IETF Logo Mail Archive

Re: [netmod] Last Call: <draft-ietf-netmod-system-mgmt-15.txt> (A YANG Data Model for System Management) to Proposed Standard

Martin Bjorklund <mbj@tail-f.com> Fri, 09 May 2014 06:49 UTC

Return-Path: <mbj@tail-f.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C71C1A01F4; Thu, 8 May 2014 23:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uP_c3USTSg0h; Thu, 8 May 2014 23:49:45 -0700 (PDT)
Received: from mail.tail-f.com (mail.tail-f.com [109.74.15.94]) by ietfa.amsl.com (Postfix) with ESMTP id C84211A01EE; Thu, 8 May 2014 23:49:44 -0700 (PDT)
Received: from localhost (s193-12-74-81.cust.tele2.se [193.12.74.81]) by mail.tail-f.com (Postfix) with ESMTPSA id 99FEA384004; Fri, 9 May 2014 08:49:38 +0200 (CEST)
Date: Fri, 09 May 2014 08:49:38 +0200
Message-Id: <20140509.084938.274205247.mbj@tail-f.com>
To: ietf@ietf.org
From: Martin Bjorklund <mbj@tail-f.com>
In-Reply-To: <20140429141003.22969.2351.idtracker@ietfa.amsl.com>
References: <20140429141003.22969.2351.idtracker@ietfa.amsl.com>
X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/sERXCkKev4Ti1akAdocrtBuimpo
Cc: netmod@ietf.org
Subject: Re: [netmod] Last Call: <draft-ietf-netmod-system-mgmt-15.txt> (A YANG Data Model for System Management) to Proposed Standard
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2014 06:49:46 -0000

Hi,

The IESG <iesg-secretary@ietf.org> wrote:
> 
> The IESG has received a request from the NETCONF Data Modeling Language
> WG (netmod) to consider the following document:
> - 'A YANG Data Model for System Management'
>   <draft-ietf-netmod-system-mgmt-15.txt> as Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2014-05-13. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.

The data model in in this draft has this structure (objects unrelated
to SSH keys removed)

           +--rw user* [name]
               +--rw name        string
               +--rw ssh-key* [name]
                  +--rw name         string
                  +--rw algorithm    string
                  +--rw key-data     binary

The intention is that the separation of the key with two leafs,
"algorithm" and "key-data" makes it easy to cut-and-paste from keys
generated with ssh-keygen etc.  (The encoding of type binary in YANG
is base64, which happen to match the key format.  So the operator can
set the "algorithm" and paste the base64 encoded blob into "key-data".)

During implementation of ssh key handling, we realized that the
description of the objects related to SSH keys probably need some
clarifications. 

Specifically, the list "ssh-key" and the leaf "key-data" are unclear.
After consulting with people at ietf-ssh@NetBSD.org, I propose the
following changes:

OLD:

         list ssh-key {
           key name;
           description
             "A list of public SSH keys for this user.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

NEW:

        list authorized-key {
           key name;
           description
             "A list of public SSH keys for this user.  These keys
              are allowed for SSH authentication, as described in
              RFC 4253.";
           reference
             "RFC 4253: The Secure Shell (SSH) Transport Layer
                        Protocol";

OLD:

           leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary key data for this ssh key.";
           }

NEW:

          leaf key-data {
             type binary;
             mandatory true;
             description
               "The binary public key data for this ssh key, as
                specified by RFC 4253, Section 6.6, i.e.,:

                  string    certificate or public key format
                            identifier
                  byte[n]   key/certificate data
                ";
             reference
               "RFC 4253: The Secure Shell (SSH) Transport Layer
                          Protocol";
           }



/martin

v2.23.0 | Report a Bug | By Email