOYKGBmzBL44qi1wFbDjUdDc4Ho5OuPn4h93o2goZUXrGrQRtyAtEGHiPRGz5fgqRH7OIN6IOys9ApQ1i49mYdBFQR20fByxmvJljMnB6u18v5j3gQstlTdgtFqtshB34cfhXDJmJJzYlfKWpzdCI6Qjn1WCD9wc21gut0YhGghjA48Q2yoeLtvj8dwV24Cq1ByNx6fkyuUaSxbI7QzCsduJEcfNr8agcWgp8rlAHLcZcRTXYNJVFfHQb6pVTDtIO9q9DjIzK+94tFJfvp7UUs7gqt7f1fo05SyJ7nIJp2MCI8raTbPRXJ6w4ZWK3O0TxCokDn7QvZVZiMNQcf+280BPIHql24O2HDYLleiaG6ZfCa5ddF+v1U4PJpG+a/ZFsZvcXXhVPkU4RigF36yEM3/3haR/vbELnzE8lcydW4oRS9MZhlmpBlVlJhTRhe8Nz7q698GxWZWTAiFFTXcLjsK+G3JXjrvcjr3gwZFSI8vjqCFRUZL2uQSNzg37R9LRx5kBnq2bcMusAhaxz7sZvoUYtp5RSlatvewzxODwueMfxDbETyI/vs/SpFTcQoT9AAqJ3pfpt063X87Gve59AbgInUhMAQeNPHscMqNMRJU5zZ99fGtO+UB0M+j0WUrUj/mvFbvMhsMeTUvV/6GLc2Gg7+RI5FCbzrOAANvmFuLcGitCpreIVr6F+KCJ0M3F9NdBjU4OPdJ2Wf7J9iY8PxPlClQseZrNzGIL43DLuDVV51CZf6MrEor7/EjmKQAT8bZE06vNJP7QVk5/s12uvkFCd0/C5Uoii5Bm9wc+Sp2bzKZ7DixuTbaAjl7qx+VhFh0h7DmeX5K6w+I3xuCBdjDiCrPCMUj0Ka4m3goQfK760nWW4X96iuYwApAnYpAvkpFpbye+YUKijgj2V5psQJbUNTULmUa8gkJoyOWyULhOsbb3gLNvt3PcI+sxaKlYkZpHuxrPEez8jrirXkpMmfvKHOT7BXKKgXdp8rVQvEeROxAi/KDlCoxej3IeNC/+K3f9KeDhUA4vlGlcRhgQ1yuHtgfVFUcgv4Hy8cWpFG8sKAaTf1wv84QsLRe8G/w==
Content-Type: multipart/alternative; boundary="_000_DU0PR10MB5196F309D580C291C486FC6FF3049DU0PR10MB5196EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 89391dbd-7b29-4def-1955-08d9fd03d5fe
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2022 10:51:56.5074 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LrUMuxZNC47ZIXdWqT4mjDYpEhax0fz75dSm9eZDZIfCt3lY9qt3U9uGmoSL4LK1aaKrG33Q29xyUgQSR6wDWQfIMLrAmuA/BOQY1icH0TA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR10MB5396
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/z4IUlB8nO5rTzY5vjdiK_VB8XDk>
Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 10:52:07 -0000
Hi Kent, Thank you for the prompt reaction. This definitely ensures broader applicability of the CMP features. Best regards Steffen From: netconf <netconf-bounces@ietf.org> On Behalf Of Kent Watsen Sent: Donnerstag, 3. März 2022 02:38 To: Rob Wilton (rwilton) <rwilton@cisco.com> Cc: draft-ietf-netconf-sztp-csr@ietf.org; netconf@ietf.org Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13 Rob et. al., An -14 update was posted with the changes proposed by Hendrik. Thank you Hendrik for providing simple to apply edits! Kent (on behalf of the authors) On Mar 1, 2022, at 4:50 PM, Rob Wilton (rwilton) <rwilton@cisco.com<mailto:rwilton@cisco.com>> wrote: Hi Kent, authors, Given that I haven’t get approved this draft from the IESG review yet, then even though it is late, these changes look useful but relatively minor. If the authors think that these changes are appropriate then I am happy for you to post an updated draft revision with these changes then ping me and I’ll check it before sending it on its way to the RFC editor. Regards, Rob From: netconf <netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org>> On Behalf Of Brockhaus, Hendrik Sent: 23 February 2022 08:44 To: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> Cc: draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org> Subject: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13 Kent I understood that this change request comes very late, but to male the change request more concrete I looked into the document and identified four places where p10cr is referenced. In all theses places “p10cr” would need to be replaced with “ir, cr, kur, or p10cr”. Finally this is the proposed change: ** Section 3.2. In identity cmp-csr: s/PKIBody containing only the p10cr structure/PKIBody containing only the ir, cr, kur, or p10cr structure/ And three times in grouping csr-grouping: s/The body element contains a p10cr CHOICE of type CertificationRequest./The body element contains a ir, cr, kur, or p10cr CHOICE of type CertificationRequest./ But I understood that such change can only be processed if there is a DISCUSS. Hendrik Von: netconf <netconf-bounces@ietf.org<mailto:netconf-bounces@ietf.org>> Im Auftrag von Fries, Steffen Gesendet: Dienstag, 22. Februar 2022 17:52 An: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> Cc: draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org> Betreff: Re: [netconf] Question to draft-ietf-netconf-sztp-csr-13 Hi Kent, Thank you for your answer. I agree, it is very late in the process for such a comment. I should have realized it earlier. Nevertheless, I wanted to raise that point as it would allow for more functionality. If there is no DISCUSS, the proposal with an additional definition is probably the easiest way forward. Best regards Steffen From: Kent Watsen <kent+ietf@watsen.net<mailto:kent+ietf@watsen.net>> Sent: Dienstag, 22. Februar 2022 16:33 To: Fries, Steffen (T CST) <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> Cc: draft-ietf-netconf-sztp-csr@ietf.org<mailto:draft-ietf-netconf-sztp-csr@ietf.org>; netconf@ietf.org<mailto:netconf@ietf.org> Subject: Re: Question to draft-ietf-netconf-sztp-csr-13 Hi Steffen, Yes, the CMP-CSR is bound to P10. This draft is currently in the final stage of IESG Last Call review. Comments such as these should have been received during WG Last Call. Unless an IESG member throws a DISCUSS, the draft will proceed as is. In such case, a future work may define something like a "cmp-csr-2” leaf to contain an expanded definition. Kent // contributor On Feb 15, 2022, at 1:46 PM, Fries, Steffen <steffen.fries@siemens.com<mailto:steffen.fries@siemens.com>> wrote: Hello Kent, I’ve got a short clarification question regarding the latest draft. I realized in the description of the YANG modules that there is a difference in section 3.2 between CMC and CMP in the description what can be contained in the respective CSR. Based on the description of the YANG module, CMC seems to be open for different types of certification requests, while CMP is bound to a wrapped P10 not leaving any further choice (like ir, cr, kur). Did I got this right or did I misinterpret the description for the cmc-csr? Sorry for realizing this so late. Best regards Steffen
- [netconf] Question to draft-ietf-netconf-sztp-csr… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Kent Watsen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Brockhaus, Hendrik
- Re: [netconf] Question to draft-ietf-netconf-sztp… Rob Wilton (rwilton)
- Re: [netconf] Question to draft-ietf-netconf-sztp… Kent Watsen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Fries, Steffen
- Re: [netconf] Question to draft-ietf-netconf-sztp… Sean Turner
- Re: [netconf] Question to draft-ietf-netconf-sztp… Rob Wilton (rwilton)