Re: [yang-doctors] [Netconf] last call review of draft-ietf-netconf-keystore-02

"t.petch" <ietfc@btconnect.com> Fri, 04 August 2017 12:12 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B7C212700F; Fri, 4 Aug 2017 05:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FwWIOBLujD9; Fri, 4 Aug 2017 05:12:42 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0091.outbound.protection.outlook.com [104.47.1.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB08F13216B; Fri, 4 Aug 2017 05:12:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=q/JgCZRDoDNu5elTNd+aT4ZC6a8CCXcnM6AH8rojtiU=; b=UcKU3A8NdtNJbMd4UZVzRkF7WbDrwtRt0+gzlmIc34vVpEOBpNV0OTk3DCh38wQBxnaZR8/LGad1rNBTz78Sc9s+QiYrpu3aKyKEP80gU0ynO9azsoOWmdHKcxmFeZ7b/AVukFiWQxjpXOVsOWLODvb/1yqlYCz2p3QrTZLpsdQ=
Received: from pc6 (86.176.20.38) by HE1PR0701MB3002.eurprd07.prod.outlook.com (2603:10a6:3:4d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.10; Fri, 4 Aug 2017 12:12:39 +0000
Message-ID: <042d01d30d1a$56e2eee0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Kent Watsen <kwatsen@juniper.net>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Cc: draft-ietf-netconf-keystore.all@ietf.org, yang-doctors@ietf.org, netconf@ietf.org
References: <150028100874.32703.14161403810529927281@ietfa.amsl.com> <B1AC6895-5681-48F8-B7E7-418118120B4E@juniper.net> <20170720165942.GB21506@elstar.local> <F5E9973C-FCCD-4A96-B0D3-8C735CE911D3@juniper.net> <20170728073923.GA28870@elstar.local> <701F31A6-9941-4DE4-AE7E-00E859F103F8@juniper.net> <20170728154008.GA29865@elstar.local> <53886D3E-8A0C-4664-A7BD-1E708A80EE9D@juniper.net> <20170728170930.GA30054@elstar.local> <04f301d30aae$7482e900$4001a8c0@gateway.2wire.net> <7C4C9B41-7343-4FCD-AB0F-0131F64B45BF@juniper.net> <07d301d30b78$50b9a0c0$4001a8c0@gateway.2wire.net> <FE5D497F-2B78-4CFE-8517-6924C04FAD12@juniper.net>
Date: Fri, 04 Aug 2017 13:08:03 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.176.20.38]
X-ClientProxiedBy: HE1P18901CA0003.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:8b::13) To HE1PR0701MB3002.eurprd07.prod.outlook.com (2603:10a6:3:4d::8)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5bd9490a-262b-40ff-f673-08d4db3219f0
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:HE1PR0701MB3002;
