IETF Logo Mail Archive

Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07

tom petch <ietfc@btconnect.com> Fri, 14 October 2022 11:16 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91805C1524A9; Fri, 14 Oct 2022 04:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_URnV66aAvC; Fri, 14 Oct 2022 04:16:40 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2109.outbound.protection.outlook.com [40.107.22.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A428C14CE33; Fri, 14 Oct 2022 04:16:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b4s7kXpu1Lrybe5GIF7jb/c3TqjVpFcHe8fuZxk+zmcuoGzY4nIVCNDjdkVkY6nnPLSyM5VnTolmWLlheGfzi7kM8B9FMZ4gh6C0GPo3aYBFpc1XR6JVEgXJLPwd1PQLQBjtBzMNNC2OfxHjhnAU0d8uGa1jQf5IFTxl6aG5kJkJM35al4k4CiD0fb20jNSpYBCr219jlZAgKUOYOQZdx/h//fMEqOu2g0j6L1V4sMshF+cWQWfplNYRpa7sv9F4NXkjz27GTfz0KoIeV2dSFwQbBCzBTEWOCe79nZpCPaaeCeEktnixT6kNVuDYrGtURhCDViPXzVhpAsotgl4Odg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wg+0IHLzjyN1bevqYAiWgcbNSUINBKZCJMQx565TXgs=; b=K87KcZLjYHb9s8qfML1C0KuoZT28GQXmbfc5E/8tiMgqQLDmAWKEb5LHNHzVsgerfSsQ1nUDSm3Tf81U/n/DkO/YqO+p8+I3OBmAjnj6cZm25TpIkE2r378AoDrcs9QzxQkFYmaA9/G02m/EtMx18nB9IyJ/H+b8f5W+5iJNChfIaRdkHcY2QjrvXz4wsTbIPxsk7uSjUay0y0+/buPr2D+RSifx+5X4yPr1xPFelXkHpoUp1CHrNRGQa929IUpTOvIqRdbSjjs6RhFFAzaMbJ9zZ+mLnWLSi5CUMpXNptshaCPZnDzUTxUZOhkPdoyAfURBkz0KnvqerN8RE/uTyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wg+0IHLzjyN1bevqYAiWgcbNSUINBKZCJMQx565TXgs=; b=uCvCJ48Uyf16V7SPhdTaXCH8N8RaXs8Jg+0OFWrT+JFVuyeXBKQf7fOr+y8Q4d5QTU7kzh9GVIc3WpbdkEGXISq00NbpHrC96WBLDCBWMTYlqAtMY1v9e77hK4OrcqeSqEz2pNxPkzRE+zp8KZ2DPkgAsAG30wYr/gEv/9fAFXc=
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com (2603:10a6:20b:134::11) by DB9PR07MB7257.eurprd07.prod.outlook.com (2603:10a6:10:217::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.20; Fri, 14 Oct 2022 11:16:35 +0000
Received: from AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::f3b4:258e:4f7:66fd]) by AM7PR07MB6248.eurprd07.prod.outlook.com ([fe80::f3b4:258e:4f7:66fd%7]) with mapi id 15.20.5723.029; Fri, 14 Oct 2022 11:16:35 +0000
From: tom petch <ietfc@btconnect.com>
To: tirumal reddy <kondtir@gmail.com>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-mud-tls@ietf.org" <draft-ietf-opsawg-mud-tls@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
Thread-Index: AQHY3juiexlNAXfsh0GSM8uwW129Pa4L5aSAgABH+FOAAWIXAIAAJcH0
Date: Fri, 14 Oct 2022 11:16:35 +0000
Message-ID: <AM7PR07MB6248D4075A5B760DAA05AD05A0249@AM7PR07MB6248.eurprd07.prod.outlook.com>
References: <3786da98-9541-a50c-eb2e-aa2647014bf9@sit.fraunhofer.de> <ecf96fde-b6e3-c984-91c0-e35c3d5d3997@sit.fraunhofer.de> <7a59c0ab-fc7b-9dd6-84b3-3778ec68dcd6@sit.fraunhofer.de> <AM7PR07MB6248F06ECE85C8D4BF421195A0229@AM7PR07MB6248.eurprd07.prod.outlook.com> <b60a12b4-85dc-6004-067e-040298d2aa49@sit.fraunhofer.de> <CAFpG3gd+DcUs=ZPij-Ckn0e8ED_iyvYd-T2gqiH2uwXtF592Sg@mail.gmail.com> <AM7PR07MB6248BAC37AE2FC3B0D3C7A62A0259@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3geQqsePL0Huv=UK_SEy6oQtp4kxCrxrUR4BwyfEO=hxUQ@mail.gmail.com>
In-Reply-To: <CAFpG3geQqsePL0Huv=UK_SEy6oQtp4kxCrxrUR4BwyfEO=hxUQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM7PR07MB6248:EE_|DB9PR07MB7257:EE_
x-ms-office365-filtering-correlation-id: ffafb443-1e59-47db-2c62-08daadd58e81
