IETF Logo Mail Archive

Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07

tirumal reddy <kondtir@gmail.com> Fri, 14 October 2022 13:02 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A21AC14CE28; Fri, 14 Oct 2022 06:02:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-b4BU_BP0Tl; Fri, 14 Oct 2022 06:02:06 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3D56C14F749; Fri, 14 Oct 2022 06:02:05 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id h8so5901139lja.11; Fri, 14 Oct 2022 06:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=o4CoucFk0qo3dNZ14oEkc5XP3q/+xN+/9jSjDW92H6k=; b=G3yiGt7T7JQRfxNqw41LAJSibeHe5VVdKPPoiZ5McJJ4oSFxsBOCekyXboXu/FLEH9 PQvP+GzlW6FEH9qjCzwXNA6tx1vctI58jJJ9++fU7zYyyIAiCGXGigoXqRa13smC5//X Bk/6xUIoL4WDSjOXfLdxFlSW6AcFWF233WXYR4CcItPu7D1HuX67Xt284KJtgDb2Nivb zwx8IBrQGMSnzoP7/JbPuInZvnU9oXXuBPx5k+x9uJETlJz3UOIe+UGXGrzmyU/fwxpv X6VHBAEOR01qBtUDaALIZsoHTlhucu6RMwKdpcPyuOy4BblS0O199N1hudvI01fFpsNB L4hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=o4CoucFk0qo3dNZ14oEkc5XP3q/+xN+/9jSjDW92H6k=; b=QiKfHhPg+R/JYlmS5qEDVwLmgFij6YfU/zQEmh6oxEMd7TUgT39WRKT+TgHWqWVMvR CFxWOpUPpKnE4DHXdh7E5Vddn6T17nf7gUZfetIFR6oew/GiI7nl363meE5adbfr3Gfs 4h883ZiAJbq2NlIlEbRskhsauNx95Gyw/jFF/YLkBe6CzRnOxcmQl8eGL/CIZ2krcnkD faSM+vOYrmCd/7lGRkJvfcyeDA9ootS0irsB/Jt40RDLkznhwXAjKYMeszz5cSdDFVu1 cySSQ25YkyA4RIS9cZKOXzA2BJyf4ocGOeb4GyZK1/PU1BaMqo7CHHkgooq+92N4V/3J P9hQ==
X-Gm-Message-State: ACrzQf1IlP0tAkdTJbKkRePNwwrzWd9M5dFM+f44XIoLWAHzutda1eeZ qpNv8JSB0qm+Ky+buM5QUwOrCEaHawB0SvRUVq0=
X-Google-Smtp-Source: AMsMyM5aey00g7P866/H6lugdOUkZ7MYmdQXu3gA/7tMHfmhOsZ1U4Az6c6GJLgVeVPWmdyBbA8xN9uX17ywOX7GriI=
X-Received: by 2002:a2e:a810:0:b0:26f:c2a8:c48 with SMTP id l16-20020a2ea810000000b0026fc2a80c48mr1806531ljq.6.1665752523484; Fri, 14 Oct 2022 06:02:03 -0700 (PDT)
MIME-Version: 1.0
References: <3786da98-9541-a50c-eb2e-aa2647014bf9@sit.fraunhofer.de> <ecf96fde-b6e3-c984-91c0-e35c3d5d3997@sit.fraunhofer.de> <7a59c0ab-fc7b-9dd6-84b3-3778ec68dcd6@sit.fraunhofer.de> <AM7PR07MB6248F06ECE85C8D4BF421195A0229@AM7PR07MB6248.eurprd07.prod.outlook.com> <b60a12b4-85dc-6004-067e-040298d2aa49@sit.fraunhofer.de> <CAFpG3gd+DcUs=ZPij-Ckn0e8ED_iyvYd-T2gqiH2uwXtF592Sg@mail.gmail.com> <AM7PR07MB6248BAC37AE2FC3B0D3C7A62A0259@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3geQqsePL0Huv=UK_SEy6oQtp4kxCrxrUR4BwyfEO=hxUQ@mail.gmail.com> <AM7PR07MB6248D4075A5B760DAA05AD05A0249@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB6248D4075A5B760DAA05AD05A0249@AM7PR07MB6248.eurprd07.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Fri, 14 Oct 2022 18:31:51 +0530
Message-ID: <CAFpG3gd2n+We3y0tk7k7o7kekK3B58w6W76gxXQ_Gi=O6UZcSQ@mail.gmail.com>
To: tom petch <ietfc@btconnect.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-mud-tls@ietf.org" <draft-ietf-opsawg-mud-tls@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Content-Type: multipart/alternative; boundary="0000000000007232db05eafe3bc6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/OlvtbTHT_jClbCXFmiu27aDUMSI>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 13:02:08 -0000

