IETF Logo Mail Archive

Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07

tirumal reddy <kondtir@gmail.com> Tue, 18 October 2022 05:33 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408B8C14F748; Mon, 17 Oct 2022 22:33:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3937QROHlgXC; Mon, 17 Oct 2022 22:33:45 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14024C14F732; Mon, 17 Oct 2022 22:33:45 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id a25so16595239ljk.0; Mon, 17 Oct 2022 22:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/qCM3W0GPLUTlItzCjJUrqCNoATOqdDWIl8mcvkuQaE=; b=KUyCcHVfoAp7OujU50xxqstTFvwIzLlZ5Paf9INwnsMwBnQloBy3US8wokPuIiHxZo 7HB7vPMRXiKPAk7zSHwAuReu4Uy1PopOTfwijJBsJAdNuCN/b8SAY7vWhknuAyQO0HJ+ dRjccm8gu+Zseb63VqcNhcM5gGa4UUoYfYIqFtPDjA3l30zBIFGUH/+rkUhNovWpuHn0 QKAhYO4h+BwPAGR+Q6EpPC7C+xk8VbLwO6V9k1obnAPXe560CWBSbra3svW/MeCzUses jmbFbcPjoYAUDsV+SpZXFOkjZ+DOe6AedBH9k6uoRsYK/7ySzuMvXoJPprLV5KMA2ehj rRXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/qCM3W0GPLUTlItzCjJUrqCNoATOqdDWIl8mcvkuQaE=; b=Zo8Uhxbxmb7XqLCf7O6Hfx7H9fjJbZU8SXP+IU3Ocwe5IZ+8m/vniqL1uFTYCId7GL 8/NEJXRNfjk4Emx9ByDe6XAZznA+l3++tBLk1Am56GBtRw9SsvT0WD0Ykw6i4VpRErvw 18M5mFesmOdK6vIkj0ZqxA7Gv30Ai7vGz/nF86ZxnH43zFs03zfOy11f3IOPQWcsbtdO 0i/QPWdD3L08U7u4pg9qYkuDswFbfZWFVTQw/w93XGVI6T+4Xab/G9a9yFKmyqZ/wFIU 8dyPC763eBEyemVUz9mVND6bLGe1RT2Se6LPKV/YTid2T7+L6FKIBlUm84Cqsh49vlEo ziFQ==
X-Gm-Message-State: ACrzQf3HLS7DUTiq+M1mX0lXslE9VF7+2qljbKPYland8o277EvgoPLB hox+0tMkWIX+UJwlbYXN8NY4IB4QxkYy46+piC0=
X-Google-Smtp-Source: AMsMyM7pF/NI1/cw4EAM8nE9jX27e+O9Ei/+drjQB48fCbvOU6j5xqdLj8D3GK5k8GcWQ7Y0J4hyqGFgvynxVfnbwnI=
X-Received: by 2002:a2e:a810:0:b0:26f:c2a8:c48 with SMTP id l16-20020a2ea810000000b0026fc2a80c48mr451933ljq.6.1666071222339; Mon, 17 Oct 2022 22:33:42 -0700 (PDT)
MIME-Version: 1.0
References: <3786da98-9541-a50c-eb2e-aa2647014bf9@sit.fraunhofer.de> <ecf96fde-b6e3-c984-91c0-e35c3d5d3997@sit.fraunhofer.de> <7a59c0ab-fc7b-9dd6-84b3-3778ec68dcd6@sit.fraunhofer.de> <AM7PR07MB6248F06ECE85C8D4BF421195A0229@AM7PR07MB6248.eurprd07.prod.outlook.com> <b60a12b4-85dc-6004-067e-040298d2aa49@sit.fraunhofer.de> <CAFpG3gd+DcUs=ZPij-Ckn0e8ED_iyvYd-T2gqiH2uwXtF592Sg@mail.gmail.com> <AM7PR07MB6248BAC37AE2FC3B0D3C7A62A0259@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3geQqsePL0Huv=UK_SEy6oQtp4kxCrxrUR4BwyfEO=hxUQ@mail.gmail.com> <AM7PR07MB6248D4075A5B760DAA05AD05A0249@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3gd2n+We3y0tk7k7o7kekK3B58w6W76gxXQ_Gi=O6UZcSQ@mail.gmail.com> <AM7PR07MB62486102E4E51C8649ED420EA0299@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB62486102E4E51C8649ED420EA0299@AM7PR07MB6248.eurprd07.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 18 Oct 2022 11:03:30 +0530
Message-ID: <CAFpG3gcBy06=TvexC96X0buLrqc6EAE7hQd5JmmC6aULvi5cOg@mail.gmail.com>
To: tom petch <ietfc@btconnect.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-mud-tls@ietf.org" <draft-ietf-opsawg-mud-tls@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Content-Type: multipart/alternative; boundary="00000000000060cd1f05eb486f56"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/vEr4YIvjxeeqCrTSuuCJKoi8Lak>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 05:33:46 -0000

