[Rats] Pull request for the charra YANG model

"Eric Voit (evoit)" <evoit@cisco.com> Wed, 10 June 2020 16:18 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0B133A0A63 for <rats@ietfa.amsl.com>; Wed, 10 Jun 2020 09:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=k097VgBQ; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=ABpzUZlG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4xyksv7skGc for <rats@ietfa.amsl.com>; Wed, 10 Jun 2020 09:17:59 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048A83A0A62 for <rats@ietf.org>; Wed, 10 Jun 2020 09:17:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19306; q=dns/txt; s=iport; t=1591805878; x=1593015478; h=from:to:cc:subject:date:message-id:mime-version; bh=u5zpJpQ3rYVM9lZAmOaERiDWCHeppc504hqtCH+UjwI=; b=k097VgBQaWrkowCR2o869sNXyzaqxWZ4yVBoNmwklAqxInzpuR86mpmg qopMNrrzMCvcPGiaOlLHGNGzM6QL2af66EXrL2Fszzkfl3fh+d3AlV9t3 qX6IUxQztSaLD33WVodU3Fkab8KFw9UlnnB6K0ReUwFElgesqMNckAGGn I=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:10v8QRec0375dVC9sHIdn32ylGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaSB9fA6u4ChfDfrqbgXmIN+9CNvSNKfJ9NUkoDjsMb10wlDdWeAEL2ZPjtc2QhHctEWVMkmhPzMUVcFMvkIVGHpHq04G0JGwm5OxB8O+L1HYDflYK72rP695jaeQ4dgj27bPt7Jwm3qgOEsM4QjO4AYqY8wxfEuD1GYeNTkGhpPlmU2R3745S9
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CkAAATB+Fe/5pdJa1mHAEBAQEBAQcBARIBAQQEAQFAgTgFAQELAYEiL1IHbystLyyHagOVGYwUhGiBLoEkA1UEBwEBAQkDAQEjCgIEAQGERAKCGQIkNgcOAgMBAQsBAQUBAQECAQYEbYVbDIV1FhsTAQE3AREBUDAmAQQBDQ0GFIMFgX5NAx8PAQ6oCQKBOYhhdIE0gwEBAQWBR0CDQhiCBwcDBoE4AYFSgRGII4FEGoFBP4ERQ4IfgVcZAXRuAoE8KyuDGoItmHeBEJoqCoJZBIQhglOBQ5B4nleREooIlBkCBAIEBQIOAQEFgVkBMoFWcBWDJFAXAg2OHoNxih0BOHQ3AgYIAQEDCXyMUIJFAQE
X-IronPort-AV: E=Sophos;i="5.73,496,1583193600"; d="p7s'?scan'208,217";a="772334316"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Jun 2020 16:17:56 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 05AGHukR020342 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 10 Jun 2020 16:17:56 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 10 Jun 2020 11:17:56 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 10 Jun 2020 11:17:55 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 10 Jun 2020 11:17:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Kc8gZThCyGmd/QWk1XGrByVuRZAn4d0gHCAJfEy+5lpGnvJIak7/GS1Ph7kISgI/rSMakuZ0pqEqINK6k6UfKHiqvGXKkrVcJIbyl+NjzdYdAgfiCtiTTrnCFtGduRjUJ2m/9UBoCAgMf+WwLr2VhNiafAB0kWKlR6GKUNOFs5oZ7Ox9rTqMLrmtL7FeRMNwu4ShgkWk3dNmQmyIC9nG30lYAUxmX12KYQGFVjZoKV9VuTFZRkcxRGBMxdA+qNvcOwAvU1TsJ7d55I8pt0ZkJt1iSgPPsRbH/WQDv6XCOnGppMEjLMOsRTudZVt9EXozngrr3ceNyEMevST5Zyd4LQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=raROC1AEa9co+lv4C7iPYhgno0OjDCmXp2DlfT7tgko=; b=YhWXnzDGeVarkmyUifPrGFZBb87AVt8B2ADaGg0+v0zQNahCDWQqm7GptnCJF3vqVen6D2SMBqziSSsSbO76X5eksPdvU2JILuStGgK0bN47l3HHxa/ubK+/O0NxmeL2dFdQvc0baUEsGdU5LQXLStbSm2rmoty0mBfVdo6JeoFXTTsxovfdkeKsySMPMwwKCD88mbL9SzXxkzZ/J9d+oal9yz2myZLZ5LG4e4kgg8RfuWytYqrULux6xSJGZ/ZIaR00FYn2oYCsuWrcZIrQCNrUmJyXCjBS3WygyTReGvgYzL6R6EEfOYiz1vf0MizHwKhQyyWcmr0N4tbDb0g/1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=raROC1AEa9co+lv4C7iPYhgno0OjDCmXp2DlfT7tgko=; b=ABpzUZlGkGbaRl6OVKrz8Jpft7qfOIfJgdrunhYDurugufBbrGwEMVD0v+L0fzN68NtTcAFpTOD3FlJ08/KJ8pxfAo0FFndLIG+Bga3I/wuF9P263scYQugxWyBdO/k8pw6WjNnIaYUcSpiHtXXbbobGZaR3p0qj9QWNkXdamKQ=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL0PR11MB3457.namprd11.prod.outlook.com (2603:10b6:208:64::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.23; Wed, 10 Jun 2020 16:17:53 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::20ac:d8b4:4a4f:4290]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::20ac:d8b4:4a4f:4290%7]) with mapi id 15.20.3088.018; Wed, 10 Jun 2020 16:17:53 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "henk.birkholz@sit.fraunhofer.de" <henk.birkholz@sit.fraunhofer.de>, "michael.eckel@sit.fraunhofer.de" <michael.eckel@sit.fraunhofer.de>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "Bill Sulzen (bsulzen)" <bsulzen@cisco.com>, "frank.xialiang@huawei.com" <frank.xialiang@huawei.com>, "tom.laffey@hpe.com" <tom.laffey@hpe.com>, Guy Fedorkow <gfedorkow@juniper.net>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Pull request for the charra YANG model
Thread-Index: AdY/QqQk1SROUlurQ+m5+hKLyk0H7w==
Date: Wed, 10 Jun 2020 16:17:52 +0000
Message-ID: <BL0PR11MB3122BBADA32A88AEFEB53E4FA1830@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none;sit.fraunhofer.de; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c4:1001::87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8e8c7aae-e003-4977-0ff7-08d80d59d3e1
x-ms-traffictypediagnostic: BL0PR11MB3457:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BL0PR11MB345772F8C03D09477D322E80A1830@BL0PR11MB3457.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0430FA5CB7
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rMPliPIrOEiCdkRPyZ2C3JhR0FHQc/AfQH0VHpmx7aWMTt6DMqSbHel1Gn0+/jNbLBLx9cQlNsGAWOfQWcFkStjp8blZ5ZD6wQQPSJQ2NDIQL2rooQ8shWV0asrnITX35y/gwOQwP1C98qoCqLemaj4A2Ji8OwIVryYp34kAhay781Gok6jBgGRNKWmdN+2nWh9oHTlfpBdDKbPnLEqbozgxTUvk0Ei37N6atYNPBfmcWwPEIvferqu7fQD27xfOPP7Pbt5yme9Zz7K82WTjjj6EvyQUACyPxY/yrT4tA9BXgjrL9Tc/+u7ldkF+tLsnjinsBcz/52EtP/YHTuH23XR4sskGV4ILHLHSZ4U0SPeTjKVE0QhVgcrWyOCvZlwYMhVCGIWtaGH6BSkEXMnOHw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(366004)(39860400002)(376002)(55016002)(110136005)(71200400001)(316002)(8936002)(8676002)(6506007)(7696005)(9686003)(478600001)(66946007)(66556008)(4326008)(52536014)(86362001)(64756008)(66446008)(99936003)(83380400001)(66476007)(66616009)(166002)(76116006)(33656002)(186003)(2906002)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: EQhZkisgQdrSnzp410Ggpc0BBN3zH8cvEFeak6xr9+sPxyoBp0ZsithrsSRQz6P1TVapfOfH1/HBfgJIdvN74WdzOSBJTbVzObMcgmgLY+VyEeJLho0AGfXF7ABdpgyrm8slJrsDqERfaHsW9rYDyetX4QQUHp+bAQGLRzNmao3Anx4CIYUsxsx026r1kREw0zrYannVGxEiIgc+1LXmidmlU1S7rqfVyDif+owy/xXoI0VrQpJLwXZAmQC1sK0UPiFrkyT0LdD/xqcxgu16T+sSHGwVyGccmJni6NVybR6xDy2OwJ30+S0CGzp0Tdas/D7IfOHkEaFWN/2G9rD1nSX01CouueZj0OkFa81bElwd4W2XhzMRXJ3S6C/mmlEOYsVB9O7JNPm7gLRH8AbbwnXPclE57VOippAt5LnuXjXdvkDIDZbSgtz7u6Nri92x8t2DW5ro6+lX+oBAIKZhVYsHIzWRu4MKYFqzGO97ClfmXT5LmO7poDYspx/k/OGdSGOtmm4ECEd66B9YB100XQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_03D8_01D63F21.1DAC9A90"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e8c7aae-e003-4977-0ff7-08d80d59d3e1
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2020 16:17:53.0149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0jtjOuatcurhOh1SYlbtcOZfpquuQOwgpdn5fXRB8wrv3/zAZRh0uHbBohweE0n4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3457
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/43lCr8r97PzBEl7MblboiVOiQ3s>
Subject: [Rats] Pull request for the charra YANG model
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 16:18:01 -0000