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 3:YigvCJk0Gm3BqSvQ/zsSyuZFPEcgo2In3tDGkhcprna59ocqq4vR2UBGLhnObCA/aK9z8SBStwPiZRAP8doKatFqjkA8e7WKnrRHO7qkoy8maks78XPyjxdl0ClsEwmUmFvMCPXW/n9+2ACxi1IwyUnYKRckIplAHH0k8ba15ZvAdjYu+ZNPusAtNsXh/JA0YOAffFMCKaEZbHhAepMLLOPqz1sOazZ2EuZ3TEIAs2T2YcCNaGmb+WPCI0Xo6XAfWRW8w2CpVLrbXoh0ugRNuZNFSZK1OpKXarhQeX552QBpfdlrp7Oz2enjbiXXhDcBeqs540WtldI/BMqCnvZSq/cTW66QdbKST7/B7V+ZQafy7e8r0iAD/DgDJ2MLVVN6BM0tJyG8G+oPoKz0U6XiV6PFvTrFqo8dOkF+3IzdLnvVsHhPNDe1GySLGJoAjJUUTKkefhh8wWitVZ5Kw9AHWVZiwy5t9ohBR6QgGscP3vkcfL6YMw4RAvEtu1UvQ2k4lleakTLSsRPSB2SvJb5dt0t7zQw8Kq1JGl0veTadV7Zoe4GYdjHMYXJK84/TvMRtjwhv1rLj5nMr9m/ktYlT7EXuX0luGSOBnumxEzHjnXEJcreFPJ/N1eUI4OC0itg4oaThuljsaib36zP2ROTm84ur3MvHEIBYJVwxVzY4CaO9mtAe9WWxp8mqtCF3hKx69mNad8UTqrhTWhwNhleymnSe0P9b6AFhfwFP/HUrT5z1vSIyv2o+WWwnDmpenjZym7xe12tafTxG49BHY1lJ3Vp/NQHEWwH3sIXPgyK1JiA=
X-MS-TrafficTypeDiagnostic: HE1PR0701MB3002:
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB3002;25:sA/uUKrehomn53gus3zK3dcn5ztvA9BVn7Hj9CJqTZCCSwR6poF3Q2Jwd5S3yn6yO7OYYFBfmQaYAYCNEHxIAzitV8F4RNwfYGspu9L//7SaPsGyv/CYiID+aOcgsJ3GlbWCPwfYXQR/w9Ho6ibQOyT++MGCt+a8nUQR5FUN1rDXDU/LHXS+nk/snM4SLURM0O5/TBll/xvp/hyKDPeT+jTQC4eSbZ7DlR4jdaERKstBAcTEeHC0UQwTaPBbXv1M2RXirpr6wGyCYzQ1NBf9umBTUJP7UI4QAb8OBvXZCBtKpWkZ5/XHjeriPSP7n6RcTz+VQsvmXtJi42+gUui2lDEtWyNts5+OvA0WarneR6f4kvHSWXrV37mDGCaZREHRzXAnsbHjC+VNsxhgKPiSBekvYIH1aPKBWgWcZi7iul3U8g6acKTTS1eEgLe1kZ9fFMhBvMLNCinI7tUS8i6O1gmDrSZj95A+BBnsh2lC9q/3GfkxmeB7o3pCCg6ZO7CI6BWf9JCWoVE08gqeSBfCcj2PcCJmFUc56RfuoZA+4LWGO6w+bEFqIeHYXdxJHirhJ3C3EGG0bL4t0D6wNP1i9q+ISshySt3qqqjT6h6sQaoOKCYgz45IMLV0j2Pd/Fe9HHL6t0sXVDqSnwAdaobQuZomSFf953Ykjy9V1NerfgKwOYUKIdXYszDsGBvkmKmNnE38RCVrj4qpF7dGFVBpLQMYb4cpxJpqyET+KsvWsCmwkSDFk1R7sZuyw74w/ye5fO/AhJRd/zg8/M1XGfpqio2ECV+tGRVFAm84aXqAvxcOMeY2olP3AXSmgn9uUGndoidkN5uA+Pcy27Ijm2zoAv9xNx7gbhVLpkhsKZusbjmv9miU8BBaRrmtj1FV/wuoBkVR/qy34y0ZmDvSxJAsgS0rOj2jLbCa8zUnI7F0WeQ/MlG07QGeeKOYIcMRV1N9aBdYYUAqSSJjDzP9H0ugcA==
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 31:36Q5tX4WGk8eLybIhDshaM5N+3WhjlbfDESjx9V2aZn8mzQVoowa/xDCrqjQuh62xA5yhEaoT775sB3C9lVDEpr0TbWkM09ghi5qJmUyIO0DMzChWsNVWI6DocSozAj/2Biu/drJQN/QyFenfJUHOljnqDk8GXxsuLm+C8N4QAmYDoY3RXh6GBfbkns5s025VDB0sDxG+FpyTMjF6VmRA5j/ocXn7wsDH2DMgX7SLSGH4hs1s40nyJcjqNczzCInukkgJj8336up9aj1+i4tlOWRgRRKIRNRyW77y0WQ3vr4emb+GH4kWOqkkYifP+4sUvTelULOGsRDAW+ZD7Y9u2fXGZMEx3BFqmVVRFWWa4DYxYiMi+4JsMbZHL5PXrc85x7bEMCmiLHjlhUq9FN1yjSRInPDtE5xHDHO3qua8II1vHKgkI/LFOt8FyrkFRsvgxioIN3jHlvQ8r2R6SNe1B14gvX24Ovv+nzHl8E5Gp/Q+gTU8Kb5WYkt/KWuNTMNdytPt5nvUy+yMiSpI4h0zDEBfqZyBsiGfKl8ng/ZvJj3q6idsY/P1MFrKhxt7BqUbbcvRUc/Wld2WXU8lx4dBp+ak0pkV1okFIT36ldGu7halCln6Kada6ZnSriAIYCzqkrAQZOKzK3ooKKU92stA+T21unpyzZ2kSQATDhxvuY04Mtg5sD/oBaiOCMBvCpNQkFs8IhRkYg9cfR/VK1bIw==