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FtsRDkS9d4qIRQSsZSD7ejLJE0D6Ot95Nf6dBVG2gK09Yh67voCRgt9aFNYe7rC2hYnX5MJozJ1lcc4VSFRmVWb9dU95xbPriYSJNrkphd3MgqP/dSn31X8M60UXu5TENqnyM9G/cxz0unvnCXgZM596sP811fmVN9Pq9bagNrWjJpleM/sbfqpF+/TGibyAEgrR7zf/eccb0Iduh4uJ5PSlEYSiiKRTzF8HeRM752mjHufo1ulFfblBvdCtt4hIG+C2OeJpQo7sSgGnVoXF8h2jdRULPgDJ0XBCyEejtSNJHgfWPImL5NGSZ/fMXcjfzJWgfux73BWe3kiUfk3Nt62Eu9F+YBuc6Dl8l/e2H6lIz8w3Zgr2RFTo0aGEzuS1Mvg6HnSl9zjT5hasMoRcEYsIC51xE6QwcrDq3wCLo2um1n3d7D6oArnEU33otb71e1wXr8d+tiBX3hrrzQ5qbfTTkfu46ggvF/JBaqt5S12T++DWHjLkvruSTLw7vWE4FwgEkW8ipjXOtOyo4jLm1VpiKBr9JhH2+swdosh84ug7qXv+8MVmnWVbT1mOSjLRKeaLgz3ybS3L9aMvsRkQtnmeerTyaW8Pa3Q4ajb9j6xMkgOb1JPmqWXhvwOVtrSUbIaxbx7Co8FVP3nq1RfOPBLZDoD+Ye/oJbowrahWELA4wqpTxdUrkg4UQNcuAMqJafNXdS7YLHHHSjayIMMZMVWF2gQgW4UhQc31U+L+Sl6DN9T6czGgJ98s9pozEGnp0c/Gi7RlmC1Zp6wW96dwfC/UO5xcCuDsPEsLFKouYULI2RlifmH/xeffn5BXC9JATIjxYDnEZb9be7FzrP6lbul78WHFXi8C+PWUdaLLPFI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6248.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(346002)(376002)(366004)(39860400002)(136003)(396003)(451199015)(186003)(83380400001)(82960400001)(66574015)(86362001)(38100700002)(41300700001)(122000001)(5660300002)(2906002)(8936002)(38070700005)(52536014)(55016003)(4326008)(966005)(9686003)(6916009)(26005)(6506007)(7696005)(66446008)(66556008)(53546011)(64756008)(66476007)(76116006)(478600001)(91956017)(71200400001)(54906003)(316002)(66946007)(33656002)(21314003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: q70OHbBvsY/n9atHIopZFkeH7bEAhCz9WUEBS5Rcbt31qMCDTY1+rpMoQjgTAGducVyt0be2fzxgsb0mFvExjQrvJW0xAItRXAXqq+9HtNGUvjlZvpgJYjhVkMKEhmlMq2QahPZ5cAlr7qi/gcYTlI7rb0478DzctkHLc2sn2MYphJmxsJTHTjGHM5yoWTuJJ/rqJUIMoavqC0QjVoDgJE8AnqwcJoVuCRFWfvQOA/xdIlv4ElqH5BGtz+FbIXpBvWqXQmL7sbiYpJZRqil1ccvFZr2v3UUvNPAFCvurweLLNjTZvrooJ3t+gsllL6VjCrKC6uGuB9MelvdsALZGxgfppVfGhxTocYGJ5MLQv1xizWfcS7y7xVULZkH9Bj+K7ut+sIRI1aQp4CHvZ31kOXfoIsulXjA7y3qIzAx0MPH0FXpBWCJ0WZHY+lYzeYvvdthoWC5nZnCKhjxzv4PTMYLWUE1cQw0wEQrQDaqVENJAyf49kk67xPugejZX8iRTc9o+elcHmi/6vPfYHT2wjI9/Qli6LwQ38oVLTWdAB3Z40rGsNUDSzpHqFfheqb2nSvfXambkZGpm4pmfDcIutebIsteChxGbcCmXHmIxeHGsqSxnlzkBlm/nEWQfl7pTAA3o849wpfIuZAqlc39owTPvV7OwjF2ZcxGY9faoDF4LGL/cLS8XpfJKvg65MvxBGgl29aBwtr+Ae8ZA5X2gRdBcIlgmt52+66HqPOMPn8rHrWgn7y2RKQcscL2UOeLHHkjXFokjUy9QgCEgJKYnyozh2kcv+kIAfTd6bwwqAqrT0OllCvD2IaHC27nWeBw6KEtyWWtEneAoqHJkaKq/rftLKkz2O7cd3bhS5y1XE79Jr2r5yt4TxvFRt/oTqnSFBFx2VgqqmuQ6IH+jAWtTlFbOfO7m+4iKAigfDTmNwoyayjdRDWQiyxfYIEBT+F0y9zgW/JCOtRiBHO2Vlg22cM4Mao7G5l3PZmwgkk2QLT+1Lx7jKvG7T0CT055DXGGaO+OpvZBKlWPua+PAoev5EQ3a0CpGqGJ8ZiuHjMV5/ULSusD799cq525qxEkzBGvfCyRZSj4q7z+mnIE9ObDiuCBCsuGczkSAAHpwPYU5aLgUF4aaNZRQpGNB4WTPJUa4QZ9aJyBn4QmpF+cKUEH+QSDe9040AQKVBlXlJE84kiOUOgH5A1zsTIASHkAGJHbQdlxTUDoNbnLADS2xHGD8EuNb1NPS842ePFtYK4aPq3RHWagMaNuDqQyAiUF5b4LZIgGi+DQFP9lr3IC9rtwGoMSXEWdWZXgG5CsA7sxf3KTwXpliAUI/um47U8lodwhFiV9Rv6/pF9UMHvXfdfNHAQDLYwNI4xA1NW7PYc1Os106lkSVaSL9YfTiuqZCxJOKcWC+YUfaK5ik9uhyrRjfkDW5cX4Sdf6k5ioOvOhsZ00+g8+XT2vi+fpq2e0s902ohYaErPRQ5uDUzTpAZ1q2SH3fOXGyqxwEcXFU9rubrnqhNk4p92aI7Q+acxUU0Vyo2H/3Zv39kevhi7qG6Y6s32KE9hFa0kIe1/ugzBWJxBoMYrJ5VEbIIoC6YY3sEQNt
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR07MB6248.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ffafb443-1e59-47db-2c62-08daadd58e81
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2022 11:16:35.6503 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fKYCQK3zvKDAnNd8Qk+Z/mxGgDZqsvpTieoSaiiI2uJt304pUdXJdOvHYu6c8rcCAmWbv6Q0PxGMrjQhG6xuIg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7257
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/VgqMZ5fyuDTf0tjVuG9UCCdSwmU>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2022 11:16:41 -0000

