[netmod] FW: Comments on draft-ietf-netconf-keystore-07

Kent Watsen <kwatsen@juniper.net> Fri, 07 December 2018 17:41 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8E2130F20 for <netmod@ietfa.amsl.com>; Fri, 7 Dec 2018 09:41:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.161
X-Spam-Level:
X-Spam-Status: No, score=-2.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOnyOsyNVamD for <netmod@ietfa.amsl.com>; Fri, 7 Dec 2018 09:41:20 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A14EB130F0A for <netmod@ietf.org>; Fri, 7 Dec 2018 09:41:20 -0800 (PST)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id wB7HeSB3001552 for <netmod@ietf.org>; Fri, 7 Dec 2018 09:41:19 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=CM+ngUTU25YY65jZBK+9x7tB+J8JXzkiED485/wKs9s=; b=zc2xw7roRjuDndvCcLIjK2v/FfPlYKlXB6LoLBMFuf7dc1jUnB9sZCK9KMbLPAXPceeG +sDZadE2ZHRP+tn57Oppd/7Ds8NUBkxY0WlF60bezkidNNB+9Ze8V8gkXJZdw9NktczA 2d1iCAAcYkR39ulN4IdIwnXuPDloX1bv8t8o5Ku4/t/q22I+vnkmgoVjhHFHPxeoNCJa ntvOpLrwADOGAs4Lb8NCYtp7p07AEYcbsOKf63u0aV7xnSGsiX0VxXf+z8qZfbZU+NvD coKLqPMMvdC9XpogCAwSggYnnPeTgP+FplIMhAzEttugyU3zzFw2WFpYgCsUpK35QWVS iA==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2053.outbound.protection.outlook.com [104.47.36.53]) by mx0a-00273201.pphosted.com with ESMTP id 2p7ves03wn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <netmod@ietf.org>; Fri, 07 Dec 2018 09:41:19 -0800
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4043.namprd05.prod.outlook.com (20.176.71.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.8; Fri, 7 Dec 2018 17:41:17 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::f0f3:20f0:2104:638c]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::f0f3:20f0:2104:638c%2]) with mapi id 15.20.1404.021; Fri, 7 Dec 2018 17:41:17 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: NETMOD Working Group <netmod@ietf.org>
Thread-Topic: Comments on draft-ietf-netconf-keystore-07
Thread-Index: AdSNTY3WYTbcD2eSQECPpWnErs7VugA3JcYA
Date: Fri, 7 Dec 2018 17:41:17 +0000
Message-ID: <96290FC7-159F-42D4-BD6B-9159EEA8A447@juniper.net>
References: <DB7PR07MB49535839F84D99D318D4D921F8A90@DB7PR07MB4953.eurprd07.prod.outlook.com>
In-Reply-To: <DB7PR07MB49535839F84D99D318D4D921F8A90@DB7PR07MB4953.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.4.181110
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4043; 6:oyrg01TW1j2VwzcR9xJAkowgi/JaCh7GL6rIyTN4RACfFoOib+dRngF8Itq5Zt6e7PYz7TnD9iffjDF3YpxLUKAmLGNzUvyXBbpfc1BiuUmCSOwsDmMVFRBkC14lmkxy6hLCvv77scf8g3QPJErFo/ZCVn6YZRIKiZmP68AWarGB/AHHtkhAyNIQ1f3UtoHVxRZZqtDrvdsbI7vJF6gIxjgMxYjg7qTUdeJF9VSavaK3T9EWQgtpdL6L85Gjxnfd4ZQPyZAC3frKrETsPaw2IiWG9Jx4kM6edh/6Mp3cMwB+if03cloRbwXwrk9cwRtPokBa/0y4H3QvjtD5abFGC8Fms8rav6+2w7gh5ennsv7B/sxMqHTrfneDQ6wNn8/cNT21Ef70MABLhhYHxVUnZJp/tJ3e8d0qUze+pCY0j1ZWG0yQXNW16wIpH120dlTcxZ6s2L40dtWhoPAJHGS8gw==; 5:POoGw1hn4hTag8gUjAQ4IZ5kqKmIU8pzPsPssahSiwVN2fddaLANUdODpk/AqxqtC7eMC+ztUZSGoaUdpLzDpwzpFc7T13YhlocHkleI/UJyjuh9sN6KIUx8DRvx6O8A8nrAUiyFGKMk52IRS9QdodRlmUEEXUiLTdbyWto+exg=; 7:mg1EhLfmrFvf4hFz8jsK+RZUa7z0FyEiXbszsHMWq1c37bNfpgugjcUG7DjEJPNJ1psPJXsrmdybz9NFNBcUx6jKgTnyJdVXoDouo2ZyrxczW4eEd6kNgCjLqiyAhR800mcfrsHdI4InokIh3aArVA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: dd4aa429-73f0-4795-8d1e-08d65c6b3134
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4043;
x-ms-traffictypediagnostic: DM6PR05MB4043:
x-microsoft-antispam-prvs: <DM6PR05MB40437506CBE44D8252840C9FA5AA0@DM6PR05MB4043.namprd05.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230011)(999002)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231466)(944501520)(52105112)(6055026)(148016)(149066)(150057)(6041310)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:DM6PR05MB4043; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4043;
x-forefront-prvs: 0879599414
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(136003)(39860400002)(366004)(376002)(189003)(199004)(8676002)(5660300001)(99286004)(606006)(71190400001)(71200400001)(58126008)(81166006)(81156014)(316002)(6916009)(6506007)(8936002)(66066001)(33656002)(82746002)(76176011)(102836004)(53546011)(83716004)(14444005)(256004)(5024004)(229853002)(3846002)(6486002)(6306002)(446003)(2616005)(11346002)(2473003)(790700001)(106356001)(6116002)(236005)(6512007)(54896002)(68736007)(14454004)(105586002)(36756003)(86362001)(476003)(25786009)(97736004)(186003)(2906002)(26005)(7736002)(53936002)(6436002)(966005)(478600001)(486006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4043; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: uAl9/eyGCctHxNNWZrZUPtCiYnm8t1htvTQe0EbYzauwv3IVDZ8XGJgtzI3y8PY0+84priR3ivPQcxBw3IgtFK7MR8UHW/bqEeCbky7Sn4NEqLBhEMQW7StjVnTC2llNKCC5ujkxLeYRPXC6n8v4/mAfUj8t1r9MyImwuNA0K7KcFfzHuneRfNwlW1474Y6nzOSYc282nCiO0UNQLSo44KlHNw7hweyOCYIOacSuwefj/hMQovEof7F9v1TDD7M/B1HEcdWXXQnKfbTnEn8g+J0ARFPKT9xeTAL3pU9ZHzx74ZcYkbLO1wy38hLNUJBZB1OtaIpACnnkR1J5tg7P3NfCVSWTX7ps8jcEFcpTb2E=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_96290FC7159F42D4BD6B9159EEA8A447junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: dd4aa429-73f0-4795-8d1e-08d65c6b3134
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2018 17:41:17.5193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4043
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-07_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812070141
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/-RVzwwCkygwZ0f3wPZDp5RFZRF4>
Subject: [netmod] FW: Comments on draft-ietf-netconf-keystore-07
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 17:41:24 -0000