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(138986009662008);
X-Microsoft-Antispam-PRVS: <HE1PR0701MB300229E7AB5A2BAE08F09E40A0B60@HE1PR0701MB3002.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123564025)(20161123558100)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:HE1PR0701MB3002; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HE1PR0701MB3002;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB3002;4:9StSUsqO1JdOmDre1sPX0bvSkZS2mWqg5O80v0PQ4l+5d6/LU6KXkItOB8Dz+pbtpi+rSQrQARjiKO1LVsUSQyVZInY9VKIpAz+JYKyQKElGmZ589cGbL5jTrviW7L5IMH6a1SopwbbVD7noddAxM6TMmAg5MQoIFUYP01Z9kPV4xtnQm4z/5FaJdeuDYX+RpxcggkPiaPiT1LnrXG+HKRoeJS91kpTP75SFLCrDFyDb06m9IkfhrojKAYXeQSJRsA5rxF7GaFsZU2UWxXm1OFq5SS/MkT4rdg3zMsQjWnUvxZCiVZOybsmxaLiXVHyP+9/jIHcdu7R70MlVmv34pU9Ub/0XGe67bkZtDcQxUgJ0FHUGi3p9zpfJS+vd3bJ0iVqpPnB53u1/aRciWoS3Y/cyn8pwOopFF+y/zcNyFvlfvnj/4wLlMaZQl2Bhfp0ODX1MuxpwFdjnylPsP+g7inug8cIaOw4jul3Nyg1vmOAeEQSvBcrK1BSxRYWPGbeGLhACFi4c3mQfXdt2Yr6vAJJmJNSKk0IrByeHQ36wKBxo4YiqPHG0Z1LMgyNyuAA3s2xmVL6N39w8vU3Lufpy4/SsqbXdpDsxP7861kFlIncGZh3N1VOxQKqQ8e3qAaoqBzOUlyb5CiJ2wKP0rYylPgsGoYoQHTIgt4jpJGKBRWiBv/dmnZOpjVz8J6rBX9jhGcxHcKXxW7V+5ou5+M/Mgl+n5ql/Afw63+JeEIYjaoUuGEoE5BTuRD7bRRhLeuvq0HrDz15TACVNqV1p5bKmhcQQWG0cqI0jqmDR5F2yN507qWypa9Vi/smaqKRqCuaK0LEhZMIyKvSFXhSgrgf36PtopnE0OYt5IuqmpBQbDmPjnP/SzWjOBeYPX2AYCTxSAV8Y+sbTywwXFBAWZN23bLVkPX3RVBJqR57T/OWL20hqL0DAlw/SGV73T47qtgkSNtsjl5rEWd9sef6x03RlEhIhOP0JODrzsTqMhzbKOTni5wN3jLGqXtM2+ReQvwu79N8eTK9ce3kA4U4rHBv2Jvwm6b2RrKum6VSy9JLh1GjHYPRBjW6m7tK5cl6e1Dxj1DUQlwOef7RJe2iKlgy2n2w+Q1eTb/WMqbcbudceRogbVP58AazY7jcLyTxqPzGzuW/qJEyBpZI7dRvu8OuTFFyAPRH1EfiGYl75SJfj2sG26LwbJ86jh6VC+R0qSuyh9XwWFixL0e2tHvUqII43qg==
X-Forefront-PRVS: 0389EDA07F
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(7370300001)(6009001)(39400400002)(39850400002)(39450400003)(39410400002)(39860400002)(39840400002)(189002)(13464003)(199003)(51444003)(76104003)(229853002)(9686003)(47776003)(23676002)(1941001)(97736004)(8676002)(7736002)(14496001)(230700001)(81156014)(44716002)(305945005)(62236002)(106356001)(50226002)(61296003)(81166006)(6246003)(4720700003)(68736007)(6486002)(6116002)(66066001)(50986999)(230783001)(81686999)(4326008)(478600001)(101416001)(33646002)(6666003)(81816999)(5820100001)(189998001)(1456003)(8666007)(76176999)(2906002)(6496005)(54906002)(116806002)(7350300001)(53936002)(25786009)(44736005)(1556002)(93