On Fri, 14 Oct 2022 at 16:46, tom petch <ietfc@btconnect.com> wrote:

> From: tirumal reddy <kondtir@gmail.com>
> Sent: 14 October 2022 09:22
>
> On Thu, 13 Oct 2022 at 16:55, tom petch <ietfc@btconnect.com<mailto:
> ietfc@btconnect.com>> wrote:
> From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>>
> Sent: 13 October 2022 07:57
>
> Thanks Tom for the review. Yes, we will fix the references identified by
> Tom.
>
> <tp>
> -09 looks better.
>
> I still see a mix of TLS-1.2 and TLS-1-2; I am not sure if there is a
> rationale for that.  I prefer the former but that mix of characters may
> confuse others.
>
> Good point, fixed in my copy
> https://github.com/tireddy2/mud-tls/blob/master/draft-ietf-opsawg-mud-tls-10.txt
> .
>
>
> I see a number of editorial issues - I do not know if you want to look at
> those now or leave them to Last Call.
>
> Please feel free to raise the editorial issues, we will fix them.
>
>
> One slightly technical one is that it is very rare to start a YANG prefix
> with ietf as the IANA webpages show - filename, MUST, prefix SHOULD NOT
> IMHO.  Thus acl has a prefix of acl so I would see the augment as acl-tls
> and not ietf-acl-tls; but mud is ietf-mud (unfortunately:-( so the augment
> is perhaps  better as ietf-mud-tls.
>
> We followed the format similar to ietf-access-control-list (YANG data
> model of network ACL) and ietf-mud to be consistent.
>
> <tp2>
> Um, that is not what I see.  It is the prefix I have in mind where RFC8519
> specifies a prefix of acl and that is what you use in the import.  An
> extension to that module could then have a prefix of acl-xxx or some such
> where you have specified ietf-acl-tls.  It is that 'ietf' that I see as
> unusual.
>

Got it, changed the prefix to "acl-tls".


>
> Editorially, not all of which you may want to fix at this time
>
> 'The YANG module specified in Section 5...'
> suggest adding the subsection since there is more than one
>
> 'specific terms are used'
> suggest using the terms here e.g. TLS and DTLS are used
>
> s.4
> incapable to decipher
> perhaps 'unable to decipher' or 'incapable of deciphering'
>
> s.5.1
> Add an Infornative Reference to RFC8340 for the meaning of tree diagrams
>
> s.5.2
> /Simplified BSD/Revised BSD/
>
> revision date is out of date
>
> SPKI probably needs expanding both in the body and in the YANG modules
>
> The description of certificate-authorities looks like it is too long for
> an RFC
>
> s.5.3
> BSD license again
>
> revision date again
>
> s.5.4
> ditto
>
> author e-mail address is not the same as elsewhere
>
> YANG import MUST have a reference clause which MUST be a Normative
> reference
>

Thanks, I fixed all the above editorial issues.


>
> does profile-supported have a default ?
>

No.


>
> s.8
> There is a template for YANG security as referenced by RFC8407 which I
> note is not used here
>

Thanks, added note that it is not applicable to draft as it is not meant to
be accessed via NETCONF/RESTCONF..


>
> s.9
> I note that this is TLS and not (D)TLS. Is that intended?  s.4 uses the
> latter
>

Fixed, it is supposed to be (D)TLS.


>
> s.10
> When specifying Expert Review, guidance is often given as to what the
> experts should look for and where.
>

Yes, I added details for Expert Review..

