Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
tirumal reddy <kondtir@gmail.com> Tue, 18 October 2022 05:33 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408B8C14F748; Mon, 17 Oct 2022 22:33:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3937QROHlgXC; Mon, 17 Oct 2022 22:33:45 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14024C14F732; Mon, 17 Oct 2022 22:33:45 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id a25so16595239ljk.0; Mon, 17 Oct 2022 22:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/qCM3W0GPLUTlItzCjJUrqCNoATOqdDWIl8mcvkuQaE=; b=KUyCcHVfoAp7OujU50xxqstTFvwIzLlZ5Paf9INwnsMwBnQloBy3US8wokPuIiHxZo 7HB7vPMRXiKPAk7zSHwAuReu4Uy1PopOTfwijJBsJAdNuCN/b8SAY7vWhknuAyQO0HJ+ dRjccm8gu+Zseb63VqcNhcM5gGa4UUoYfYIqFtPDjA3l30zBIFGUH/+rkUhNovWpuHn0 QKAhYO4h+BwPAGR+Q6EpPC7C+xk8VbLwO6V9k1obnAPXe560CWBSbra3svW/MeCzUses jmbFbcPjoYAUDsV+SpZXFOkjZ+DOe6AedBH9k6uoRsYK/7ySzuMvXoJPprLV5KMA2ehj rRXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/qCM3W0GPLUTlItzCjJUrqCNoATOqdDWIl8mcvkuQaE=; b=Zo8Uhxbxmb7XqLCf7O6Hfx7H9fjJbZU8SXP+IU3Ocwe5IZ+8m/vniqL1uFTYCId7GL 8/NEJXRNfjk4Emx9ByDe6XAZznA+l3++tBLk1Am56GBtRw9SsvT0WD0Ykw6i4VpRErvw 18M5mFesmOdK6vIkj0ZqxA7Gv30Ai7vGz/nF86ZxnH43zFs03zfOy11f3IOPQWcsbtdO 0i/QPWdD3L08U7u4pg9qYkuDswFbfZWFVTQw/w93XGVI6T+4Xab/G9a9yFKmyqZ/wFIU 8dyPC763eBEyemVUz9mVND6bLGe1RT2Se6LPKV/YTid2T7+L6FKIBlUm84Cqsh49vlEo ziFQ==
X-Gm-Message-State: ACrzQf3HLS7DUTiq+M1mX0lXslE9VF7+2qljbKPYland8o277EvgoPLB hox+0tMkWIX+UJwlbYXN8NY4IB4QxkYy46+piC0=
X-Google-Smtp-Source: AMsMyM7pF/NI1/cw4EAM8nE9jX27e+O9Ei/+drjQB48fCbvOU6j5xqdLj8D3GK5k8GcWQ7Y0J4hyqGFgvynxVfnbwnI=
X-Received: by 2002:a2e:a810:0:b0:26f:c2a8:c48 with SMTP id l16-20020a2ea810000000b0026fc2a80c48mr451933ljq.6.1666071222339; Mon, 17 Oct 2022 22:33:42 -0700 (PDT)
MIME-Version: 1.0
References: <3786da98-9541-a50c-eb2e-aa2647014bf9@sit.fraunhofer.de> <ecf96fde-b6e3-c984-91c0-e35c3d5d3997@sit.fraunhofer.de> <7a59c0ab-fc7b-9dd6-84b3-3778ec68dcd6@sit.fraunhofer.de> <AM7PR07MB6248F06ECE85C8D4BF421195A0229@AM7PR07MB6248.eurprd07.prod.outlook.com> <b60a12b4-85dc-6004-067e-040298d2aa49@sit.fraunhofer.de> <CAFpG3gd+DcUs=ZPij-Ckn0e8ED_iyvYd-T2gqiH2uwXtF592Sg@mail.gmail.com> <AM7PR07MB6248BAC37AE2FC3B0D3C7A62A0259@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3geQqsePL0Huv=UK_SEy6oQtp4kxCrxrUR4BwyfEO=hxUQ@mail.gmail.com> <AM7PR07MB6248D4075A5B760DAA05AD05A0249@AM7PR07MB6248.eurprd07.prod.outlook.com> <CAFpG3gd2n+We3y0tk7k7o7kekK3B58w6W76gxXQ_Gi=O6UZcSQ@mail.gmail.com> <AM7PR07MB62486102E4E51C8649ED420EA0299@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB62486102E4E51C8649ED420EA0299@AM7PR07MB6248.eurprd07.prod.outlook.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 18 Oct 2022 11:03:30 +0530
Message-ID: <CAFpG3gcBy06=TvexC96X0buLrqc6EAE7hQd5JmmC6aULvi5cOg@mail.gmail.com>
To: tom petch <ietfc@btconnect.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, opsawg <opsawg@ietf.org>, "draft-ietf-opsawg-mud-tls@ietf.org" <draft-ietf-opsawg-mud-tls@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Content-Type: multipart/alternative; boundary="00000000000060cd1f05eb486f56"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/vEr4YIvjxeeqCrTSuuCJKoi8Lak>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-tls-07
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 05:33:46 -0000
On Mon, 17 Oct 2022 at 16:28, tom petch <ietfc@btconnect.com> wrote: > inline <tp3> one minor editorial comment plus a technical one which I do > not know the answer to. > > From: tirumal reddy <kondtir@gmail.com> > Sent: 14 October 2022 14:01 > > On Fri, 14 Oct 2022 at 16:46, tom petch <ietfc@btconnect.com<mailto: > ietfc@btconnect.com>> wrote: > From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>> > Sent: 14 October 2022 09:22 > > On Thu, 13 Oct 2022 at 16:55, tom petch <ietfc@btconnect.com<mailto: > ietfc@btconnect.com><mailto:ietfc@btconnect.com<mailto:ietfc@btconnect.com>>> > wrote: > From: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com><mailto: > kondtir@gmail.com<mailto:kondtir@gmail.com>>> > Sent: 13 October 2022 07:57 > > Thanks Tom for the review. Yes, we will fix the references identified by > Tom. > > <tp> > -09 looks better. > > I still see a mix of TLS-1.2 and TLS-1-2; I am not sure if there is a > rationale for that. I prefer the former but