YANG experts,

Why are action/notification statements not allowed under a case statement?  Yes, it’s simple to assert, but was it considered, in such cases, to instead allow them to attach/bind to the closest legal ancestor?  Would it make sense?

Nit: It would’ve been helpful if the “Since a” paragraphs quoted below referenced sections 7.1.1 (The module's Substatements) and 7.9.2.1 (The case's Substatements)...

PS: Neither `pyang` nor `yanglint` catch this misuse.

Kent // contributor


On 12/6/18, 5:39 AM, "Dhanapal, Ramkumar (Nokia - IN/Chennai)" <ramkumar.dhanapal@nokia.com<mailto:ramkumar.dhanapal@nokia.com>> wrote:

Hi Kent,
We see the following definition in draft-ietf-netconf-keystore-07.

grouping local-or-keystore-end-entity-cert-with-key-grouping {
       description
         "A grouping that expands to allow an end-entity certificate
          (and its associated private key) to be either stored locally,
         within the using data model, or be a reference to a specific
          certificate in the keystore.";
       choice local-or-keystore {
         mandatory true;
         case local {
           if-feature "local-keys-supported";
           uses ct:asymmetric-key-pair-grouping;
           uses ct:end-entity-cert-grouping;
         }
         case keystore {
           if-feature "keystore-supported";
           leaf reference {
             type ks:asymmetric-key-certificate-ref;
             description
               "A reference to a specific certificate, and its
                associated private key, stored in the keystore.";
           }
         }
         description
           "A choice between an inlined definition and a definition
            that exists in the keystore.";
       }
     }

In ct:asymmetric-key-pair-grouping, 2 actions are defined.
In ct:end-entity-cert-grouping, 1 notification is defined.

But w.r.t. RFC7950 references below, looks like it is not okay to have either actions or notifications in “case” statements.

https://tools.ietf.org/html/rfc7950#section-7.15<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7950-23section-2D7.15&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=5MdSdliP9J3hgvGhkGCct2XcKpZ02-EvBh7-1XguBpc&s=UNvfZFjpmFaI7esgjHxrocBZttgjQ5vyfn2E_TkrxFo&e=>

        Since an action cannot be defined at the top level of a module or in

        a "case" statement, it is an error if a grouping that contains an

        action at the top of its node hierarchy is used at the top level of a

        module or in a case definition



https://tools.ietf.org/html/rfc7950#section-7.16<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7950-23section-2D7.16&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=5MdSdliP9J3hgvGhkGCct2XcKpZ02-EvBh7-1XguBpc&s=rQNBqLPet_vEb3FYg0E01BhnxdNQ0u21b4frMZ6WodM&e=>

        Since a notification cannot be defined in a "case" statement, it is

        an error if a grouping that contains a notification at the top of its

        node hierarchy is used in a case definition.



Can you please check and provide your feedback? Or Am I missing something here?



Thanks & Regards,

Ramkumar