Cheers,
-Tiru


>
> Tom Petch
>
>
>
>
>
> Cheers,
> -Tiru
>
>
>
> Tom Petch
>
> Cheers,
> -Tiru
>
> On Wed, 12 Oct 2022 at 18:37, Henk Birkholz <
> henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de
> ><mailto:henk.birkholz@sit.fraunhofer.de<mailto:
> henk.birkholz@sit.fraunhofer.de>>> wrote:
> Hi Tom,
>
> would it be possible for you to augment your first comment with change
> proposals, if possible?
>
> @authors: it seems to me that the references issues Tom now provided in
> specific detail could be resolved in this thread in a timely manner. Is
> that correct?
>
> Viele Grüße,
>
> Henk
>
> On 12.10.22 13:39, tom petch wrote:
> > From: OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org
> ><mailto:opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>>> on
> behalf of Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:
> henk.birkholz@sit.fraunhofer.de><mailto:henk.birkholz@sit.fraunhofer.de
> <mailto:henk.birkholz@sit.fraunhofer.de>>>
> > Sent: 06 October 2022 13:26
> >
> > Dear authors and contributors,
> >
> > thank you for your hard work. As it seems that all existing issues have
> > been resolve, we'll move the I-D to write-up in the datatracker.
> >
> > Also, thanks Thomas Fossati for stepping up as shepherd!
> >
> > <tp>
> > My main comment on this remains the mix of two different YANG modules
> with different life cycles; I expect that l will comment again on the Last
> Call list to give this issue more exposure.
> >
> > Of lesser import, I cannot make sense of the references.
> > I see [RFC5246] which normally means that a reference has been created.
> Not here, so there would seem to have been some chicanery involved, that
> this I-D has not been produced by the usual IETF tools.
> >
> > I also see RFC5869, RFC6346, RFC8447 which seem absent from the I-D
> References.
> >
> > dtls13 is now an RFC.
> >
> > What is the difference between
> > draft-ietf-tls-dtls13:
> > and
> >              "RFC DDDD: Datagram Transport Layer Security 1.3";
> >   ?
> > How do I find
> >          "RFC CCCC: Common YANG Data Types for Cryptography";
> >   or
> >         "RFC IIII: Common YANG Data Types for Hash algorithms"; ?
> >
> > Does tls-1-2 mean the same as tls-1.2?  And is this the same as that
> which the Netconf WG refers to as tls12?
> >
> > Tom Petch
> >
> >
> > For the OPSAWG co-chairs,
> >
> > Henk
> >
> >
> > On 29.09.22 10:27, Henk Birkholz wrote:
> >> Dear OPSAWG members,
> >>
> >> this email concludes the first WGLC call for
> >> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html.
> >>
> >> A few comments where raised. Authors/editors, please go ahead and
> >> address these as discussed on the list.
> >>
> >>
> >> For the OPSAWG co-chairs,
> >>
> >> Henk
> >>
> >> On 14.09.22 16:07, Henk Birkholz wrote:
> >>> Dear OPSAWG members,
> >>>
> >>> this email starts a two week period for a Working Group Last Call of
> >>>
> >>>> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html
> >>>
> >>> ending on Thursday, September 28th.
> >>>
> >>> The authors believe the Internet-Draft is ready for a WGLC and the
> >>> chairs agree. The draft has been discussed visibly at IETF 114 and
> >>> review feedback has been incorporated in -07.
> >>>
> >>> Please send your comments to the list and your assessment of whether
> >>> or not it is ready to proceed to publication before September 28th.
> >>>
> >>>
> >>> For the OPSAWG co-chairs,
> >>>
> >>> Henk
> >>
> >> _______________________________________________
> >> OPSAWG mailing list
> >> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:
> OPSAWG@ietf.org>>
> >> https://www.ietf.org/mailman/listinfo/opsawg
> >
> > _______________________________________________
> > OPSAWG mailing list
> > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:
> OPSAWG@ietf.org>>
> > https://www.ietf.org/mailman/listinfo/opsawg
>

v2.23.0 | Report a Bug | By Email