Re: [Rats] Pull request for the charra YANG model
"Eric Voit (evoit)" <evoit@cisco.com> Mon, 22 June 2020 14:58 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0B543A0D94 for <rats@ietfa.amsl.com>; Mon, 22 Jun 2020 07:58:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lm+3jsud; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=f3O4karu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6UySgwj1ohX for <rats@ietfa.amsl.com>; Mon, 22 Jun 2020 07:58:35 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9B623A0D93 for <rats@ietf.org>; Mon, 22 Jun 2020 07:58:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=26368; q=dns/txt; s=iport; t=1592837914; x=1594047514; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=3UrFVX2+5RfWGjTc0rkV/ci0pgn7j5qNWOFgvh7QcqE=; b=lm+3jsud1pUlhlXyn6iSHt+pNqv4LQ75WDPT8XaBXmxM+afMkX4SIydx Cl+7ca7lt6A2hwcl73X7Jqu1J/2BD5yCDtFHxl+3efTl5b5II1u/QXN0r 0P6/CktlGSrSoav3smaGQeHOAUbhW4fKmjoX7ybrDNmtgMziDpbqrYpVx o=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:AW+iChK6cw3Ed+HfD9mcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeGvKk/h17SVoKd4PVB2KLasKHlDGoH55vJ8HUPa4dFWBJNj8IK1xchD8iIBQyeTrbqYiU2Ed4EWApj+He2YkNUA835IVbVpy764TsbAB6qMw1zK6z8EZLTiMLi0ee09tXTbgxEiSD7b6l1KUC9rB7asY8dho4xJw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CwAABdxvBe/5tdJa1mGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFKgSMvUQdvKy0vLAqHYAONQ4dWkH6CUgNVBAcBAQEJAwEBIwoCBAEBhEcCgisCJDgTAgMBAQsBAQUBAQECAQYEbYVbDIVyAQEBAQMSGxMBATcBDwIBCBEEAQEhBwcCMBQJCAEBBAENBQgGFIMFgX5NAx8PAQ6rJgKBOYhhdIE0gwEBAQWBR0CDNxiCBwcDBoE4gVOBFIg5gUMagUE/gRFDgh8uPmsZAXRjAoE2KxUWCYMRgi2ZCYERmj0KglqEKIJUgUaRB4JxjkCNSpErihWUMwIEAgQFAg4BAQWBaiKBVnAVgyRQFwINjh6DcYodATh0AjUCBggBAQMJfI0igTUBgRABAQ
X-IronPort-AV: E=Sophos;i="5.75,267,1589241600"; d="p7s'?scan'208,217";a="511746801"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jun 2020 14:58:33 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 05MEwXYV010188 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jun 2020 14:58:33 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 09:58:33 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 09:58:33 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 22 Jun 2020 10:58:32 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NVFkB1YUPwYDjrtl+Hr53nSD+Irap0Nu+wR3UFWuh4eZX2YUhLJxXB3jp2iHxlq7rSdyrJ+iPj90n8qpqawCU0neVdK+/As+fDSMUrgPOg7noNksMJHrzM1aYdfdEH85N1pBYgat/Dl2pX2zT+SUypu0wyxOSf17ZZFlhC7wmMcaGQm20Q54yi4pATxkqTXJbjgC7EdYKb+cEfHdYo/QvT+LdLudBU94mnBlFrX/gGmhKwbEXyNKW1CM6m+57lP52aHq8knk7G0ltVPAkAE+objulRC4uPqyIgsBYcOwq8kGqgeNRUZWNsMP0ZHjRITnB8SnJSttm5CCsso7TFPK8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H1wCzxjqhwx7aUz/mX7hVGeklGkVfmoJrGPl6uhX6g8=; b=U4dmxk4eO1GvnzpKw40qHPaImiBH9vsCaMLh1I/SOYzFly2J8eJ3C+Z0q+B0Y9BcPacSMf666X6VI5bMb98tR0dNzAdsEcw7WKwIhdWlOFk9YTBvNv2MgXaSad+TGhSVyDgKE97vvI4zNoTPUal8qdGym4oJ4vti8R/7lUsKkGP97tJXzwDNvqIjqkgtQKsF8DscjODCeuMnOXAEYLMAmIPw8uLIuspXQxaiyhVVOmj+nOqbnrUa5VFWH1I9WrAH9nkT3oDweIUVnu6tA11qU+FpzNPJzyku9gjRPwppL5nqb1vHuDcDzqh5R6eOYJkqIQr9J3Jc7W3zHfgSNaPFyg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H1wCzxjqhwx7aUz/mX7hVGeklGkVfmoJrGPl6uhX6g8=; b=f3O4karuIPQlQfvHQnqzw/TLWTJ6Gby7FK1fXQFehvP1jfpGrIXOUObPc9esGGWAqHqX5832ln2xYwrJj+EBYTlgP5LkoMoPGXnBuQODHYOqoC5QgF/PjWu1VV47bgxeFpYRVku/39Q2pzBCEQ/tmQ2PtY+ruWqntD/PGvlk/vU=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL0PR11MB3314.namprd11.prod.outlook.com (2603:10b6:208:6d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.23; Mon, 22 Jun 2020 14:58:31 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::20ac:d8b4:4a4f:4290]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::20ac:d8b4:4a4f:4290%7]) with mapi id 