On Mon, 17 Oct 2022 at 16:28, tom petch <ietfc@btconnect.com> wrote:

> inline <tp3> one minor editorial comment plus a technical one which I do
> not know the answer to.
>
> From: tirumal reddy <kondtir@gmail.com>
> Sent: 14 October 2022 14:01
>
> On Fri, 14 Oct 2022 at 16:46, tom petch <ietfc@btconnect.com<mailto:
> ietfc@btconnect.com>> wrote:
> From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>>
> Sent: 14 October 2022 09:22
>
> On Thu, 13 Oct 2022 at 16:55, tom petch <ietfc@btconnect.com<mailto:
> ietfc@btconnect.com><mailto:ietfc@btconnect.com<mailto:ietfc@btconnect.com>>>
> wrote:
> From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com><mailto:
> kondtir@gmail.com<mailto:kondtir@gmail.com>>>
> Sent: 13 October 2022 07:57
>
> Thanks Tom for the review. Yes, we will fix the references identified by
> Tom.
>
> <tp>
> -09 looks better.
>
> I still see a mix of TLS-1.2 and TLS-1-2; I am not sure if there is a
> rationale for that.  I prefer the former but that mix of characters may
> confuse others.
>
> Good point, fixed in my copy
> https://github.com/tireddy2/mud-tls/blob/master/draft-ietf-opsawg-mud-tls-10.txt
> .
>
>
> I see a number of editorial issues - I do not know if you want to look at
> those now or leave them to Last Call.
>
> Please feel free to raise the editorial issues, we will fix them.
>
>
> One slightly technical one is that it is very rare to start a YANG prefix
> with ietf as the IANA webpages show - filename, MUST, prefix SHOULD NOT
> IMHO.  Thus acl has a prefix of acl so I would see the augment as acl-tls
> and not ietf-acl-tls; but mud is ietf-mud (unfortunately:-( so the augment
> is perhaps  better as ietf-mud-tls.
>
> We followed the format similar to ietf-access-control-list (YANG data
> model of network ACL) and ietf-mud to be consistent.
>
> <tp2>
> Um, that is not what I see.  It is the prefix I have in mind where RFC8519
> specifies a prefix of acl and that is what you use in the import.  An
> extension to that module could then have a prefix of acl-xxx or some such
> where you have specified ietf-acl-tls.  It is that 'ietf' that I see as
> unusual.
>
> Got it, changed the prefix to "acl-tls".
>
>
> Editorially, not all of which you may want to fix at this time
>
> 'The YANG module specified in Section 5...'
> suggest adding the subsection since there is more than one
>
> 'specific terms are used'
> suggest using the terms here e.g. TLS and DTLS are used
>
> s.4
> incapable to decipher
> perhaps 'unable to decipher' or 'incapable of deciphering'
>
> s.5.1
> Add an Infornative Reference to RFC8340 for the meaning of tree diagrams
>
> s.5.2
> /Simplified BSD/Revised BSD/
>
> revision date is out of date
>
> SPKI probably needs expanding both in the body and in the YANG modules
>
> The description of certificate-authorities looks like it is too long for
> an RFC
>
> s.5.3
> BSD license again
>
> revision date again
>
> s.5.4
> ditto
>
> author e-mail address is not the same as elsewhere
>
> YANG import MUST have a reference clause which MUST be a Normative
> reference
>
> Thanks, I fixed all the above editorial issues.
>
> <tp3>
> Almost.  I am still seeing a YANG import in s.5.4 which has no reference
> clause.
>

Thanks, fixed in git repo.


>
> Also, there is a technical YANG issue to which I do not know the answer
> and have posted that to the netmod list.  AFAICT there has been no YANG
> Doctor review and it is an issue that at least some YANG Doctors would
> comment on
>

We will publish the revised version after the review from YANG Doctor and
the response to your question in netmod list.