886004)(84392002)(50466002)(38730400002)(3846002)(5660300001)(42186005)(105586002)(86362001)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0701MB3002; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB3002;23:Gd/ZC5pmweuhMVgYLHbd+umWsQEfpSxJmXX9LtgAHg1CO6mJFFTlSVIVIs8QlwtYoT9awG1bLkZBxvFm0cKQSBhH3sVqen//60jxsLrqJ3DQHZHSes1cIgBAMzM5LZFq5sFdhj5T5dnzNXX1G7iUeQ1RoHBPXwv5gojcQoj4BPH3Km9dB4TqNT4b61QpbvHki+zQ31PLlJtNjyDQ8H6VBH5nv6dxn05HaiDvsAzlpw0buCMhTFMIEb7ZqJqR4Vg2XOaW5RrGEV6JOdjtztcjResjVdhbTbzCc9ftkwkmO8M7z6YDCvhZbvfRHnuo+Z8afZxUkeGVfA4m35zMbN7zDnKZLzTvv6wmRZB7fC14suP4IpR5aJAmDCJoWRzuKzrWMqPA6OA8gH5FudVkoYFsiET4ARwSTr3GkSIZb29ERAyC4MY+QarYxSePATdAc1CqsUBqqx/FzaBUPneWd4iW62l52IcTeQbhVBW+YWWDAOzttdPELhAVS8ht3CWxmoBCjsu4uO5WehcKdeZ7S4zCZugEzMfn0k44EwyUUOc3nIEtXIsRMaKjzUaRf0Sl0PCmysK5RMDDFXreXftu0GzB13RT8zVgiAbWjhDBPUahIp7BaOh/FJWpKNlxWG9vvOIsGnak0cIakC1jC6B+/85tdtHN1G58rnSiQrJDNpR/qxUs0IgQI8psLB9ThS/ksENLJgCFrVvyDEMZFWErV0jhGt/siWHA8+zzLSSEJbGpnjkkHTkk9wRefZqffIpZMt5YFxGpc80QMaeZ+vJ90uh+/+WMlSeXCNr/us+5CiKMs8cxKV0we0VrLE0mpOliVMS8EiSeJeVRPhyDHSqleqn76zSnskAXKn3EZOUK9RRaC93/3wqyQ8YpXgECv3JgcPlnfAnxVcTPLrWKfyZ488sr21k8D3SljJ4GeAdLFsUo+Wl4nlbuHSCtS/9n4pdwwCLBsl7Vb5OH4bVxwGomp5St5XHPLM43QRof00YJBN/VhsNorZuswTXcdhXUpPsJ10+hMoQ/DL4/craEbn469ddAWgkyLwH9xhwsWzMXa3lhYRMxSHJvaSXSBXxxHjGUdu9zKdmHYZ4lUjE3NWB2G+eJrX06P5pJqyBVq4AyXTvZUgCxndP6FDSBKHgiJRqKHiHc97Wq7uc5tPhElpALROXfVnvs+Ip/y/aOYJXUp85H8cQvptH/BDWqDO66/+TQUeaLgPeOVSd2EyMIYwPEArG3PyNjmyu+zEea+/8443XDUD8j1VT58z+Ez597IsiLj1Ao0ACmpxSYVLc4hbj1cp1NqDxs5UG2Y3iiD6NDpez/XVgUd9JV9oPQKs3MLrwgzQ1ybW8ife2GUwzDLm3F08V+9Wf/1obRrYIBGf4B1B010Sg//hiSmnuD6aoQBpBVjojhL/tSFp7xH+ASx8JrNvrxm8XVqe78P61vhgYjQwF+26iOrnHk9C8CRNrR4Qm5cBWZaeXdpYqVq8fhexyU1MFPS/XVmNMmfzeeeixC793z6fq0QHFu/hzQj7WxrS7cI0c2UJoa7pl/OI97/lo5YXVTVuznTP21ggOlskpOdIQTDRRMMasbn0kL3g6dVsvrskR6/4rBl4r5Ylmcc4apIBcI3sVx5ApGq4sRh4K38dHqGr6HqfdMudSWkv9HUAyJ/ukIpOevICs3SlTkAZkoYaUo8HPjEmSh5Y+4U8KflqCgUVc=
X-Microsoft-Exchange-Diagnostics: 1;HE1PR0701MB3002;6:vj6VQu7ZuC4ie3iXhWaXab9lt73tT9QngnYd0CVaML7PnClaYabxjpSjSlVgkpmUB0zn0PSZTMrt1RsVtgnzMjg7mwpH9tOUQMf/3fZpzYl14vINdYzrFcD+4kQUA7QBfR+IEox8dHoFVgM0X40L/72Ixd6ojZK7QQ7kUyU1wV//a0WhIKBkJegL85h8jAqv2crJmpAGXbzY4eKob7ihIh9vv1twlSpyYhP8u+H8SatJM/1ptMtFO4/b69CZstl+goEzbKGXIuiQzoWQWCm0ddG4Eo6N1jMFJHF56O/9VALUG2urFvxtS6KLT2KAmbeP4EIMISSAuKZdurTVtjlC81e6mil1hwLLr88VSydsNxqIJQQla8foS//nkch2kdZ81DOZ/7TPTHc3+wcPuPWbSvFvuLZCQqD+bf2uwUfXahmAc8LwZck5zqVb/QRTglCX4lXCtYkRH0jz+35JqoFpDzKI5aGM5IRTudCA9QwNNXZkQllbqASToMvIU3uKnjFQdkno6RzEKQ2BBYS3iuyaRQd9T6J9c+FSNU8JxsmZtrCg6HaAGc5kNNRWfEXRwOQPK05ZJnClAbLcWxK6q1ec1I5I+CFNPyTKoaH8IbKwf/iHBswBboir8DCfG0XvvqktIU2c+LdYCABIIsaGmXsvWxyvXdJa9vryegVn2G57iv8drUuiri5bdZUfE2BBGrzvOo8rSacMrekFuacEKQRxMYQ79tjCH1GDXRHUwbIco5eV3USeyWaDLk/T0kIE6rfKo3Vq65rbh5szS5adTAj43CmyPHB58B7JYrAFVWqaat2tyAuMwq37cvqqtdHaseiDx++miFdzHV/oBwRNWjDIRkLBDU9tP/Ja4Tvw1WECyHfBGPxKnbNNKI7Wv1rvqZtyTCi+6JBANZDRBLywyrMBgn+9P6xpl1vG+7xT7Bs5F+dFl9Qoe6D3TBUngFT9Zi1J5hQTmS9g8qmT4sn4RebyBFQ8cYZ30TG07HcSSRERm0M=
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 5:S/0edI6LHHfvRy2LwB1oJrz00GWhzqIUmMwC4ExcxFg60g7SFNjv/P3HVIpkFp4fzwTcSUJ0Veqi4RgS1vkwRig+/bEUAMvVRanbCqUv2PX1rmsG+EMrlCMkFr6Yq8DOpVlHtiqPgjktmzjO6aSB5IbTzeC/KmNG1Tc3z58aFiZdpU0HXkq3Ys8KZC/JELlkvMKmn0f04uE3Ra41WncBiB5k7o+s0Yx9dU+j/5ovR8kRorHS2V6L/3g1Escagphhy65cXiPkI6FR+vOQp3AI9xNT5geXkAVky8Rpj7xepZeb8OfCdVjgBjrtojt/3U3h8TUV924+XTuLFNEZvnUXOpgp9Yr2ZjVCnZ+djl91I+33khZeUFsK3VV0nNofTU77reUNTYs+UeOqjI3oV21yW9LbpLXzMWM7Oyx9QZBQvP2b3GVzRT1lFPaKrLFNvw8QIZHlxiwSyyRFXUu3aWESQHbc+eVkdE6ZYEUE6BAeEdYYZ8PrupyGE04ZDBKZVqTa; 24:9CFIpJlCdNGLBwViv/uH6ovPm6QwaisMFujmg5rxtND78kuaZnYUTnmZb3yalqglFW/kTcr/6tZT/qHsje3z+qzQ8o1EgPL37/iKBErF8yc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HE1PR0701MB3002; 7:EbTWVmCgVry2bVM08cpeMrWSaQBODsjA0dClrHXGPi5hh3fP/KbrJ49zQTllxLXQCIw2Wj1X6aUjHESEg7cSPFqtZhbYz7nMrBSpHRts1ZLrkp5woUMFLOakUW5krQSLw2IV+uT47Urb0n+uo32kIpmjt45sCSdSaiponPWaNvFsfjwvZ1H29+YCfUVqHM+AOBce4mpLNqmE4yhpfiqXSzSJ9v+06KPpLkKqI2Ep8NvlXrGDb8i8h0MR8TGmmr4mGfg0IybBgEjQ1T2Ab6X6DlkKlOrNqA9bMcQpSA8s4+ClKujMHfmJcMoyaVRM7Uhz6xT99O6bf9oOhTmRIeyUtetlGa9AexCV1JYU+owCO+vyl3q7MpuI29oWBO7Ofg2QmjVd1FeWK+D5ubn/n5U0MApjWXfpI8eTGtxm3XE5b0zRVjhbxVx5le4YqD0jbmbuHS9pIgaIPKFcecgu3sXFiNdz2c84O5OxwN7S5cQ2FRil9oc0aPsNkeOZaQdOfHKs6H/lsTCP3Xrvsr7TN1xztqZRy+bTiXeygPS3ivJ5Ml6JT/aQofUxe/yORvUEAopi80ndFM5sJtfQt/TDHXGgbFXrMnlOt0h36oLIVPedfX+bbxYCCDY7zXbaGy1tAj6LFv9KRmgX0sLtWGDdkeGdnU8h4e9GdFCOKmyimK32IpIDVkjAaCzVhO7ueK2iMCO/BGWfY+Ng7hlac61cX3aHXdqZuVVuP4X3jAjsCLuapIGpK9x5Ci9TT4s6cI2oz646RseSGerYUTjLPnQMJk1sbg58x1ugyTlydI2wf7tkgss=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Aug 2017 12:12:39.0683 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3002
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/AX7_qLArgfrtt8XGsCNqh93-e0k>
Subject: Re: [yang-doctors] [Netconf] last call review of draft-ietf-netconf-keystore-02
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 12:12:44 -0000

