IETF Logo Mail Archive

Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02

Kent Watsen <kwatsen@juniper.net> Thu, 27 July 2017 22:37 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: yang-doctors@ietfa.amsl.com
Delivered-To: yang-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66DBF12700F; Thu, 27 Jul 2017 15:37:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8t-MZgcj6sfa; Thu, 27 Jul 2017 15:37:53 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0102.outbound.protection.outlook.com [104.47.36.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 457E012EAF7; Thu, 27 Jul 2017 15:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kpgH84R2iu9yMGPx7AkqMPzFnVubgspvWPRjTGH0yOY=; b=WuCoslmNtIO7iCROF9poW6SiWgW3I8V2DPg4Lthl8JHUff8dTq2OexXy+8LxaIbW3nPXNU/ktgb9530/0LtITaFZ5T7NPJqFrw7HYbUVC0LMgg5BAlHGvi39UK6x84NZuoybh+O40Jy3wXC6KDcgrw3qmrFGE7ZCpkphh05wmhM=
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com (10.160.117.151) by BN3PR0501MB1585.namprd05.prod.outlook.com (10.161.217.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.10; Thu, 27 Jul 2017 22:37:51 +0000
Received: from BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) by BN3PR0501MB1442.namprd05.prod.outlook.com ([10.160.117.151]) with mapi id 15.01.1304.016; Thu, 27 Jul 2017 22:37:50 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "yang-doctors@ietf.org" <yang-doctors@ietf.org>, "draft-ietf-netconf-keystore.all@ietf.org" <draft-ietf-netconf-keystore.all@ietf.org>, "netconf@ietf.org" <netconf@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Thread-Topic: Yangdoctors last call review of draft-ietf-netconf-keystore-02
Thread-Index: AQHS/tjFB6LSB6mMA0ixt1H16U9uU6Jbyb8AgAEruACAAAVBAIALFnwA
Date: Thu, 27 Jul 2017 22:37:50 +0000
Message-ID: <7F1757E2-F21A-44A4-B6F4-57F69CE44642@juniper.net>
References: <150028100874.32703.14161403810529927281@ietfa.amsl.com> <B1AC6895-5681-48F8-B7E7-418118120B4E@juniper.net> <20170720165942.GB21506@elstar.local> <20170720171829.GA21659@elstar.local>
In-Reply-To: <20170720171829.GA21659@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kwatsen@juniper.net;
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1585; 7:MaTp460Ts2E2l2cabpmXR5CID/InXn1U16hH0JpVstvRfdtQhfX7tQ3nQE4JtMEMrRo4lpTV0D2jTD0wJrMrZXirGKRM8z/SDqIMt6JNtiE6z6+ZJ4QFpOpuFajSGg4i8v8U6oVoShd5tkvbANDRY8rOpughSlmdAsZF9nUi4GGSJSEbY9jAp4oFDGlTquO2os6YrjIWTnz/YUrqSiaN2axdK09tqy0h8ur3nfAgkvnvJHafOumvy7NJXwh9pbjCMFwGDAW/XCY8Hq4QAR4sPuz7M7893+3gRFvG40KbeokdQT1pYgWMNsGhCmpXEn1wSqY9od1c12fi6/o1orhGdCvwEUSnWD0afwTO2+cmzQSGklLwq9uj9qbHPxSLa+et93lpgS+Iu5NfM/AURDGPPSKjRMMdGBzqZsEnuRUB6yQ0/RnMbm6NMDHm4vE4XfOhpeNmdqzy0uJMAgTnn4cUaF32pS2crSUYnDVsGP9ioJRNjEJBv8TzWp1hMtKYDVlRZiNATjoJvFo3NO6s5D3J1Y3ELvf/rFM3uKGrpVJm5P1QKoqReN7dTnRL77NG/TeAm+EbIqozaNmDP/Ick7lSsKpqn8qECNGoyvqLcoxUofZlkrViUB9gAxqfjjV9t0ZaFQE3eR1mtZxe/q4rj2q3DP7OFkoN1h8StmFrYHZvZdLyFK1+tVz6Ex0GR94sFEACaPXMup0w3VHf7fIsVBG8qSKyrsaUGCC5k9ZoG/4M6gJdPcHmK2+huFszJWQDXBFYwZ+TgxBsKbZ1PtDCjgZt5DvqiLPF77ZjOjP/O1FbB9I=
x-ms-office365-filtering-correlation-id: 2f7a71f9-cfeb-45ff-f32d-08d4d5401d28
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254116)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BN3PR0501MB1585;
x-ms-traffictypediagnostic: BN3PR0501MB1585:
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-microsoft-antispam-prvs: <BN3PR0501MB1585C0E630683C3A0830D431A5BE0@BN3PR0501MB1585.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1585; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1585;
x-forefront-prvs: 03818C953D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39410400002)(39400400002)(39450400003)(39840400002)(39860400002)(189002)(199003)(51444003)(2201001)(189998001)(2906002)(7736002)(5660300001)(8676002)(36756003)(8936002)(81166006)(81156014)(97736004)(4001350100001)(2900100001)(14454004)(229853002)(6246003)(54356999)(53936002)(76176999)(305945005)(38730400002)(6486002)(99286003)(6512007)(50986999)(77096006)(6506006)(25786009)(86362001)(33656002)(3280700002)(3660700001)(83716003)(478600001)(6436002)(68736007)(102836003)(2501003)(82746002)(6116002)(230783001)(83506001)(93886004)(3846002)(2950100002)(106356001)(101416001)(105586002)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1585; H:BN3PR0501MB1442.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D6AD81B479A3DA44B600270863085655@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2017 22:37:50.8522 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1585
Archived-At: <https://mailarchive.ietf.org/arch/msg/yang-doctors/gLWubKIT8u7odhDT4r55-zFbF3k>
Subject: Re: [yang-doctors] Yangdoctors last call review of draft-ietf-netconf-keystore-02
X-BeenThere: yang-doctors@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Email list of the yang-doctors directorate <yang-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yang-doctors/>
List-Post: <mailto:yang-doctors@ietf.org>
List-Help: <mailto:yang-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yang-doctors>, <mailto:yang-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2017 22:37:55 -0000

Hi Juergen,

> I looked a bit more and you define
>
>  identity key-algorithm {
>    description
>      "Base identity from which all key-algorithms are derived.";
>  }
>
> plus a bunch of concrete algorithms. draft-ietf-rtgwg-yang-key-chain-24
> defines
>
>    identity crypto-algorithm {
>       description
>         "Base identity of cryptographic algorithm options.";
>     }
>
> and then a bunch of concrete algorithms (hashes and symmetric ones).
> They also do not expect IANA to maintain things. I would love if
> security area people would help us with getting this right, well
> perhaps they jump in during secdir review.


FWIW, the two sets of algorithm identities are disjoint.  The ones in
the keystore draft are all public-key algorithms.  As for the key-chain
draft, all but one of the identities are hmac algorithms, with the last
one being for a key derivation function.

It would be best to address this in the WG, for visibility.  I think
that it's possible to request an early secdir review, or maybe we can 
ask about just this concern.  This is a chair-action. 

Kent

v2.23.0 | Report a Bug | By Email