Cheers,
-Tiru


>
> Tom Petch
>
> does profile-supported have a default ?
>
> No.
>
>
> s.8
> There is a template for YANG security as referenced by RFC8407 which I
> note is not used here
>
> Thanks, added note that it is not applicable to draft as it is not meant
> to be accessed via NETCONF/RESTCONF..
>
>
> s.9
> I note that this is TLS and not (D)TLS. Is that intended?  s.4 uses the
> latter
>
> Fixed, it is supposed to be (D)TLS.
>
>
> s.10
> When specifying Expert Review, guidance is often given as to what the
> experts should look for and where.
>
> Yes, I added details for Expert Review..
>
> Cheers,
> -Tiru
>
>
> Tom Petch
>
>
>
>
>
> Cheers,
> -Tiru
>
>
>
> Tom Petch
>
> Cheers,
> -Tiru
>
> On Wed, 12 Oct 2022 at 18:37, Henk Birkholz <
> henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de
> ><mailto:henk.birkholz@sit.fraunhofer.de<mailto:
> henk.birkholz@sit.fraunhofer.de>><mailto:henk.birkholz@sit.fraunhofer.de
> <mailto:henk.birkholz@sit.fraunhofer.de><mailto:
> henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>>>
> wrote:
> Hi Tom,
>
> would it be possible for you to augment your first comment with change
> proposals, if possible?
>
> @authors: it seems to me that the references issues Tom now provided in
> specific detail could be resolved in this thread in a timely manner. Is
> that correct?
>
> Viele Grüße,
>
> Henk
>
> On 12.10.22 13:39, tom petch wrote:
> > From: OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org
> ><mailto:opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>><mailto:
> opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org><mailto:
> opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>>>> on behalf of
> Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:
> henk.birkholz@sit.fraunhofer.de><mailto:henk.birkholz@sit.fraunhofer.de
> <mailto:henk.birkholz@sit.fraunhofer.de>><mailto:
> henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de
> ><mailto:henk.birkholz@sit.fraunhofer.de<mailto:
> henk.birkholz@sit.fraunhofer.de>>>>
> > Sent: 06 October 2022 13:26
> >
> > Dear authors and contributors,
> >
> > thank you for your hard work. As it seems that all existing issues have
> > been resolve, we'll move the I-D to write-up in the datatracker.
> >
> > Also, thanks Thomas Fossati for stepping up as shepherd!
> >
> > <tp>
> > My main comment on this remains the mix of two different YANG modules
> with different life cycles; I expect that l will comment again on the Last
> Call list to give this issue more exposure.
> >
> > Of lesser import, I cannot make sense of the references.
> > I see [RFC5246] which normally means that a reference has been created.
> Not here, so there would seem to have been some chicanery involved, that
> this I-D has not been produced by the usual IETF tools.
> >
> > I also see RFC5869, RFC6346, RFC8447 which seem absent from the I-D
> References.
> >
> > dtls13 is now an RFC.
> >
> > What is the difference between
> > draft-ietf-tls-dtls13:
> > and
> >              "RFC DDDD: Datagram Transport Layer Security 1.3";
> >   ?
> > How do I find
> >          "RFC CCCC: Common YANG Data Types for Cryptography";
> >   or
> >         "RFC IIII: Common YANG Data Types for Hash algorithms"; ?
> >
> > Does tls-1-2 mean the same as tls-1.2?  And is this the same as that
> which the Netconf WG refers to as tls12?
> >
> > Tom Petch
> >
> >
> > For the OPSAWG co-chairs,
> >
> > Henk
> >
> >
> > On 29.09.22 10:27, Henk Birkholz wrote:
> >> Dear OPSAWG members,
> >>
> >> this email concludes the first WGLC call for
> >> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html.
> >>
> >> A few comments where raised. Authors/editors, please go ahead and
> >> address these as discussed on the list.
> >>
> >>
> >> For the OPSAWG co-chairs,
> >>
> >> Henk
> >>
> >> On 14.09.22 16:07, Henk Birkholz wrote:
> >>> Dear OPSAWG members,
> >>>
> >>> this email starts a two week period for a Working Group Last Call of
> >>>
> >>>> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html
> >>>
> >>> ending on Thursday, September 28th.
> >>>
> >>> The authors believe the Internet-Draft is ready for a WGLC and the
> >>> chairs agree. The draft has been discussed visibly at IETF 114 and
> >>> review feedback has been incorporated in -07.
> >>>
> >>> Please send your comments to the list and your assessment of whether
> >>> or not it is ready to proceed to publication before September 28th.
> >>>
> >>>
> >>> For the OPSAWG co-chairs,
> >>>
> >>> Henk
> >>
> >> _______________________________________________
> >> OPSAWG mailing list
> >> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:
> OPSAWG@ietf.org>><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:
> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>>
> >> https://www.ietf.org/mailman/listinfo/opsawg
> >
> > _______________________________________________
> > OPSAWG mailing list
> > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto:
> OPSAWG@ietf.org>><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:
> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>>
> > https://www.ietf.org/mailman/listinfo/opsawg
>

v2.23.0 | Report a Bug | By Email