----- Original Message -----
From: "Kent Watsen" <kwatsen@juniper.net>
Subject: Re: [Netconf] last call review of
draft-ietf-netconf-keystore-02


> Hi Tom,
>
> > Mostly yes.
> >
> > I think the one further change that I would like is to move away
from
> >   o  An unordered list of pinned SSH host key sets...
> >
> > I think that the scope should be a public key, not limited to SSH
and
> > not restricted to what is referred to as  a host key.  Typically
this
> > would be in a client enabling it to trust a server to establish a
secure
> > channel which may then be used for further authentication.  I see
this
> > as far more common than SSH.
>
> Agreed.
>
> > And since the scope is asymmetric cryptography, I would state the
> >obvious in the Abstract
> >
> > This document defines a YANG module for a system-level mechanism,
> > called a "keystore", containing security-sensitive data including
> > private keys, pinned certificates, and public keys, such as pinned
SSH
> > host-keys, for use in asymmetric cryptography.
>
> You're touching a point similar to what that Juergen raised.  I think
> the solution here is to refactor the ietf-keystore module into a base
> module, which doesn't mention anything protocol-specific, and
augmenting
> modules that are protocol specific.  If this were done, then the
> abstract might read:
>
>    This document defines a YANG module for a system-level mechanism,
>    called a "keystore", containing security-sensitive data, such as
>    asymmetric private keys.  This document defines additional modules
>    that augment the base keystore module adding support for X.509
>    and SSH.
>
> What do you think?

Kent

I doubt that it will clarify.

My model is that are different ways of arriving at a public key but that
once you have, then the cryptography is the same, with a choice of
algorithms.

If you are a SSH client, then likely you have a stash of public host
keys associated with one or more SSH servers, and, apart from
algorithms, no more.

If you are a TLS client, then likely you are using X.509 and will have a
pre-configured trust anchor, in the shape of a public key or a
certificate (which may or may not be root).

If you are a SSH server, then likely you will have stash of
private/public key pairs, perhaps with constraints on their usage, and
the ability to generate further private/public key pairs.

If you are a TLS server, then you will have one or more X.509
certificates with your public keys, a chain of X.509 certificates back
to an anchor that the client will trust, the corresponding private keys
and perhaps the ability to generate a X.509 certificate with a
public/private key pair; this may or may not chain back to a trusted
root.

There are other TLS options but I think that their usage is limited, but
in the context of network management, one or more could be significant
although I don't have a specific example in mind ( I like PAKE but do
not see it in use).

So the only part in common is what you do once you have the public key,
which is not much.

Tom Petch.

> Kent
>
>
>
>
>