From: tirumal reddy <kondtir@gmail.com>
Sent: 14 October 2022 09:22

On Thu, 13 Oct 2022 at 16:55, tom petch <ietfc@btconnect.com<mailto:ietfc@btconnect.com>> wrote:
From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>>
Sent: 13 October 2022 07:57

Thanks Tom for the review. Yes, we will fix the references identified by Tom.

<tp>
-09 looks better.

I still see a mix of TLS-1.2 and TLS-1-2; I am not sure if there is a rationale for that.  I prefer the former but that mix of characters may confuse others.

Good point, fixed in my copy https://github.com/tireddy2/mud-tls/blob/master/draft-ietf-opsawg-mud-tls-10.txt.


I see a number of editorial issues - I do not know if you want to look at those now or leave them to Last Call.

Please feel free to raise the editorial issues, we will fix them.


One slightly technical one is that it is very rare to start a YANG prefix with ietf as the IANA webpages show - filename, MUST, prefix SHOULD NOT IMHO.  Thus acl has a prefix of acl so I would see the augment as acl-tls and not ietf-acl-tls; but mud is ietf-mud (unfortunately:-( so the augment is perhaps  better as ietf-mud-tls.

We followed the format similar to ietf-access-control-list (YANG data model of network ACL) and ietf-mud to be consistent.