15.20.3109.027; Mon, 22 Jun 2020 14:58:31 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "Bill Sulzen (bsulzen)" <bsulzen@cisco.com>, "henk.birkholz@sit.fraunhofer.de" <henk.birkholz@sit.fraunhofer.de>, "michael.eckel@sit.fraunhofer.de" <michael.eckel@sit.fraunhofer.de>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, "frank.xialiang@huawei.com" <frank.xialiang@huawei.com>, "tom.laffey@hpe.com" <tom.laffey@hpe.com>, Guy Fedorkow <gfedorkow@juniper.net>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Pull request for the charra YANG model
Thread-Index: AdY/QqQk1SROUlurQ+m5+hKLyk0H7wJXtqdAAACZD4A=
Date: Mon, 22 Jun 2020 14:58:31 +0000
Message-ID: <BL0PR11MB31224C3C807A9F098D3AC2CBA1970@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BL0PR11MB3122BBADA32A88AEFEB53E4FA1830@BL0PR11MB3122.namprd11.prod.outlook.com> <MN2PR11MB39016CB3B22D48F9F5796CCEB9970@MN2PR11MB3901.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB39016CB3B22D48F9F5796CCEB9970@MN2PR11MB3901.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.85]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 72e19ad1-7660-41f9-2eb6-08d816bcbad9
x-ms-traffictypediagnostic: BL0PR11MB3314:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BL0PR11MB33145503CF09C6E947399F7EA1970@BL0PR11MB3314.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0442E569BC
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UO2F3nwRSZKj2A1HN3upxwNkzWFpe9QC6J6UwF7GDGUNQ9k1hnnIrPW4QaE+U5ga/ybdosYDXWxDf2UDsJprGYbwrr9JTrpL7A1r9o3kNi7gXyT7uTiD4eGa9OF9lNxjg4jVrRup6NgrKfMiD5470vXzkIojSoElan/9dUXlIkimmd5zdWXJLSnxc9YldvmSpOaocbyP+z0i8dL5thGAW84F+POgk0FmkYLEE2WkLEvIAWKgqbD8/IvW90WAqRFgms/Pz+fZ8DPHym8PXaPL0AE2GeopRbh/eiLoRQd0qWVJWauRWFxwEzrzN08m8NQCXe++wMs0/7F4yGLGBZV6UH1ivWJTeCFdIyVtOWqbBfpi1mYvQy5bzM7SoL2E8hcjnCwoXt2KVkT4wlYeEsl01w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(396003)(366004)(346002)(39860400002)(33656002)(26005)(83380400001)(86362001)(53546011)(7696005)(71200400001)(8936002)(186003)(6506007)(5660300002)(66616009)(66476007)(66946007)(110136005)(166002)(9686003)(9326002)(66556008)(76116006)(52536014)(99936003)(478600001)(64756008)(316002)(66446008)(4326008)(2906002)(55016002)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: QdnS3DGzsdmsMoIUThHEwiejH7Mc2rTwr6tPwhswgxtB3PKlm17G/0desQVkKFJSfr6OKo7+W2fGHMB4llI/qtkiJMvZtIJKz3ksD0X8ESqR3qTE0kdKzgc3J6vKG7NZLQ4bwNV5h9XMKCn8pxUdERkL1hKuCrf+vE/gFvIqGaCmnveNhSfiABEl5uFsnFec58mf9oOFAKn25eFdym5BaUyoFgqsPoQp/YeCgHorzg0xavJS+fNSFsSvVHJkWWFS9pQBa1IaHsdfuWDgLAGmfvrCLKmQbqh7QCL2QB6OlLryICpu+/1kqNrlgg22u3HB7TCfnstMzO2UHyAE9CkT0o9kpiLestJLdTKjwRrV+4WMjnZFAHv6X5eREtoGIxCOcaq+bsGZdzp5PR2lLCTCJmvuQmjBW8ZoQgVZKXTJEX90z84NQKFd3T4lNiaMrfxFO04GNYCWV49TB9RUVi1yTYAoRc7m6x9LLBKPHQqsoKHjVKQFdCNiwliZgR6GOg34
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0063_01D64884.0C6C85D0"; micalg="SHA1"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 72e19ad1-7660-41f9-2eb6-08d816bcbad9
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2020 14:58:31.5654 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xhmBSNU/letSBQ8oP7w5lSX5re+ch6RrgKSoN8mRaqr9pPtVrxxjUxbD5Z4mzLMU
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3314
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dJA5uhjlauCQtVwmLRresjRX37c>
Subject: Re: [Rats] Pull request for the charra YANG model
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 14:58:37 -0000