Henk,         Michael,

Shwetha,   Bill,

Frank,        Tom,

Guy,

 

As authors of the Charra YANG model, I wanted to let you know I have created
a pull request
<https://github.com/ietf-rats-wg/basic-yang-module/pull/8/files> .  I am
proposing some fixes due to a number of concerns
<https://github.com/ietf-rats-wg/basic-yang-module/issues/6>  I had about
the YANG model:

 

*	PCR numbers should be their own type, not a UINT8. PCRs should be
limited to [0..31]
*	We should use ENUMs instead of strings for TCG and IETF crypto
algorithm types. Strings allow lots of errors to be introduced which we can
protect using a larger, more detailed ENUM construct.
*	Most devices do not have multiple line cards. Because of that, we
should not have nested keys of [node id] [tpm name]. This adds unnecessary
complexity for the vast majority of users. Instead the tpm should have a
mandatory leafref back to node-id when compute-nodes is not null.
*	The YANG doctors will not let us have a TPM-Name of "ALL". Instead
of "ALL" we should be able to assume that an RPC means all hardware based
TPMs if a specific TPM is not named in the RPC. 
*	We should add leaf for a unique 'certificate-name' is used. This
allows for a cleaner certificate migration path, and most RPC users won't
need to track node-ids. 
*	We should have optional YANG features for TPM1.2 and TPM2.0 so that
RPCs are not exposed when there are no such TPMs of that type are supported.
*	We should create new reusable groupings rather than repeat
definitions. 

If your guys have suggestions and improvements for this pull request, that
would be great.   I also think the netequip boot pull request
<https://github.com/ietf-rats-wg/basic-yang-module/pull/5>  can also be
integrated.

 

Thanks,

Eric