that mix of characters may > confuse others. > > Good point, fixed in my copy > https://github.com/tireddy2/mud-tls/blob/master/draft-ietf-opsawg-mud-tls-10.txt > . > > > I see a number of editorial issues - I do not know if you want to look at > those now or leave them to Last Call. > > Please feel free to raise the editorial issues, we will fix them. > > > One slightly technical one is that it is very rare to start a YANG prefix > with ietf as the IANA webpages show - filename, MUST, prefix SHOULD NOT > IMHO. Thus acl has a prefix of acl so I would see the augment as acl-tls > and not ietf-acl-tls; but mud is ietf-mud (unfortunately:-( so the augment > is perhaps better as ietf-mud-tls. > > We followed the format similar to ietf-access-control-list (YANG data > model of network ACL) and ietf-mud to be consistent. > > <tp2> > Um, that is not what I see. It is the prefix I have in mind where RFC8519 > specifies a prefix of acl and that is what you use in the import. An > extension to that module could then have a prefix of acl-xxx or some such > where you have specified ietf-acl-tls. It is that 'ietf' that I see as > unusual. > > Got it, changed the prefix to "acl-tls". > > > Editorially, not all of which you may want to fix at this time > > 'The YANG module specified in Section 5...' > suggest adding the subsection since there is more than one > > 'specific terms are used' > suggest using the terms here e.g. TLS and DTLS are used > > s.4 > incapable to decipher > perhaps 'unable to decipher' or 'incapable of deciphering' > > s.5.1 > Add an Infornative Reference to RFC8340 for the meaning of tree diagrams > > s.5.2 > /Simplified BSD/Revised BSD/ > > revision date is out of date > > SPKI probably needs expanding both in the body and in the YANG modules > > The description of certificate-authorities looks like it is too long for > an RFC > > s.5.3 > BSD license again > > revision date again > > s.5.4 > ditto > > author e-mail address is not the same as elsewhere > > YANG import MUST have a reference clause which MUST be a Normative > reference > > Thanks, I fixed all the above editorial issues. > > <tp3> > Almost. I am still seeing a YANG import in s.5.4 which has no reference > clause. > Thanks, fixed in git repo. > > Also, there is a technical YANG issue to which I do not know the answer > and have posted that to the netmod list. AFAICT there has been no YANG > Doctor review and it is an issue that at least some YANG Doctors would > comment on > We will publish the revised version after the review from YANG Doctor and the response to your question in netmod list. Cheers, -Tiru > > Tom Petch > > does profile-supported have a default ? > > No. > > > s.8 > There is a template for YANG security as referenced by RFC8407 which I > note is not used here > > Thanks, added note that it is not applicable to draft as it is not meant > to be accessed via NETCONF/RESTCONF.. > > > s.9 > I note that this is TLS and not (D)TLS. Is that intended? s.4 uses the > latter > > Fixed, it is supposed to be (D)TLS. > > > s.10 > When specifying Expert Review, guidance is often given as to what the > experts should look for and where. > > Yes, I added details for Expert Review.. > > Cheers, > -Tiru > > > Tom Petch > > > > > > Cheers, > -Tiru > > > > Tom Petch > > Cheers, > -Tiru > > On Wed, 12 Oct 2022 at 18:37, Henk Birkholz < > henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de > ><mailto:henk.birkholz@sit.fraunhofer.de<mailto: > henk.birkholz@sit.fraunhofer.de>><mailto:henk.birkholz@sit.fraunhofer.de > <mailto:henk.birkholz@sit.fraunhofer.de><mailto: > henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>>> > wrote: > Hi Tom, > > would it be possible for you to augment your first comment with change > proposals, if possible? > > @authors: it seems to me that the references issues Tom now provided in > specific detail could be resolved in this thread in a timely manner. Is > that correct? > > Viele Grüße, > > Henk > > On 12.10.22 13:39, tom petch wrote: > > From: OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org > ><mailto:opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>><mailto: > opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org><mailto: > opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>>>> on behalf of > Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto: > henk.birkholz@sit.fraunhofer.de><mailto:henk.birkholz@sit.fraunhofer.de > <mailto:henk.birkholz@sit.fraunhofer.de>><mailto: > henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de > ><mailto:henk.birkholz@sit.fraunhofer.de<mailto: > henk.birkholz@sit.fraunhofer.de>>>> > > Sent: 06 October 2022 13:26 > > > > Dear authors and contributors, > > > > thank you for your hard work. As it seems that all existing issues have > > been resolve, we'll move the I-D to write-up in the datatracker. > > > > Also, thanks Thomas Fossati for stepping up as shepherd! > > > > <tp> > > My main comment on this remains the mix of two different YANG modules > with different life cycles; I expect that l will comment again on the Last > Call list to give this issue more exposure. > > > > Of lesser import, I cannot make sense of the references. > > I see [RFC5246] which normally means that a reference has been created. > Not here, so there would seem to have been some chicanery involved, that > this I-D has not been produced by the usual IETF tools. > > > > I also see RFC5869, RFC6346, RFC8447 which seem absent from the I-D > References. > > > > dtls13 is now an RFC. > > > > What is the difference between > > draft-ietf-tls-dtls13: > > and > > "RFC DDDD: Datagram Transport Layer Security 1.3"; > > ? > > How do I find > > "RFC CCCC: Common YANG Data Types for Cryptography"; > > or > > "RFC IIII: Common YANG Data Types for Hash algorithms"; ? > > > > Does tls-1-2 mean the same as tls-1.2? And is this the same as that > which the Netconf WG refers to as tls12? > > > > Tom Petch > > > > > > For the OPSAWG co-chairs, > > > > Henk > > > > > > On 29.09.22 10:27, Henk Birkholz wrote: > >> Dear OPSAWG members, > >> > >> this email concludes the first WGLC call for > >> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html. > >> > >> A few comments where raised. Authors/editors, please go ahead and > >> address these as discussed on the list. > >> > >> > >> For the OPSAWG co-chairs, > >> > >> Henk > >> > >> On 14.09.22 16:07, Henk Birkholz wrote: > >>> Dear OPSAWG members, > >>> > >>> this email starts a two week period for a Working Group Last Call of > >>> > >>>> https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-07.html > >>> > >>> ending on Thursday, September 28th. > >>> > >>> The authors believe the Internet-Draft is ready for a WGLC and the > >>> chairs agree. The draft has been discussed visibly at IETF 114 and > >>> review feedback has been incorporated in -07. > >>> > >>> Please send your comments to the list and your assessment of whether > >>> or not it is ready to proceed to publication before September 28th. > >>> > >>> > >>> For the OPSAWG co-chairs, > >>> > >>> Henk > >> > >> _______________________________________________ > >> OPSAWG mailing list > >> OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto: > OPSAWG@ietf.org>><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto: > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>> > >> https://www.ietf.org/mailman/listinfo/opsawg > > > > _______________________________________________ > > OPSAWG mailing list > > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto:OPSAWG@ietf.org<mailto: > OPSAWG@ietf.org>><mailto:OPSAWG@ietf.org<mailto:OPSAWG@ietf.org><mailto: > OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>>> > > https://www.ietf.org/mailman/listinfo/opsawg >
- [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud… Henk Birkholz
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… mohamed.boucadair
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tirumal reddy
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… Henk Birkholz
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… Henk Birkholz
- [OPSAWG] 🔔 WGLC and Shepherd write-up concluded f… Henk Birkholz
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… Henk Birkholz
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tirumal reddy
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tirumal reddy
- Re: [OPSAWG] 🔔 WGLC and Shepherd write-up conclud… Henk Birkholz
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tirumal reddy
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tom petch
- Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg… tirumal reddy