Hi Bill, From: Bill Sulzen (bsulzen), June 22, 2020 10:33 AM Subject: RE: Pull request for the charra YANG model Eric, Regarding your issue: * Most devices do not have multiple line cards. Because of that, we should not have nested keys of [node id] [tpm name]. This adds unnecessary complexity for the vast majority of users. Instead the tpm should have a mandatory leafref back to node-id when compute-nodes is not null. as I read the updated attestation tree, there still is support for multiple TPMs in a given management plane (i.e. there's still support for multiple linecards - AKA "composite systems.") <eric> Yes your interpretation is correct. When there are multiple line-cards, the YANG model requires a leaf-ref to that card. But if a given linecard/node within a management plane entity, then they would have to be differentiated by tpm-name rather than by node-id. Is that correct? <eric> The 'tpm-name' object needs to be unique across a composite device, it could be a random string (in fact this is a common practice for YANG models). Initially I thought about populating that name with the 'tpm-path'. However that 'tpm-path' might change across reboots. Both the 'tpm-path' and 'tpm-name' are unique within a single boot cycle, and can be used as part of a lookup within the data nodes of 'rats-support-structures'. Eric Thanks, Bill From: Eric Voit (evoit) Sent: Wednesday, June 10, 2020 12:18 PM To: henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de> ; michael.eckel@sit.fraunhofer.de <mailto:michael.eckel@sit.fraunhofer.de> ; Shwetha Bhandari (shwethab) <shwethab@cisco.com <mailto:shwethab@cisco.com> >; Bill Sulzen (bsulzen) <bsulzen@cisco.com <mailto:bsulzen@cisco.com> >; frank.xialiang@huawei.com <mailto:frank.xialiang@huawei.com> ; tom.laffey@hpe.com <mailto:tom.laffey@hpe.com> ; Guy Fedorkow <gfedorkow@juniper.net <mailto:gfedorkow@juniper.net> > Cc: rats@ietf.org <mailto:rats@ietf.org> Subject: Pull request for the charra YANG model Henk, Michael, Shwetha, Bill, Frank, Tom, Guy, As authors of the Charra YANG model, I wanted to let you know I have created a pull request <https://github.com/ietf-rats-wg/basic-yang-module/pull/8/files> . I am proposing some fixes due to a number of concerns <https://github.com/ietf-rats-wg/basic-yang-module/issues/6> I had about the YANG model: * PCR numbers should be their own type, not a UINT8. PCRs should be limited to [0..31] * We should use ENUMs instead of strings for TCG and IETF crypto algorithm types. Strings allow lots of errors to be introduced which we can protect using a larger, more detailed ENUM construct. * Most devices do not have multiple line cards. Because of that, we should not have nested keys of [node id] [tpm name]. This adds unnecessary complexity for the vast majority of users. Instead the tpm should have a mandatory leafref back to node-id when compute-nodes is not null. * The YANG doctors will not let us have a TPM-Name of "ALL". Instead of "ALL" we should be able to assume that an RPC means all hardware based TPMs if a specific TPM is not named in the RPC. * We should add leaf for a unique 'certificate-name' is used. This allows for a cleaner certificate migration path, and most RPC users won't need to track node-ids. * We should have optional YANG features for TPM1.2 and TPM2.0 so that RPCs are not exposed when there are no such TPMs of that type are supported. * We should create new reusable groupings rather than repeat definitions. If your guys have suggestions and improvements for this pull request, that would be great. I also think the netequip boot pull request <https://github.com/ietf-rats-wg/basic-yang-module/pull/5> can also be integrated. Thanks, Eric
- [Rats] Pull request for the charra YANG model Eric Voit (evoit)
- Re: [Rats] Pull request for the charra YANG model Eric Voit (evoit)
- Re: [Rats] Pull request for the charra YANG model Bill Sulzen (bsulzen)
- Re: [Rats] Pull request for the charra YANG model Eric Voit (evoit)