<tp2>
Um, that is not what I see.  It is the prefix I have in mind where RFC8519 specifies a prefix of acl and that is what you use in the import.  An extension to that module could then have a prefix of acl-xxx or some such where you have specified ietf-acl-tls.  It is that 'ietf' that I see as unusual.

Editorially, not all of which you may want to fix at this time

'The YANG module specified in Section 5...'
suggest adding the subsection since there is more than one

'specific terms are used'
suggest using the terms here e.g. TLS and DTLS are used

s.4 
incapable to decipher
perhaps 'unable to decipher' or 'incapable of deciphering'

s.5.1
Add an Infornative Reference to RFC8340 for the meaning of tree diagrams

s.5.2
/Simplified BSD/Revised BSD/

revision date is out of date

SPKI probably needs expanding both in the body and in the YANG modules

The description of certificate-authorities looks like it is too long for an RFC

s.5.3
BSD license again

revision date again

s.5.4
ditto

author e-mail address is not the same as elsewhere

YANG import MUST have a reference clause which MUST be a Normative reference

does profile-supported have a default?

s.8
There is a template for YANG security as referenced by RFC8407 which I note is not used here

s.9
I note that this is TLS and not (D)TLS. Is that intended?  s.4 uses the latter

s.10
When specifying Expert Review, guidance is often given as to what the experts should look for and where.

Tom Petch





Cheers,
-Tiru



Tom Petch

Cheers,
-Tiru

On Wed, 12 Oct 2022 at 18:37, Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de><mailto:henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>> wrote:
Hi Tom,

would it be possible for you to augment your first comment with change
proposals, if possible?

@authors: it seems to me that the references issues Tom now provided in
specific detail could be resolved in this thread in a timely manner. Is
that correct?

Viele Grüße,

Henk

On 12.10.22 13:39, tom petch wrote:
> From: OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org><mailto:opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>>> on behalf of Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de><mailto:henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>>
> Sent: 06 October 2022 13:26
>
> Dear authors and contributors,
>
> thank you for your hard work. As it seems that all existing issues have
> been resolve, we'll move the I-D to write-up in the datatracker.
>
> Also, thanks Thomas Fossati for stepping up as shepherd!
>
> <tp>
> My main comment on this remains the mix of two different YANG modules with different life cycles; I expect that l will comment again on the Last Call list to give this issue more exposure.
>
> Of lesser import, I cannot make sense of the references.
> I see [RFC5246] which normally means that a reference has been created.  Not here, so there would seem to have been some chicanery involved, that this I-D has not been produced by the usual IETF tools.
>
> I also see RFC5869, RFC6346, RFC8447 which seem absent from the I-D References.
>
> dtls13 is now an RFC.
>
> What is the difference between
> draft-ietf-tls-dtls13:
> and
>              "RFC DDDD: Datagram Transport Layer Security 1.3";
>   ?
> How do I find
>          "RFC CCCC: Common YANG Data Types for Cryptography";
>   or
>         "RFC IIII: Common YANG Data Types for Hash algorithms"; ?
>
> Does tls-1-2 mean the same as tls-1.2?  And is this the same as that which the Netconf WG refers to as tls12?
>
> Tom Petch
>
>
> For the OPSAWG co-chairs,
>
> Henk
>
>
> On 29.09.22 10:27, Henk Birkholz wrote:
>> Dear OPSAWG members,
>>
>> this email concludes the first WGLC call for
>> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html.
>>
>> A few comments where raised. Authors/editors, please go ahead and
>> address these as discussed on the list.
>>
>>
>> For the OPSAWG co-chairs,
>>
>> Henk
>>
>> On 14.09.22 16:07, Henk Birkholz wrote:
>>> Dear OPSAWG members,
>>>
>>> this email starts a two week period for a Working Group Last Call of
>>>
>>>> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html
>>>
>>> ending on Thursday, September 28th.
>>>
>>> The authors believe the Internet-Draft is ready for a WGLC and the
>>> chairs agree. The draft has been discussed visibly at IETF 114 and
>>> review feedback has been incorporated in -07.
>>>
>>> Please send your comments to the list and your assessment of whether
>>> or not it is ready to proceed to publication before September 28th.
>>>
>>>
>>> For the OPSAWG co-chairs,
>>>
>>> Henk
>>
>> _______________________________________________
>> OPSAWG mailing list
>> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>
>> https://www.ietf.org/mailman/listinfo/opsawg
>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>
> https://www.ietf.org/mailman/listinfo/opsawg

v2.23.0 | Report a Bug | By Email